From 73a60ea3e3ca0d68d5e60a8815e77983b29d30c1 Mon Sep 17 00:00:00 2001 From: Paul Betts Date: Fri, 16 Oct 2015 16:39:42 -0700 Subject: [PATCH 1/8] Create a new URLSecurityManager that allows explicit settings --- brightray/browser/url_request_context_getter.cc | 10 ++++++++++ brightray/browser/url_request_context_getter.h | 15 +++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/brightray/browser/url_request_context_getter.cc b/brightray/browser/url_request_context_getter.cc index bdef77d1c2e3..5cbca4654b7d 100644 --- a/brightray/browser/url_request_context_getter.cc +++ b/brightray/browser/url_request_context_getter.cc @@ -84,6 +84,16 @@ const char kProxyPacUrl[] = "proxy-pac-url"; } // namespace +ExplicitURLSecurityManager::ExplicitURLSecurityManager() : allow_default_creds_(false) {} + +bool ExplicitURLSecurityManager::CanUseDefaultCredentials(const GURL& auth_origin) const { + return allow_default_creds_; +} + +bool ExplicitURLSecurityManager::CanDelegate(const GURL& auth_origin) const { + return false; +} + std::string URLRequestContextGetter::Delegate::GetUserAgent() { return base::EmptyString(); } diff --git a/brightray/browser/url_request_context_getter.h b/brightray/browser/url_request_context_getter.h index 4794f1bf6e53..fdbb7c681564 100644 --- a/brightray/browser/url_request_context_getter.h +++ b/brightray/browser/url_request_context_getter.h @@ -30,6 +30,21 @@ namespace brightray { class DevToolsNetworkController; class NetLog; +class ExplicitURLSecurityManager : public net::URLSecurityManager { +public: + ExplicitURLSecurityManager(); + + virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const override; + virtual bool CanDelegate(const GURL& auth_origin) const override; + + void AllowNTLMCredentialsForAllDomains(bool should_allow) { allow_default_creds_ = should_allow; } + +private: + bool allow_default_creds_; + + DISALLOW_COPY_AND_ASSIGN(ExplicitURLSecurityManager); +}; + class URLRequestContextGetter : public net::URLRequestContextGetter { public: class Delegate { From 2c21f1a30459e960cec34ff5720e0cd1c7b86204 Mon Sep 17 00:00:00 2001 From: Paul Betts Date: Fri, 16 Oct 2015 16:40:07 -0700 Subject: [PATCH 2/8] Replace the default one with our own --- brightray/browser/url_request_context_getter.cc | 2 +- brightray/browser/url_request_context_getter.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/brightray/browser/url_request_context_getter.cc b/brightray/browser/url_request_context_getter.cc index 5cbca4654b7d..cfe250d2dd1f 100644 --- a/brightray/browser/url_request_context_getter.cc +++ b/brightray/browser/url_request_context_getter.cc @@ -155,7 +155,7 @@ URLRequestContextGetter::URLRequestContextGetter( in_memory_(in_memory), io_loop_(io_loop), file_loop_(file_loop), - url_sec_mgr_(net::URLSecurityManager::Create(NULL, NULL)), + url_sec_mgr_(new ExplicitURLSecurityManager()), protocol_interceptors_(protocol_interceptors.Pass()) { // Must first be created on the UI thread. DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); diff --git a/brightray/browser/url_request_context_getter.h b/brightray/browser/url_request_context_getter.h index fdbb7c681564..aab7207cc567 100644 --- a/brightray/browser/url_request_context_getter.h +++ b/brightray/browser/url_request_context_getter.h @@ -95,7 +95,7 @@ class URLRequestContextGetter : public net::URLRequestContextGetter { scoped_ptr storage_; scoped_ptr url_request_context_; scoped_ptr host_mapping_rules_; - scoped_ptr url_sec_mgr_; + scoped_ptr url_sec_mgr_; content::ProtocolHandlerMap