| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" | 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "crypto/secure_util.h" | 9 #include "crypto/secure_util.h" |
| 10 #include "net/base/cert_verifier.h" | 10 #include "net/base/cert_verifier.h" |
| (...skipping 29 matching lines...) Expand all Loading... |
| 40 scoped_ptr<SslHmacChannelAuthenticator> result( | 40 scoped_ptr<SslHmacChannelAuthenticator> result( |
| 41 new SslHmacChannelAuthenticator(auth_key)); | 41 new SslHmacChannelAuthenticator(auth_key)); |
| 42 result->local_cert_ = local_cert; | 42 result->local_cert_ = local_cert; |
| 43 result->local_private_key_ = local_private_key; | 43 result->local_private_key_ = local_private_key; |
| 44 return result.Pass(); | 44 return result.Pass(); |
| 45 } | 45 } |
| 46 | 46 |
| 47 SslHmacChannelAuthenticator::SslHmacChannelAuthenticator( | 47 SslHmacChannelAuthenticator::SslHmacChannelAuthenticator( |
| 48 const std::string& auth_key) | 48 const std::string& auth_key) |
| 49 : auth_key_(auth_key), | 49 : auth_key_(auth_key), |
| 50 local_private_key_(NULL), | 50 local_private_key_(NULL) { |
| 51 legacy_mode_(NONE) { | |
| 52 } | 51 } |
| 53 | 52 |
| 54 SslHmacChannelAuthenticator::~SslHmacChannelAuthenticator() { | 53 SslHmacChannelAuthenticator::~SslHmacChannelAuthenticator() { |
| 55 } | 54 } |
| 56 | 55 |
| 57 void SslHmacChannelAuthenticator::SetLegacyOneWayMode(LegacyMode legacy_mode) { | |
| 58 // Must be called before SecureAndAuthenticate(). | |
| 59 DCHECK(done_callback_.is_null()); | |
| 60 legacy_mode_ = legacy_mode; | |
| 61 } | |
| 62 | |
| 63 void SslHmacChannelAuthenticator::SecureAndAuthenticate( | 56 void SslHmacChannelAuthenticator::SecureAndAuthenticate( |
| 64 scoped_ptr<net::StreamSocket> socket, const DoneCallback& done_callback) { | 57 scoped_ptr<net::StreamSocket> socket, const DoneCallback& done_callback) { |
| 65 DCHECK(CalledOnValidThread()); | 58 DCHECK(CalledOnValidThread()); |
| 66 DCHECK(socket->IsConnected()); | 59 DCHECK(socket->IsConnected()); |
| 67 | 60 |
| 68 done_callback_ = done_callback; | 61 done_callback_ = done_callback; |
| 69 | 62 |
| 70 int result; | 63 int result; |
| 71 if (is_ssl_server()) { | 64 if (is_ssl_server()) { |
| 72 scoped_refptr<net::X509Certificate> cert = | 65 scoped_refptr<net::X509Certificate> cert = |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 123 return local_private_key_ != NULL; | 116 return local_private_key_ != NULL; |
| 124 } | 117 } |
| 125 | 118 |
| 126 void SslHmacChannelAuthenticator::OnConnected(int result) { | 119 void SslHmacChannelAuthenticator::OnConnected(int result) { |
| 127 if (result != net::OK) { | 120 if (result != net::OK) { |
| 128 LOG(WARNING) << "Failed to establish SSL connection"; | 121 LOG(WARNING) << "Failed to establish SSL connection"; |
| 129 NotifyError(result); | 122 NotifyError(result); |
| 130 return; | 123 return; |
| 131 } | 124 } |
| 132 | 125 |
| 133 if (legacy_mode_ != RECEIVE_ONLY) { | 126 // Generate authentication digest to write to the socket. |
| 134 // Generate authentication digest to write to the socket. | 127 std::string auth_bytes = GetAuthBytes( |
| 135 std::string auth_bytes = GetAuthBytes( | 128 socket_.get(), is_ssl_server() ? |
| 136 socket_.get(), is_ssl_server() ? | 129 kHostAuthSslExporterLabel : kClientAuthSslExporterLabel, auth_key_); |
| 137 kHostAuthSslExporterLabel : kClientAuthSslExporterLabel, auth_key_); | 130 if (auth_bytes.empty()) { |
| 138 if (auth_bytes.empty()) { | 131 NotifyError(net::ERR_FAILED); |
| 139 NotifyError(net::ERR_FAILED); | 132 return; |
| 140 return; | |
| 141 } | |
| 142 | |
| 143 // Allocate a buffer to write the digest. | |
| 144 auth_write_buf_ = new net::DrainableIOBuffer( | |
| 145 new net::StringIOBuffer(auth_bytes), auth_bytes.size()); | |
| 146 } | 133 } |
| 147 | 134 |
| 148 if (legacy_mode_ != SEND_ONLY) { | 135 // Allocate a buffer to write the digest. |
| 149 // Read an incoming token. | 136 auth_write_buf_ = new net::DrainableIOBuffer( |
| 150 auth_read_buf_ = new net::GrowableIOBuffer(); | 137 new net::StringIOBuffer(auth_bytes), auth_bytes.size()); |
| 151 auth_read_buf_->SetCapacity(kAuthDigestLength); | 138 |
| 152 } | 139 // Read an incoming token. |
| 140 auth_read_buf_ = new net::GrowableIOBuffer(); |
| 141 auth_read_buf_->SetCapacity(kAuthDigestLength); |
| 153 | 142 |
| 154 // If WriteAuthenticationBytes() results in |done_callback_| being | 143 // If WriteAuthenticationBytes() results in |done_callback_| being |
| 155 // called then we must not do anything else because this object may | 144 // called then we must not do anything else because this object may |
| 156 // be destroyed at that point. | 145 // be destroyed at that point. |
| 157 bool callback_called = false; | 146 bool callback_called = false; |
| 158 if (legacy_mode_ != RECEIVE_ONLY) | 147 WriteAuthenticationBytes(&callback_called); |
| 159 WriteAuthenticationBytes(&callback_called); | 148 if (!callback_called) |
| 160 if (!callback_called && legacy_mode_ != SEND_ONLY) | |
| 161 ReadAuthenticationBytes(); | 149 ReadAuthenticationBytes(); |
| 162 } | 150 } |
| 163 | 151 |
| 164 void SslHmacChannelAuthenticator::WriteAuthenticationBytes( | 152 void SslHmacChannelAuthenticator::WriteAuthenticationBytes( |
| 165 bool* callback_called) { | 153 bool* callback_called) { |
| 166 while (true) { | 154 while (true) { |
| 167 int result = socket_->Write( | 155 int result = socket_->Write( |
| 168 auth_write_buf_, auth_write_buf_->BytesRemaining(), | 156 auth_write_buf_, auth_write_buf_->BytesRemaining(), |
| 169 base::Bind(&SslHmacChannelAuthenticator::OnAuthBytesWritten, | 157 base::Bind(&SslHmacChannelAuthenticator::OnAuthBytesWritten, |
| 170 base::Unretained(this))); | 158 base::Unretained(this))); |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 269 } | 257 } |
| 270 } | 258 } |
| 271 | 259 |
| 272 void SslHmacChannelAuthenticator::NotifyError(int error) { | 260 void SslHmacChannelAuthenticator::NotifyError(int error) { |
| 273 done_callback_.Run(static_cast<net::Error>(error), | 261 done_callback_.Run(static_cast<net::Error>(error), |
| 274 scoped_ptr<net::StreamSocket>(NULL)); | 262 scoped_ptr<net::StreamSocket>(NULL)); |
| 275 } | 263 } |
| 276 | 264 |
| 277 } // namespace protocol | 265 } // namespace protocol |
| 278 } // namespace remoting | 266 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
