Index: remoting/protocol/third_party_host_authenticator.cc |
diff --git a/remoting/protocol/third_party_host_authenticator.cc b/remoting/protocol/third_party_host_authenticator.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..f2896047ef483e430786356ce20152a44f308091 |
--- /dev/null |
+++ b/remoting/protocol/third_party_host_authenticator.cc |
@@ -0,0 +1,92 @@ |
+// Copyright 2013 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "remoting/protocol/third_party_host_authenticator.h" |
+ |
+#include "base/base64.h" |
+#include "base/bind.h" |
+#include "base/callback.h" |
+#include "base/logging.h" |
+#include "remoting/base/constants.h" |
+#include "remoting/base/rsa_key_pair.h" |
+#include "remoting/protocol/v2_authenticator.h" |
+#include "third_party/libjingle/source/talk/xmllite/xmlelement.h" |
+ |
+namespace remoting { |
+namespace protocol { |
+ |
+ThirdPartyHostAuthenticator::ThirdPartyHostAuthenticator( |
+ const std::string& local_cert, |
+ scoped_refptr<RsaKeyPair> key_pair, |
+ scoped_ptr<TokenValidator> token_validator) |
+ : ThirdPartyAuthenticatorBase(MESSAGE_READY), |
+ local_cert_(local_cert), |
+ key_pair_(key_pair), |
+ token_validator_(token_validator.Pass()) { |
+} |
+ |
+ThirdPartyHostAuthenticator::~ThirdPartyHostAuthenticator() { |
+} |
+ |
+void ThirdPartyHostAuthenticator::ProcessTokenMessage( |
+ const buzz::XmlElement* message, |
+ const base::Closure& resume_callback) { |
+ // Host has already sent the URL and expects a token from the client. |
+ std::string token = message->TextNamed(kTokenTag); |
+ if (!token.empty()) { |
Sergey Ulanov
2013/03/22 05:58:43
nit: better to handle the error case here first.
rmsousa
2013/03/22 21:19:05
Done.
|
+ token_state_ = PROCESSING_MESSAGE; |
+ // This message also contains the client's first SPAKE message. Copy the |
+ // message into the callback, so that OnThirdPartyTokenValidated can give it |
+ // to the underlying SPAKE authenticator that will be created. |
+ // |token_validator_| is owned, so Unretained() is safe here. |
+ token_validator_->ValidateThirdPartyToken(token, base::Bind( |
+ &ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated, |
+ base::Unretained(this), |
+ base::Owned(new buzz::XmlElement(*message)), |
+ resume_callback)); |
+ return; |
+ } |
+ |
+ LOG(ERROR) << "Third-party authentication protocol error: missing token."; |
+ token_state_ = REJECTED; |
+ rejection_reason_ = PROTOCOL_ERROR; |
+ resume_callback.Run(); |
+} |
+ |
+void ThirdPartyHostAuthenticator::AddTokenElements( |
+ buzz::XmlElement* message) { |
+ DCHECK(token_state_ == MESSAGE_READY); |
Sergey Ulanov
2013/03/22 05:58:43
DCHECK_EQ
rmsousa
2013/03/22 21:19:05
Done.
|
+ DCHECK(token_validator_->token_url().is_valid()); |
+ DCHECK(!token_validator_->token_scope().empty()); |
+ |
+ buzz::XmlElement* token_url_tag = new buzz::XmlElement( |
+ kTokenUrlTag); |
+ token_url_tag->SetBodyText(token_validator_->token_url().spec()); |
+ message->AddElement(token_url_tag); |
+ buzz::XmlElement* token_scope_tag = new buzz::XmlElement( |
+ kTokenScopeTag); |
+ token_scope_tag->SetBodyText(token_validator_->token_scope()); |
+ message->AddElement(token_scope_tag); |
+ token_state_ = WAITING_MESSAGE; |
+} |
+ |
+void ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated( |
+ const buzz::XmlElement* message, |
+ const base::Closure& resume_callback, |
+ const std::string& shared_secret) { |
+ if (!shared_secret.empty()) { |
Wez
2013/03/22 06:17:01
nit: as above, consider putting error case first
Wez
2013/03/22 06:17:01
nit: as above, handle the error case first and ear
rmsousa
2013/03/22 21:19:05
Done.
rmsousa
2013/03/22 21:19:05
Done.
|
+ // The other side already started the SPAKE authentication. |
Wez
2013/03/22 06:17:01
nit: as above, handle the error-case first and the
Wez
2013/03/22 06:17:01
nit: as above, handle the error case first and ear
rmsousa
2013/03/22 21:19:05
Done.
rmsousa
2013/03/22 21:19:05
Done.
|
+ token_state_ = ACCEPTED; |
+ underlying_ = V2Authenticator::CreateForHost( |
+ local_cert_, key_pair_, shared_secret, WAITING_MESSAGE); |
+ underlying_->ProcessMessage(message, resume_callback); |
+ } else { |
+ token_state_ = REJECTED; |
+ rejection_reason_ = INVALID_CREDENTIALS; |
+ resume_callback.Run(); |
+ } |
+} |
+ |
+} // namespace protocol |
+} // namespace remoting |