Index: remoting/protocol/third_party_client_authenticator.cc |
diff --git a/remoting/protocol/third_party_client_authenticator.cc b/remoting/protocol/third_party_client_authenticator.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..52888a09ca62c3f07ebc6b7ec25da6b0131c4189 |
--- /dev/null |
+++ b/remoting/protocol/third_party_client_authenticator.cc |
@@ -0,0 +1,82 @@ |
+// Copyright 2013 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "remoting/protocol/third_party_client_authenticator.h" |
+ |
+#include "base/base64.h" |
+#include "base/bind.h" |
+#include "base/callback.h" |
+#include "base/logging.h" |
+#include "googleurl/src/gurl.h" |
+#include "remoting/base/constants.h" |
+#include "remoting/base/rsa_key_pair.h" |
+#include "remoting/protocol/channel_authenticator.h" |
+#include "remoting/protocol/v2_authenticator.h" |
+#include "third_party/libjingle/source/talk/xmllite/xmlelement.h" |
+ |
+namespace remoting { |
+namespace protocol { |
+ |
+ThirdPartyClientAuthenticator::ThirdPartyClientAuthenticator( |
+ const std::string& host_public_key, |
+ scoped_ptr<TokenFetcher> token_fetcher) |
+ : ThirdPartyAuthenticatorBase(WAITING_MESSAGE), |
+ host_public_key_(host_public_key), |
+ token_fetcher_(token_fetcher.Pass()) { |
+} |
+ |
+ThirdPartyClientAuthenticator::~ThirdPartyClientAuthenticator() { |
+} |
+ |
+void ThirdPartyClientAuthenticator::ProcessTokenMessage( |
+ const buzz::XmlElement* message, |
+ const base::Closure& resume_callback) { |
+ std::string token_url = message->TextNamed(kTokenUrlTag); |
+ std::string token_scope = message->TextNamed(kTokenScopeTag); |
Wez
2013/03/22 06:17:01
nit: I think it'd be easier to read if the error c
rmsousa
2013/03/22 21:19:05
Done.
|
+ if (!token_url.empty() && !token_scope.empty()) { |
+ token_state_ = PROCESSING_MESSAGE; |
Wez
2013/03/22 06:17:01
nit: blank line before comment
rmsousa
2013/03/22 21:19:05
Done.
|
+ // |token_fetcher_| is owned, so Unretained() is safe here. |
+ token_fetcher_->FetchThirdPartyToken( |
+ GURL(token_url), host_public_key_, token_scope, base::Bind( |
+ &ThirdPartyClientAuthenticator::OnThirdPartyTokenFetched, |
+ base::Unretained(this), resume_callback)); |
+ return; |
+ } |
+ |
+ LOG(ERROR) << "Third-party authentication protocol error: " |
+ "missing token verification URL or scope."; |
+ token_state_ = REJECTED; |
+ rejection_reason_ = PROTOCOL_ERROR; |
+ resume_callback.Run(); |
+} |
+ |
+void ThirdPartyClientAuthenticator::AddTokenElements( |
+ buzz::XmlElement* message) { |
+ DCHECK(token_state_ == MESSAGE_READY); |
Sergey Ulanov
2013/03/22 05:58:43
DCHECK_EQ
rmsousa
2013/03/22 21:19:05
Done.
|
+ DCHECK(!token_.empty()); |
+ |
+ buzz::XmlElement* token_tag = new buzz::XmlElement(kTokenTag); |
+ token_tag->SetBodyText(token_); |
+ message->AddElement(token_tag); |
+ token_state_ = ACCEPTED; |
+} |
+ |
+void ThirdPartyClientAuthenticator::OnThirdPartyTokenFetched( |
+ const base::Closure& resume_callback, |
+ const std::string& third_party_token, |
+ const std::string& shared_secret) { |
+ token_ = third_party_token; |
+ if (!token_.empty() && !shared_secret.empty()) { |
Wez
2013/03/22 06:17:01
nit: Similarly, checking token.empty() || shared_s
rmsousa
2013/03/22 21:19:05
Done.
|
+ token_state_ = MESSAGE_READY; |
+ underlying_ = V2Authenticator::CreateForClient( |
+ shared_secret, MESSAGE_READY); |
+ } else { |
+ token_state_ = REJECTED; |
+ rejection_reason_ = INVALID_CREDENTIALS; |
+ } |
+ resume_callback.Run(); |
+} |
+ |
+} // namespace protocol |
+} // namespace remoting |