protocol_handlers_; content::URLRequestInterceptorScopedVector protocol_interceptors_; From d123c8613d4905e222bc2583d4092f1509fe7a50 Mon Sep 17 00:00:00 2001 From: Paul Betts Date: Fri, 16 Oct 2015 16:40:30 -0700 Subject: [PATCH 3/8] Create a new API to trump IE security settings if desired --- brightray/browser/browser_context.cc | 4 ++++ brightray/browser/browser_context.h | 2 ++ brightray/browser/url_request_context_getter.cc | 4 ++++ brightray/browser/url_request_context_getter.h | 2 ++ 4 files changed, 12 insertions(+) diff --git a/brightray/browser/browser_context.cc b/brightray/browser/browser_context.cc index 4bf558d4293b..82de4a621018 100644 --- a/brightray/browser/browser_context.cc +++ b/brightray/browser/browser_context.cc @@ -232,4 +232,8 @@ content::PermissionManager* BrowserContext::GetPermissionManager() { return permission_manager_.get(); } +void BrowserContext::AllowNTLMCredentialsForAllDomains(bool should_allow) { + url_request_getter_->AllowNTLMCredentialsForAllDomains(should_allow); +} + } // namespace brightray diff --git a/brightray/browser/browser_context.h b/brightray/browser/browser_context.h index 3c9b68d88385..5f16530d1071 100644 --- a/brightray/browser/browser_context.h +++ b/brightray/browser/browser_context.h @@ -71,6 +71,8 @@ class BrowserContext : public base::RefCounted, void InitPrefs(); PrefService* prefs() { return prefs_.get(); } + void AllowNTLMCredentialsForAllDomains(bool should_allow); + protected: BrowserContext(const std::string& partition, bool in_memory); ~BrowserContext() override; diff --git a/brightray/browser/url_request_context_getter.cc b/brightray/browser/url_request_context_getter.cc index cfe250d2dd1f..58df7ece6508 100644 --- a/brightray/browser/url_request_context_getter.cc +++ b/brightray/browser/url_request_context_getter.cc @@ -330,4 +330,8 @@ scoped_refptr URLRequestContextGetter::GetNetworkT return BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO); } +void URLRequestContextGetter::AllowNTLMCredentialsForAllDomains(bool should_allow) { + url_sec_mgr_->AllowNTLMCredentialsForAllDomains(should_allow); +} + } // namespace brightray diff --git a/brightray/browser/url_request_context_getter.h b/brightray/browser/url_request_context_getter.h index aab7207cc567..da2091fb6753 100644 --- a/brightray/browser/url_request_context_getter.h +++ b/brightray/browser/url_request_context_getter.h @@ -78,6 +78,8 @@ class URLRequestContextGetter : public net::URLRequestContextGetter { net::URLRequestContext* GetURLRequestContext() override; scoped_refptr GetNetworkTaskRunner() const override; + void AllowNTLMCredentialsForAllDomains(bool should_allow); + net::HostResolver* host_resolver(); private: From 66a14c5eb51e3280ca58d148a01844c4b2ceea9b Mon Sep 17 00:00:00 2001 From: Paul Betts Date: Fri, 16 Oct 2015 16:43:03 -0700 Subject: [PATCH 4/8] Fallback to default behavior if boolean is false --- brightray/browser/url_request_context_getter.cc | 12 +++++++++--- brightray/browser/url_request_context_getter.h | 1 + 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/brightray/browser/url_request_context_getter.cc b/brightray/browser/url_request_context_getter.cc index 58df7ece6508..bc42f8e46001 100644 --- a/brightray/browser/url_request_context_getter.cc +++ b/brightray/browser/url_request_context_getter.cc @@ -84,14 +84,20 @@ const char kProxyPacUrl[] = "proxy-pac-url"; } // namespace -ExplicitURLSecurityManager::ExplicitURLSecurityManager() : allow_default_creds_(false) {} +ExplicitURLSecurityManager::ExplicitURLSecurityManager() : + allow_default_creds_(false), + orig_url_sec_mgr_(net::URLSecurityManager::Create(NULL, NULL)) {} bool ExplicitURLSecurityManager::CanUseDefaultCredentials(const GURL& auth_origin) const { - return allow_default_creds_; + if (allow_default_creds_) { + return true; + } + + return orig_url_sec_mgr_->CanUseDefaultCredentials(auth_origin); } bool ExplicitURLSecurityManager::CanDelegate(const GURL& auth_origin) const { - return false; + return orig_url_sec_mgr_->CanDelegate(auth_origin); } std::string URLRequestContextGetter::Delegate::GetUserAgent() { diff --git a/brightray/browser/url_request_context_getter.h b/brightray/browser/url_request_context_getter.h index da2091fb6753..f1ed5da9d6ae 100644 --- a/brightray/browser/url_request_context_getter.h +++ b/brightray/browser/url_request_context_getter.h @@ -41,6 +41,7 @@ public: private: bool allow_default_creds_; + scoped_ptr orig_url_sec_mgr_; DISALLOW_COPY_AND_ASSIGN(ExplicitURLSecurityManager); }; From 91a62640ab5577bc6e44353776be0f585616c47e Mon Sep 17 00:00:00 2001 From: Paul Betts Date: Fri, 16 Oct 2015 16:48:07 -0700 Subject: [PATCH 5/8] Come Correct with cpplint --- brightray/browser/browser_client.h | 1 + brightray/browser/url_request_context_getter.h | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/brightray/browser/browser_client.h b/brightray/browser/browser_client.h index f69b017e5e10..0612e56d2552 100644 --- a/brightray/browser/browser_client.h +++ b/brightray/browser/browser_client.h @@ -50,6 +50,7 @@ class BrowserClient : public content::ContentBrowserClient { BrowserMainParts* browser_main_parts_; NetLog net_log_; + private: DISALLOW_COPY_AND_ASSIGN(BrowserClient); }; diff --git a/brightray/browser/url_request_context_getter.h b/brightray/browser/url_request_context_getter.h index f1ed5da9d6ae..78dc5c4eb8e2 100644 --- a/brightray/browser/url_request_context_getter.h +++ b/brightray/browser/url_request_context_getter.h @@ -31,15 +31,15 @@ class DevToolsNetworkController; class NetLog; class ExplicitURLSecurityManager : public net::URLSecurityManager { -public: + public: ExplicitURLSecurityManager(); - virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const override; - virtual bool CanDelegate(const GURL& auth_origin) const override; + bool CanUseDefaultCredentials(const GURL& auth_origin) const override; + bool CanDelegate(const GURL& auth_origin) const override; void AllowNTLMCredentialsForAllDomains(bool should_allow) { allow_default_creds_ = should_allow; } -private: + private: bool allow_default_creds_; scoped_ptr orig_url_sec_mgr_; From 0d63eaa07be803d3b80430eadb22850c1aef2a01 Mon Sep 17 00:00:00 2001 From: Paul Betts Date: Mon, 19 Oct 2015 12:51:01 -0700 Subject: [PATCH 6/8] Move the NTLM check to the URLRequestContextGetter delegate --- .../browser/url_request_context_getter.cc | 41 ++++++++++++------- .../browser/url_request_context_getter.h | 38 +++++++++-------- 2 files changed, 46 insertions(+), 33 deletions(-) diff --git a/brightray/browser/url_request_context_getter.cc b/brightray/browser/url_request_context_getter.cc index bc42f8e46001..08149a471a4e 100644 --- a/brightray/browser/url_request_context_getter.cc +++ b/brightray/browser/url_request_context_getter.cc @@ -84,22 +84,24 @@ const char kProxyPacUrl[] = "proxy-pac-url"; } // namespace -ExplicitURLSecurityManager::ExplicitURLSecurityManager() : - allow_default_creds_(false), + +URLRequestContextGetter::DelegateURLSecurityManager::DelegateURLSecurityManager + (URLRequestContextGetter::Delegate* delegate) : + delegate_(delegate) {} + +bool URLRequestContextGetter::DelegateURLSecurityManager::CanUseDefaultCredentials + (const GURL& auth_origin) const { + return delegate_->AllowNTLMCredentialsForDomain(auth_origin); +} + +bool URLRequestContextGetter::DelegateURLSecurityManager::CanDelegate + (const GURL& auth_origin) const { + return delegate_->CanDelegateURLSecurity(auth_origin); +} + +URLRequestContextGetter::Delegate::Delegate() : orig_url_sec_mgr_(net::URLSecurityManager::Create(NULL, NULL)) {} -bool ExplicitURLSecurityManager::CanUseDefaultCredentials(const GURL& auth_origin) const { - if (allow_default_creds_) { - return true; - } - - return orig_url_sec_mgr_->CanUseDefaultCredentials(auth_origin); -} - -bool ExplicitURLSecurityManager::CanDelegate(const GURL& auth_origin) const { - return orig_url_sec_mgr_->CanDelegate(auth_origin); -} - std::string URLRequestContextGetter::Delegate::GetUserAgent() { return base::EmptyString(); } @@ -144,6 +146,15 @@ net::SSLConfigService* URLRequestContextGetter::Delegate::CreateSSLConfigService return new net::SSLConfigServiceDefaults; } +bool URLRequestContextGetter::Delegate::AllowNTLMCredentialsForDomain(const GURL& auth_origin) { + return orig_url_sec_mgr_->CanUseDefaultCredentials(auth_origin); +} + +bool URLRequestContextGetter::Delegate::CanDelegateURLSecurity(const GURL& auth_origin) { + return orig_url_sec_mgr_->CanDelegate(auth_origin); +} + + URLRequestContextGetter::URLRequestContextGetter( Delegate* delegate, DevToolsNetworkController* controller, @@ -161,7 +172,7 @@ URLRequestContextGetter::URLRequestContextGetter( in_memory_(in_memory), io_loop_(io_loop), file_loop_(file_loop), - url_sec_mgr_(new ExplicitURLSecurityManager()), + url_sec_mgr_(new URLRequestContextGetter::DelegateURLSecurityManager(delegate)), protocol_interceptors_(protocol_interceptors.Pass()) { // Must first be created on the UI thread. DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); diff --git a/brightray/browser/url_request_context_getter.h b/brightray/browser/url_request_context_getter.h index 78dc5c4eb8e2..ed142d47907f 100644 --- a/brightray/browser/url_request_context_getter.h +++ b/brightray/browser/url_request_context_getter.h @@ -30,27 +30,11 @@ namespace brightray { class DevToolsNetworkController; class NetLog; -class ExplicitURLSecurityManager : public net::URLSecurityManager { - public: - ExplicitURLSecurityManager(); - - bool CanUseDefaultCredentials(const GURL& auth_origin) const override; - bool CanDelegate(const GURL& auth_origin) const override; - - void AllowNTLMCredentialsForAllDomains(bool should_allow) { allow_default_creds_ = should_allow; } - - private: - bool allow_default_creds_; - scoped_ptr orig_url_sec_mgr_; - - DISALLOW_COPY_AND_ASSIGN(ExplicitURLSecurityManager); -}; - class URLRequestContextGetter : public net::URLRequestContextGetter { public: class Delegate { public: - Delegate() {} + Delegate(); virtual ~Delegate() {} virtual net::NetworkDelegate* CreateNetworkDelegate() { return NULL; } @@ -61,6 +45,24 @@ class URLRequestContextGetter : public net::URLRequestContextGetter { virtual net::HttpCache::BackendFactory* CreateHttpCacheBackendFactory( const base::FilePath& base_path); virtual net::SSLConfigService* CreateSSLConfigService(); + virtual bool AllowNTLMCredentialsForDomain(const GURL& auth_origin); + virtual bool CanDelegateURLSecurity(const GURL& auth_origin); + + private: + scoped_ptr orig_url_sec_mgr_; + }; + + class DelegateURLSecurityManager : public