| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/protocol/me2me_host_authenticator_factory.h" | 5 #include "remoting/protocol/me2me_host_authenticator_factory.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/string_util.h" | 8 #include "base/string_util.h" |
| 9 #include "crypto/rsa_private_key.h" | 9 #include "crypto/rsa_private_key.h" |
| 10 #include "remoting/protocol/channel_authenticator.h" | 10 #include "remoting/protocol/channel_authenticator.h" |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 51 return scoped_ptr<ChannelAuthenticator>(NULL); | 51 return scoped_ptr<ChannelAuthenticator>(NULL); |
| 52 } | 52 } |
| 53 | 53 |
| 54 protected: | 54 protected: |
| 55 State state_; | 55 State state_; |
| 56 }; | 56 }; |
| 57 | 57 |
| 58 } // namespace | 58 } // namespace |
| 59 | 59 |
| 60 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory( | 60 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory( |
| 61 const std::string& local_jid, | |
| 62 const std::string& local_cert, | 61 const std::string& local_cert, |
| 63 const crypto::RSAPrivateKey& local_private_key, | 62 const crypto::RSAPrivateKey& local_private_key, |
| 64 const SharedSecretHash& shared_secret_hash) | 63 const SharedSecretHash& shared_secret_hash) |
| 65 : local_cert_(local_cert), | 64 : local_cert_(local_cert), |
| 66 local_private_key_(local_private_key.Copy()), | 65 local_private_key_(local_private_key.Copy()), |
| 67 shared_secret_hash_(shared_secret_hash) { | 66 shared_secret_hash_(shared_secret_hash) { |
| 68 // Verify that |local_jid| is bare. | |
| 69 DCHECK_EQ(local_jid.find('/'), std::string::npos); | |
| 70 local_jid_prefix_ = local_jid + '/'; | |
| 71 } | 67 } |
| 72 | 68 |
| 73 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() { | 69 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() { |
| 74 } | 70 } |
| 75 | 71 |
| 76 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator( | 72 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator( |
| 73 const std::string& local_jid, |
| 77 const std::string& remote_jid, | 74 const std::string& remote_jid, |
| 78 const buzz::XmlElement* first_message) { | 75 const buzz::XmlElement* first_message) { |
| 76 |
| 77 size_t slash_pos = local_jid.find('/'); |
| 78 if (slash_pos == std::string::npos) { |
| 79 LOG(DFATAL) << "Invalid local JID:" << local_jid; |
| 80 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); |
| 81 } |
| 82 |
| 79 // Verify that the client's jid is an ASCII string, and then check | 83 // Verify that the client's jid is an ASCII string, and then check |
| 80 // that the client has the same bare jid as the host, i.e. client's | 84 // that the client has the same bare jid as the host, i.e. client's |
| 81 // full JID starts with host's bare jid. Comparison is case | 85 // full JID starts with host's bare jid. Comparison is case |
| 82 // insensitive. | 86 // insensitive. |
| 83 if (!IsStringASCII(remote_jid) || | 87 if (!IsStringASCII(remote_jid) || |
| 84 !StartsWithASCII(remote_jid, local_jid_prefix_, false)) { | 88 !StartsWithASCII(remote_jid, local_jid.substr(0, slash_pos + 1), false)) { |
| 85 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; | 89 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; |
| 86 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); | 90 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); |
| 87 } | 91 } |
| 88 | 92 |
| 89 if (shared_secret_hash_.hash_function == AuthenticationMethod::NONE && | 93 if (shared_secret_hash_.hash_function == AuthenticationMethod::NONE && |
| 90 shared_secret_hash_.value.empty()) { | 94 shared_secret_hash_.value.empty()) { |
| 91 // PIN isn't set. Enable V1 authentication. | 95 // PIN isn't set. Enable V1 authentication. |
| 92 if (!NegotiatingAuthenticator::IsNegotiableMessage(first_message)) { | 96 if (!NegotiatingAuthenticator::IsNegotiableMessage(first_message)) { |
| 93 return scoped_ptr<Authenticator>( | 97 return scoped_ptr<Authenticator>( |
| 94 new V1HostAuthenticator(local_cert_, *local_private_key_, | 98 new V1HostAuthenticator(local_cert_, *local_private_key_, |
| 95 "", remote_jid)); | 99 "", remote_jid)); |
| 96 } | 100 } |
| 97 } | 101 } |
| 98 | 102 |
| 99 return NegotiatingAuthenticator::CreateForHost( | 103 return NegotiatingAuthenticator::CreateForHost( |
| 100 local_cert_, *local_private_key_, shared_secret_hash_.value, | 104 local_cert_, *local_private_key_, shared_secret_hash_.value, |
| 101 shared_secret_hash_.hash_function); | 105 shared_secret_hash_.hash_function); |
| 102 } | 106 } |
| 103 | 107 |
| 104 } // namespace protocol | 108 } // namespace protocol |
| 105 } // namespace remoting | 109 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10332187:
Properly handle accounts that don't have GMail. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src