xref: /aosp_15_r20/external/cronet/net/android/http_auth_negotiate_android.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_
6 #define NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_
7 
8 #include <jni.h>
9 
10 #include <memory>
11 #include <string>
12 
13 #include "base/android/jni_android.h"
14 #include "base/functional/callback.h"
15 #include "base/memory/raw_ptr.h"
16 #include "base/memory/scoped_refptr.h"
17 #include "net/base/completion_once_callback.h"
18 #include "net/base/net_export.h"
19 #include "net/http/http_auth.h"
20 #include "net/http/http_auth_mechanism.h"
21 
22 namespace base {
23 class TaskRunner;
24 }
25 
26 namespace net {
27 
28 class HttpAuthChallengeTokenizer;
29 class HttpAuthPreferences;
30 
31 namespace android {
32 
33 // This class provides a threadsafe wrapper for SetResult, which is called from
34 // Java. A new instance of this class is needed for each call, and the instance
35 // destroys itself when the callback is received. It is written to allow
36 // setResult to be called on any thread, but in practice they will be called
37 // on the application's main thread.
38 //
39 // We cannot use a Callback object here, because there is no way of invoking the
40 // Run method from Java.
41 class NET_EXPORT_PRIVATE JavaNegotiateResultWrapper {
42  public:
43   scoped_refptr<base::TaskRunner> callback_task_runner_;
44   base::OnceCallback<void(int, const std::string&)> thread_safe_callback_;
45 
46   JavaNegotiateResultWrapper(
47       const scoped_refptr<base::TaskRunner>& callback_task_runner,
48       base::OnceCallback<void(int, const std::string&)> thread_safe_callback);
49 
50   void SetResult(JNIEnv* env,
51                  const base::android::JavaParamRef<jobject>& obj,
52                  int result,
53                  const base::android::JavaParamRef<jstring>& token);
54 
55  private:
56   // Class is only allowed to delete itself, nobody else is allowed to delete.
57   ~JavaNegotiateResultWrapper();
58 };
59 
60 // Class providing Negotiate (SPNEGO/Kerberos) authentication support on
61 // Android. The actual authentication is done through an Android authenticator
62 // provided by third parties who want Kerberos support. This class simply
63 // provides a bridge to the Java code, and hence to the service. See
64 // https://drive.google.com/open?id=1G7WAaYEKMzj16PTHT_cIYuKXJG6bBcrQ7QQBQ6ihOcQ&authuser=1
65 // for the full details.
66 class NET_EXPORT_PRIVATE HttpAuthNegotiateAndroid : public HttpAuthMechanism {
67  public:
68   // Creates an object for one negotiation session. |prefs| are the
69   // authentication preferences. In particular they include the Android account
70   // type, which is used to connect to the correct Android Authenticator.
71   explicit HttpAuthNegotiateAndroid(const HttpAuthPreferences* prefs);
72   HttpAuthNegotiateAndroid(const HttpAuthNegotiateAndroid&) = delete;
73   HttpAuthNegotiateAndroid& operator=(const HttpAuthNegotiateAndroid&) = delete;
74   ~HttpAuthNegotiateAndroid() override;
75 
76   // HttpAuthMechanism implementation:
77   bool Init(const NetLogWithSource& net_log) override;
78   bool NeedsIdentity() const override;
79   bool AllowsExplicitCredentials() const override;
80   HttpAuth::AuthorizationResult ParseChallenge(
81       HttpAuthChallengeTokenizer* tok) override;
82   int GenerateAuthToken(const AuthCredentials* credentials,
83                         const std::string& spn,
84                         const std::string& channel_bindings,
85                         std::string* auth_token,
86                         const NetLogWithSource& net_log,
87                         CompletionOnceCallback callback) override;
88   void SetDelegation(HttpAuth::DelegationType delegation_type) override;
89 
90   // Unlike the platform agnostic GenerateAuthToken(), the Android specific
91   // version doesn't require a NetLogWithSource. The call is made across service
92   // boundaries, so currently the goings-on within the GenerateAuthToken()
93   // handler is outside the scope of the NetLog.
94   int GenerateAuthTokenAndroid(const AuthCredentials* credentials,
95                                const std::string& spn,
96                                const std::string& channel_bindings,
97                                std::string* auth_token,
98                                CompletionOnceCallback callback);
99 
can_delegate()100   bool can_delegate() const { return can_delegate_; }
set_can_delegate(bool can_delegate)101   void set_can_delegate(bool can_delegate) { can_delegate_ = can_delegate; }
102 
server_auth_token()103   const std::string& server_auth_token() const { return server_auth_token_; }
set_server_auth_token(const std::string & server_auth_token)104   void set_server_auth_token(const std::string& server_auth_token) {
105     server_auth_token_ = server_auth_token;
106   }
107 
108   std::string GetAuthAndroidNegotiateAccountType() const;
109 
110  private:
111   void SetResultInternal(int result, const std::string& token);
112 
113   raw_ptr<const HttpAuthPreferences> prefs_ = nullptr;
114   bool can_delegate_ = false;
115   bool first_challenge_ = true;
116   std::string server_auth_token_;
117   raw_ptr<std::string> auth_token_ = nullptr;
118   base::android::ScopedJavaGlobalRef<jobject> java_authenticator_;
119   net::CompletionOnceCallback completion_callback_;
120 
121   base::WeakPtrFactory<HttpAuthNegotiateAndroid> weak_factory_{this};
122 };
123 
124 }  // namespace android
125 }  // namespace net
126 
127 #endif  // NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_
128