Merge pull request #223 from deepak1556/iwa_patch

flags to control iwa enabled server whitelist
2016-05-23 10:37:36 +00:00 · 2016-05-23 10:37:36 +00:00 · b41d9fd6c0
commit b41d9fd6c0
parent 7d126e1734 b8e8e08f63
2 changed files with 20 additions and 58 deletions
--- a/brightray/browser/url_request_context_getter.cc
+++ b/brightray/browser/url_request_context_getter.cc
@ -92,34 +92,14 @@ const char kProxyPacUrl[] = "proxy-pac-url";
 // Disable HTTP/2 and SPDY/3.1 protocols.
 const char kDisableHttp2[] = "disable-http2";

+// Whitelist containing servers for which Integrated Authentication is enabled.
+const char kAuthServerWhitelist[] = "auth-server-whitelist";
+
+// Whitelist containing servers for which Kerberos delegation is allowed.
+const char kAuthNegotiateDelegateWhitelist[] = "auth-negotiate-delegate-whitelist";
+
 }  // namespace

-
-URLRequestContextGetter::DelegateURLSecurityManager::DelegateURLSecurityManager
-  (URLRequestContextGetter::Delegate* delegate) :
-  delegate_(delegate) {}
-
-bool URLRequestContextGetter::DelegateURLSecurityManager::CanUseDefaultCredentials
-    (const GURL& auth_origin) const {
-  return delegate_->AllowNTLMCredentialsForDomain(auth_origin);
-}
-
-bool URLRequestContextGetter::DelegateURLSecurityManager::CanDelegate
-    (const GURL& auth_origin) const {
-  return delegate_->CanDelegateURLSecurity(auth_origin);
-}
-
-void URLRequestContextGetter::DelegateURLSecurityManager::SetDefaultWhitelist(
-  scoped_ptr<net::HttpAuthFilter> whitelist_default) {
-}
-
-void URLRequestContextGetter::DelegateURLSecurityManager::SetDelegateWhitelist(
-  scoped_ptr<net::HttpAuthFilter> whitelist_delegate) {
-}
-
-URLRequestContextGetter::Delegate::Delegate() :
-  orig_url_sec_mgr_(net::URLSecurityManager::Create()) {}
-
 std::string URLRequestContextGetter::Delegate::GetUserAgent() {
  return base::EmptyString();
 }
@ -174,15 +154,6 @@ net::SSLConfigService* URLRequestContextGetter::Delegate::CreateSSLConfigService
  return new net::SSLConfigServiceDefaults;
 }

-bool URLRequestContextGetter::Delegate::AllowNTLMCredentialsForDomain(const GURL& auth_origin) {
-  return orig_url_sec_mgr_->CanUseDefaultCredentials(auth_origin);
-}
-
-bool URLRequestContextGetter::Delegate::CanDelegateURLSecurity(const GURL& auth_origin) {
-  return orig_url_sec_mgr_->CanDelegate(auth_origin);
-}
-
-
 URLRequestContextGetter::URLRequestContextGetter(
    Delegate* delegate,
    DevToolsNetworkControllerHandle* handle,
@ -317,6 +288,19 @@ net::URLRequestContext* URLRequestContextGetter::GetURLRequestContext() {
 #else
    http_auth_preferences_.reset(new net::HttpAuthPreferences(schemes));
 #endif
+
+    // --auth-server-whitelist
+    if (command_line.HasSwitch(kAuthServerWhitelist)) {
+      http_auth_preferences_->set_server_whitelist(
+          command_line.GetSwitchValueASCII(kAuthServerWhitelist));
+    }
+
+    // --auth-negotiate-delegate-whitelist
+    if (command_line.HasSwitch(kAuthNegotiateDelegateWhitelist)) {
+      http_auth_preferences_->set_delegate_whitelist(
+          command_line.GetSwitchValueASCII(kAuthNegotiateDelegateWhitelist));
+    }
+
    auto auth_handler_factory =
        net::HttpAuthHandlerRegistryFactory::Create(
            http_auth_preferences_.get(), host_resolver.get());
--- a/brightray/browser/url_request_context_getter.h
+++ b/brightray/browser/url_request_context_getter.h
@ -35,7 +35,7 @@ class URLRequestContextGetter : public net::URLRequestContextGetter {
 public:
  class Delegate {
   public:
-    Delegate();
+    Delegate() {}
    virtual ~Delegate() {}

    virtual net::NetworkDelegate* CreateNetworkDelegate() { return NULL; }
@ -47,28 +47,6 @@ class URLRequestContextGetter : public net::URLRequestContextGetter {
        const base::FilePath& base_path);
    virtual scoped_ptr<net::CertVerifier> CreateCertVerifier();
    virtual net::SSLConfigService* CreateSSLConfigService();
-    virtual bool AllowNTLMCredentialsForDomain(const GURL& auth_origin);
-    virtual bool CanDelegateURLSecurity(const GURL& auth_origin);
-
-   private:
-    scoped_ptr<net::URLSecurityManager> orig_url_sec_mgr_;
-  };
-
-  class DelegateURLSecurityManager : public net::URLSecurityManager {
-   public:
-    DelegateURLSecurityManager(URLRequestContextGetter::Delegate* delegate);
-
-    bool CanUseDefaultCredentials(const GURL& auth_origin) const override;
-    bool CanDelegate(const GURL& auth_origin) const override;
-    void SetDefaultWhitelist(
-      scoped_ptr<net::HttpAuthFilter> whitelist_default) override;
-    void SetDelegateWhitelist(
-      scoped_ptr<net::HttpAuthFilter> whitelist_delegate) override;
-
-   private:
-    URLRequestContextGetter::Delegate* delegate_;
-
-    DISALLOW_COPY_AND_ASSIGN(DelegateURLSecurityManager);
  };

  URLRequestContextGetter(