remoting/protocol/me2me_host_authenticator_factory.cc - Issue 12326090: Third Party authentication protocol.

Side by Side Diff: remoting/protocol/me2me_host_authenticator_factory.cc

Issue 12326090: Third Party authentication protocol. (Closed) Base URL: http://git.chromium.org/chromium/src.git@host_key_pair

Patch Set: Add the missing new files Created 7 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« remoting/protocol/authenticator.h ('K') | « remoting/protocol/me2me_host_authenticator_factory.h ('k') | remoting/protocol/negotiating_authenticator.h » ('j') | remoting/protocol/negotiating_authenticator.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "remoting/protocol/me2me_host_authenticator_factory.h"	5 #include "remoting/protocol/me2me_host_authenticator_factory.h"

6	6

7 #include "base/base64.h"	7 #include "base/base64.h"

8 #include "base/string_util.h"	8 #include "base/string_util.h"

9 #include "remoting/protocol/channel_authenticator.h"	9 #include "remoting/protocol/channel_authenticator.h"

10 #include "remoting/protocol/key_pair.h"	10 #include "remoting/protocol/key_pair.h"

(...skipping 41 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
52	52

53 protected:	53 protected:

54 State state_;	54 State state_;

55 };	55 };

56	56

57 } // namespace	57 } // namespace

58	58

59 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory(	59 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory(

60 const std::string& local_cert,	60 const std::string& local_cert,

61 scoped_ptr<KeyPair> key_pair,	61 scoped_ptr<KeyPair> key_pair,

62 const SharedSecretHash& shared_secret_hash)	62 const SharedSecretHash& shared_secret_hash,

	63 const std::string& third_party_token_url,

	64 const std::string& third_party_token_validation_url,

	65 ThirdPartyAuthenticator::TokenValidatorFactory*

	66 third_party_token_validator_factory)

63 : local_cert_(local_cert),	67 : local_cert_(local_cert),

64 key_pair_(key_pair.Pass()),	68 key_pair_(key_pair.Pass()),

65 shared_secret_hash_(shared_secret_hash) {	69 shared_secret_hash_(shared_secret_hash),

	70 third_party_token_url_(third_party_token_url),

	71 third_party_token_validation_url_(third_party_token_validation_url),

	72 third_party_token_validator_factory_(third_party_token_validator_factory)

	73 {

66 }	74 }

67	75

68 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() {	76 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() {

69 }	77 }

70	78

71 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator(	79 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator(

72 const std::string& local_jid,	80 const std::string& local_jid,

73 const std::string& remote_jid,	81 const std::string& remote_jid,

74 const buzz::XmlElement* first_message) {	82 const buzz::XmlElement* first_message) {

75	83

76 size_t slash_pos = local_jid.find('/');	84 size_t slash_pos = local_jid.find('/');

77 if (slash_pos == std::string::npos) {	85 if (slash_pos == std::string::npos) {

78 LOG(DFATAL) << "Invalid local JID:" << local_jid;	86 LOG(DFATAL) << "Invalid local JID:" << local_jid;

79 return scoped_ptr<Authenticator>(new RejectingAuthenticator());	87 return scoped_ptr<Authenticator>(new RejectingAuthenticator());

80 }	88 }

81	89

82 // Verify that the client's jid is an ASCII string, and then check	90 // Verify that the client's jid is an ASCII string, and then check

83 // that the client has the same bare jid as the host, i.e. client's	91 // that the client has the same bare jid as the host, i.e. client's

84 // full JID starts with host's bare jid. Comparison is case	92 // full JID starts with host's bare jid. Comparison is case

85 // insensitive.	93 // insensitive.

86 if (!IsStringASCII(remote_jid) \|\|	94 if (!IsStringASCII(remote_jid) \|\|

87 !StartsWithASCII(remote_jid, local_jid.substr(0, slash_pos + 1), false)) {	95 !StartsWithASCII(remote_jid, local_jid.substr(0, slash_pos + 1), false)) {

88 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid;	96 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid;

89 return scoped_ptr<Authenticator>(new RejectingAuthenticator());	97 return scoped_ptr<Authenticator>(new RejectingAuthenticator());

90 }	98 }

91	99

92 return NegotiatingAuthenticator::CreateForHost(	100 if (third_party_token_url_.empty() \|\|

93 local_cert_, key_pair_->Copy(), shared_secret_hash_.value,	101 third_party_token_validation_url_.empty() \|\|

94 shared_secret_hash_.hash_function);	102 third_party_token_validator_factory_ == NULL) {

	103 return NegotiatingAuthenticator::CreateForHostSharedSecret(

	104 local_cert_, key_pair_->Copy(), shared_secret_hash_.value,

	105 shared_secret_hash_.hash_function);

	106 } else {

	107 std::string third_party_token_scope =

	108 "client:" + remote_jid + " host:" + local_jid;

	109 return NegotiatingAuthenticator::CreateForHostThirdPartyAuth(

	110 local_cert_, key_pair_->Copy(), third_party_token_url_,

	111 third_party_token_validation_url_, third_party_token_scope,

	112 third_party_token_validator_factory_);

	113 }

95 }	114 }

96	115

97 } // namespace protocol	116 } // namespace protocol

98 } // namespace remoting	117 } // namespace remoting

OLD	NEW