Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / net / android / http_auth_negotiate_android.h
blob56990cee900301ae179068fe0e85a6c57832aa07
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_
6 #define NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_
8 #include <jni.h>
9 #include <string>
11 #include "base/android/jni_android.h"
12 #include "base/callback.h"
13 #include "base/macros.h"
14 #include "base/memory/ref_counted.h"
15 #include "base/memory/scoped_ptr.h"
16 #include "net/base/completion_callback.h"
17 #include "net/http/http_auth.h"
19 namespace net {
21 class HttpAuthChallengeTokenizer;
23 namespace android {
25 // This class provides a threadsafe wrapper for SetResult, which is called from
26 // Java. A new instance of this class is needed for each call, and the instance
27 // destroys itself when the callback is received. It is written to allow
28 // setResult to be called on any thread, but in practice they will be called
29 // on the application's main thread.
31 // We cannot use a Callback object here, because there is no way of invoking the
32 // Run method from Java.
33 class NET_EXPORT_PRIVATE JavaNegotiateResultWrapper {
34 public:
35 scoped_refptr<base::TaskRunner> callback_task_runner_;
36 base::Callback<void(int, const std::string&)> thread_safe_callback_;
38 JavaNegotiateResultWrapper(
39 const scoped_refptr<base::TaskRunner>& callback_task_runner,
40 const base::Callback<void(int, const std::string&)>&
41 thread_safe_callback);
43 void SetResult(JNIEnv* env, jobject obj, int result, jstring token);
45 private:
46 // Class is only allowed to delete itself, nobody else is allowed to delete.
47 ~JavaNegotiateResultWrapper();
50 // Class providing Negotiate (SPNEGO/Kerberos) authentication support on
51 // Android. The actual authentication is done through an Android authenticator
52 // provided by third parties who want Kerberos support. This class simply
53 // provides a bridge to the Java code, and hence to the service. See
54 // https://drive.google.com/open?id=1G7WAaYEKMzj16PTHT_cIYuKXJG6bBcrQ7QQBQ6ihOcQ&authuser=1
55 // for the full details.
56 class NET_EXPORT_PRIVATE HttpAuthNegotiateAndroid {
57 public:
58 // Creates an object for one negotiation session. |account_type| is the
59 // Android account type, used by Android to find the correct authenticator.
60 explicit HttpAuthNegotiateAndroid(const std::string& account_type);
61 ~HttpAuthNegotiateAndroid();
63 // Register the JNI for this class.
64 static bool Register(JNIEnv* env);
66 // Does nothing, but needed for compatibility with the Negotiate
67 // authenticators for other O.S.. Always returns true.
68 bool Init();
70 // True if authentication needs the identity of the user from Chrome.
71 bool NeedsIdentity() const;
73 // True authentication can use explicit credentials included in the URL.
74 bool AllowsExplicitCredentials() const;
76 // Parse a received Negotiate challenge.
77 HttpAuth::AuthorizationResult ParseChallenge(
78 net::HttpAuthChallengeTokenizer* tok);
80 // Generates an authentication token.
82 // The return value is an error code. The authentication token will be
83 // returned in |*auth_token|. If the result code is not |OK|, the value of
84 // |*auth_token| is unspecified.
86 // If the operation cannot be completed synchronously, |ERR_IO_PENDING| will
87 // be returned and the real result code will be passed to the completion
88 // callback. Otherwise the result code is returned immediately from this
89 // call.
91 // If the AndroidAuthNegotiate object is deleted before completion then the
92 // callback will not be called.
94 // If no immediate result is returned then |auth_token| must remain valid
95 // until the callback has been called.
97 // |spn| is the Service Principal Name of the server that the token is
98 // being generated for.
100 // If this is the first round of a multiple round scheme, credentials are
101 // obtained using |*credentials|. If |credentials| is NULL, the default
102 // credentials are used instead.
103 int GenerateAuthToken(const AuthCredentials* credentials,
104 const std::string& spn,
105 std::string* auth_token,
106 const net::CompletionCallback& callback);
108 // Delegation is allowed on the Kerberos ticket. This allows certain servers
109 // to act as the user, such as an IIS server retrieving data from a
110 // Kerberized MSSQL server.
111 void Delegate();
113 private:
114 void SetResultInternal(int result, const std::string& token);
116 std::string account_type_;
117 bool can_delegate_;
118 bool first_challenge_;
119 std::string server_auth_token_;
120 std::string* auth_token_;
121 base::android::ScopedJavaGlobalRef<jobject> java_authenticator_;
122 net::CompletionCallback completion_callback_;
124 base::WeakPtrFactory<HttpAuthNegotiateAndroid> weak_factory_;
126 DISALLOW_COPY_AND_ASSIGN(HttpAuthNegotiateAndroid);
129 } // namespace android
130 } // namespace net
132 #endif // NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_