net::URLSecurityManager { + public: + DelegateURLSecurityManager(URLRequestContextGetter::Delegate* delegate); + + bool CanUseDefaultCredentials(const GURL& auth_origin) const override; + bool CanDelegate(const GURL& auth_origin) const override; + + private: + URLRequestContextGetter::Delegate* delegate_; + + DISALLOW_COPY_AND_ASSIGN(DelegateURLSecurityManager); }; URLRequestContextGetter( @@ -98,7 +100,7 @@ class URLRequestContextGetter : public net::URLRequestContextGetter { scoped_ptr storage_; scoped_ptr url_request_context_; scoped_ptr host_mapping_rules_; - scoped_ptr url_sec_mgr_; + scoped_ptr url_sec_mgr_; content::ProtocolHandlerMap protocol_handlers_; content::URLRequestInterceptorScopedVector protocol_interceptors_; From 5168b449324a4500e05176513ebf66442f4e214c Mon Sep 17 00:00:00 2001 From: Paul Betts Date: Mon, 19 Oct 2015 12:57:32 -0700 Subject: [PATCH 7/8] Remove our plumbed methods --- brightray/browser/browser_context.cc | 4 ---- brightray/browser/browser_context.h | 2 -- brightray/browser/url_request_context_getter.cc | 4 ---- 3 files changed, 10 deletions(-) diff --git a/brightray/browser/browser_context.cc b/brightray/browser/browser_context.cc index 82de4a621018..4bf558d4293b 100644 --- a/brightray/browser/browser_context.cc +++ b/brightray/browser/browser_context.cc @@ -232,8 +232,4 @@ content::PermissionManager* BrowserContext::GetPermissionManager() { return permission_manager_.get(); } -void BrowserContext::AllowNTLMCredentialsForAllDomains(bool should_allow) { - url_request_getter_->AllowNTLMCredentialsForAllDomains(should_allow); -} - } // namespace brightray diff --git a/brightray/browser/browser_context.h b/brightray/browser/browser_context.h index 5f16530d1071..3c9b68d88385 100644 --- a/brightray/browser/browser_context.h +++ b/brightray/browser/browser_context.h @@ -71,8 +71,6 @@ class BrowserContext : public base::RefCounted, void InitPrefs(); PrefService* prefs() { return prefs_.get(); } - void AllowNTLMCredentialsForAllDomains(bool should_allow); - protected: BrowserContext(const std::string& partition, bool in_memory); ~BrowserContext() override; diff --git a/brightray/browser/url_request_context_getter.cc b/brightray/browser/url_request_context_getter.cc index 08149a471a4e..799560278aaa 100644 --- a/brightray/browser/url_request_context_getter.cc +++ b/brightray/browser/url_request_context_getter.cc @@ -347,8 +347,4 @@ scoped_refptr URLRequestContextGetter::GetNetworkT return BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO); } -void URLRequestContextGetter::AllowNTLMCredentialsForAllDomains(bool should_allow) { - url_sec_mgr_->AllowNTLMCredentialsForAllDomains(should_allow); -} - } // namespace brightray From b7b3029e2aa8bcac9961a3546ea78b89bfd1fb9d Mon Sep 17 00:00:00 2001 From: Paul Betts Date: Mon, 19 Oct 2015 19:42:23 -0700 Subject: [PATCH 8/8] Nuke old declaration --- brightray/browser/url_request_context_getter.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/brightray/browser/url_request_context_getter.h b/brightray/browser/url_request_context_getter.h index ed142d47907f..0cd31c4c1368 100644 --- a/brightray/browser/url_request_context_getter.h +++ b/brightray/browser/url_request_context_getter.h @@ -81,8 +81,6 @@ class URLRequestContextGetter : public net::URLRequestContextGetter { net::URLRequestContext* GetURLRequestContext() override; scoped_refptr GetNetworkTaskRunner() const override; - void AllowNTLMCredentialsForAllDomains(bool should_allow); - net::HostResolver* host_resolver(); private: