| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "remoting/protocol/v1_client_channel_authenticator.h" |
| 6 |
| 7 #include "net/base/cert_verifier.h" |
| 8 #include "net/base/host_port_pair.h" |
| 9 #include "net/base/io_buffer.h" |
| 10 #include "net/base/net_errors.h" |
| 11 #include "net/base/ssl_config_service.h" |
| 12 #include "net/socket/client_socket_factory.h" |
| 13 #include "net/socket/ssl_client_socket.h" |
| 14 #include "remoting/protocol/auth_util.h" |
| 15 |
| 16 namespace remoting { |
| 17 namespace protocol { |
| 18 |
| 19 V1ClientChannelAuthenticator::V1ClientChannelAuthenticator( |
| 20 const std::string& host_cert, |
| 21 const std::string& shared_secret) |
| 22 : host_cert_(host_cert), |
| 23 shared_secret_(shared_secret), |
| 24 socket_(NULL), |
| 25 ALLOW_THIS_IN_INITIALIZER_LIST(connect_callback_( |
| 26 this, &V1ClientChannelAuthenticator::OnConnected)), |
| 27 ALLOW_THIS_IN_INITIALIZER_LIST(auth_write_callback_( |
| 28 this, &V1ClientChannelAuthenticator::OnAuthBytesWritten)) { |
| 29 } |
| 30 |
| 31 V1ClientChannelAuthenticator::~V1ClientChannelAuthenticator() { |
| 32 } |
| 33 |
| 34 void V1ClientChannelAuthenticator::SecureAndAuthenticate( |
| 35 net::StreamSocket* socket, const DoneCallback& done_callback) { |
| 36 DCHECK(CalledOnValidThread()); |
| 37 DCHECK(socket->IsConnected()); |
| 38 |
| 39 done_callback_ = done_callback; |
| 40 |
| 41 cert_verifier_.reset(new net::CertVerifier()); |
| 42 |
| 43 net::SSLConfig::CertAndStatus cert_and_status; |
| 44 cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; |
| 45 cert_and_status.der_cert = host_cert_; |
| 46 |
| 47 net::SSLConfig ssl_config; |
| 48 // Certificate verification and revocation checking are not needed |
| 49 // because we use self-signed certs. Disable it so that the SSL |
| 50 // layer doesn't try to initialize OCSP (OCSP works only on the IO |
| 51 // thread). |
| 52 ssl_config.allowed_bad_certs.push_back(cert_and_status); |
| 53 ssl_config.rev_checking_enabled = false; |
| 54 |
| 55 net::HostPortPair host_and_port(kSslFakeHostName, 0); |
| 56 net::SSLClientSocketContext context; |
| 57 context.cert_verifier = cert_verifier_.get(); |
| 58 socket_.reset( |
| 59 net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket( |
| 60 socket, host_and_port, ssl_config, NULL, context)); |
| 61 |
| 62 int result = socket_->Connect(&connect_callback_); |
| 63 if (result == net::ERR_IO_PENDING) |
| 64 return; |
| 65 OnConnected(result); |
| 66 } |
| 67 |
| 68 void V1ClientChannelAuthenticator::OnConnected(int result) { |
| 69 if (result != net::OK) { |
| 70 LOG(ERROR) << "Failed to establish SSL connection"; |
| 71 done_callback_.Run(static_cast<net::Error>(result), NULL); |
| 72 } |
| 73 |
| 74 // Get keying material from SSL. |
| 75 unsigned char key_material[kAuthDigestLength]; |
| 76 int export_result = socket_->ExportKeyingMaterial( |
| 77 kClientAuthSslExporterLabel, "", key_material, kAuthDigestLength); |
| 78 if (export_result != net::OK) { |
| 79 LOG(ERROR) << "Error fetching keying material: " << export_result; |
| 80 done_callback_.Run(static_cast<net::Error>(export_result), NULL); |
| 81 return; |
| 82 } |
| 83 |
| 84 // Generate authentication digest to write to the socket. |
| 85 std::string auth_bytes; |
| 86 if (!GetAuthBytes(shared_secret_, |
| 87 std::string(reinterpret_cast<char*>(key_material), |
| 88 kAuthDigestLength), |
| 89 &auth_bytes)) { |
| 90 done_callback_.Run(net::ERR_FAILED, NULL); |
| 91 return; |
| 92 } |
| 93 |
| 94 // