OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" | 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
9 #include "crypto/secure_util.h" | 9 #include "crypto/secure_util.h" |
10 #include "net/base/cert_verifier.h" | 10 #include "net/base/cert_verifier.h" |
11 #include "net/base/host_port_pair.h" | 11 #include "net/base/host_port_pair.h" |
12 #include "net/base/io_buffer.h" | 12 #include "net/base/io_buffer.h" |
13 #include "net/base/net_errors.h" | 13 #include "net/base/net_errors.h" |
14 #include "net/base/ssl_config_service.h" | 14 #include "net/base/ssl_config_service.h" |
15 #include "net/base/x509_certificate.h" | 15 #include "net/base/x509_certificate.h" |
16 #include "net/socket/client_socket_factory.h" | 16 #include "net/socket/client_socket_factory.h" |
17 #include "net/socket/ssl_client_socket.h" | 17 #include "net/socket/ssl_client_socket.h" |
18 #include "net/socket/ssl_server_socket.h" | 18 #include "net/socket/ssl_server_socket.h" |
| 19 #include "remoting/base/rsa_key_pair.h" |
19 #include "remoting/protocol/auth_util.h" | 20 #include "remoting/protocol/auth_util.h" |
20 | 21 |
21 namespace remoting { | 22 namespace remoting { |
22 namespace protocol { | 23 namespace protocol { |
23 | 24 |
24 // static | 25 // static |
25 scoped_ptr<SslHmacChannelAuthenticator> | 26 scoped_ptr<SslHmacChannelAuthenticator> |
26 SslHmacChannelAuthenticator::CreateForClient( | 27 SslHmacChannelAuthenticator::CreateForClient( |
27 const std::string& remote_cert, | 28 const std::string& remote_cert, |
28 const std::string& auth_key) { | 29 const std::string& auth_key) { |
29 scoped_ptr<SslHmacChannelAuthenticator> result( | 30 scoped_ptr<SslHmacChannelAuthenticator> result( |
30 new SslHmacChannelAuthenticator(auth_key)); | 31 new SslHmacChannelAuthenticator(auth_key)); |
31 result->remote_cert_ = remote_cert; | 32 result->remote_cert_ = remote_cert; |
32 return result.Pass(); | 33 return result.Pass(); |
33 } | 34 } |
34 | 35 |
35 scoped_ptr<SslHmacChannelAuthenticator> | 36 scoped_ptr<SslHmacChannelAuthenticator> |
36 SslHmacChannelAuthenticator::CreateForHost( | 37 SslHmacChannelAuthenticator::CreateForHost( |
37 const std::string& local_cert, | 38 const std::string& local_cert, |
38 crypto::RSAPrivateKey* local_private_key, | 39 scoped_refptr<RsaKeyPair> key_pair, |
39 const std::string& auth_key) { | 40 const std::string& auth_key) { |
40 scoped_ptr<SslHmacChannelAuthenticator> result( | 41 scoped_ptr<SslHmacChannelAuthenticator> result( |
41 new SslHmacChannelAuthenticator(auth_key)); | 42 new SslHmacChannelAuthenticator(auth_key)); |
42 result->local_cert_ = local_cert; | 43 result->local_cert_ = local_cert; |
43 result->local_private_key_ = local_private_key; | 44 result->local_key_pair_ = key_pair; |
44 return result.Pass(); | 45 return result.Pass(); |
45 } | 46 } |
46 | 47 |
47 SslHmacChannelAuthenticator::SslHmacChannelAuthenticator( | 48 SslHmacChannelAuthenticator::SslHmacChannelAuthenticator( |
48 const std::string& auth_key) | 49 const std::string& auth_key) |
49 : auth_key_(auth_key), | 50 : auth_key_(auth_key) { |
50 local_private_key_(NULL) { | |
51 } | 51 } |
52 | 52 |
53 SslHmacChannelAuthenticator::~SslHmacChannelAuthenticator() { | 53 SslHmacChannelAuthenticator::~SslHmacChannelAuthenticator() { |
54 } | 54 } |
55 | 55 |
56 void SslHmacChannelAuthenticator::SecureAndAuthenticate( | 56 void SslHmacChannelAuthenticator::SecureAndAuthenticate( |
57 scoped_ptr<net::StreamSocket> socket, const DoneCallback& done_callback) { | 57 scoped_ptr<net::StreamSocket> socket, const DoneCallback& done_callback) { |
58 DCHECK(CalledOnValidThread()); | 58 DCHECK(CalledOnValidThread()); |
59 DCHECK(socket->IsConnected()); | 59 DCHECK(socket->IsConnected()); |
60 | 60 |
61 done_callback_ = done_callback; | 61 done_callback_ = done_callback; |
62 | 62 |
63 int result; | 63 int result; |
64 if (is_ssl_server()) { | 64 if (is_ssl_server()) { |
65 scoped_refptr<net::X509Certificate> cert = | 65 scoped_refptr<net::X509Certificate> cert = |
66 net::X509Certificate::CreateFromBytes( | 66 net::X509Certificate::CreateFromBytes( |
67 local_cert_.data(), local_cert_.length()); | 67 local_cert_.data(), local_cert_.length()); |
68 if (!cert) { | 68 if (!cert) { |
69 LOG(ERROR) << "Failed to parse X509Certificate"; | 69 LOG(ERROR) << "Failed to parse X509Certificate"; |
70 NotifyError(net::ERR_FAILED); | 70 NotifyError(net::ERR_FAILED); |
71 return; | 71 return; |
72 } | 72 } |
73 | 73 |
74 net::SSLConfig ssl_config; | 74 net::SSLConfig ssl_config; |
75 net::SSLServerSocket* server_socket = net::CreateSSLServerSocket( | 75 net::SSLServerSocket* server_socket = net::CreateSSLServerSocket( |
76 socket.release(), cert, local_private_key_, ssl_config); | 76 socket.release(), cert, local_key_pair_->private_key(), ssl_config); |
77 socket_.reset(server_socket); | 77 socket_.reset(server_socket); |
78 | 78 |
79 result = server_socket->Handshake(base::Bind( | 79 result = server_socket->Handshake(base::Bind( |
80 &SslHmacChannelAuthenticator::OnConnected, base::Unretained(this))); | 80 &SslHmacChannelAuthenticator::OnConnected, base::Unretained(this))); |
81 } else { | 81 } else { |
82 cert_verifier_.reset(net::CertVerifier::CreateDefault()); | 82 cert_verifier_.reset(net::CertVerifier::CreateDefault()); |
83 | 83 |
84 net::SSLConfig::CertAndStatus cert_and_status; | 84 net::SSLConfig::CertAndStatus cert_and_status; |
85 cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; | 85 cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; |
86 cert_and_status.der_cert = remote_cert_; | 86 cert_and_status.der_cert = remote_cert_; |
(...skipping 19 matching lines...) Expand all Loading... |
106 base::Unretained(this))); | 106 base::Unretained(this))); |
107 } | 107 } |
108 | 108 |
109 if (result == net::ERR_IO_PENDING) | 109 if (result == net::ERR_IO_PENDING) |
110 return; | 110 return; |
111 | 111 |
112 OnConnected(result); | 112 OnConnected(result); |
113 } | 113 } |
114 | 114 |
115 bool SslHmacChannelAuthenticator::is_ssl_server() { | 115 bool SslHmacChannelAuthenticator::is_ssl_server() { |
116 return local_private_key_ != NULL; | 116 return local_key_pair_.get() != NULL; |
117 } | 117 } |
118 | 118 |
119 void SslHmacChannelAuthenticator::OnConnected(int result) { | 119 void SslHmacChannelAuthenticator::OnConnected(int result) { |
120 if (result != net::OK) { | 120 if (result != net::OK) { |
121 LOG(WARNING) << "Failed to establish SSL connection"; | 121 LOG(WARNING) << "Failed to establish SSL connection"; |
122 NotifyError(result); | 122 NotifyError(result); |
123 return; | 123 return; |
124 } | 124 } |
125 | 125 |
126 // Generate authentication digest to write to the socket. | 126 // Generate authentication digest to write to the socket. |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
257 } | 257 } |
258 } | 258 } |
259 | 259 |
260 void SslHmacChannelAuthenticator::NotifyError(int error) { | 260 void SslHmacChannelAuthenticator::NotifyError(int error) { |
261 done_callback_.Run(static_cast<net::Error>(error), | 261 done_callback_.Run(static_cast<net::Error>(error), |
262 scoped_ptr<net::StreamSocket>(NULL)); | 262 scoped_ptr<net::StreamSocket>(NULL)); |
263 } | 263 } |
264 | 264 |
265 } // namespace protocol | 265 } // namespace protocol |
266 } // namespace remoting | 266 } // namespace remoting |
OLD | NEW |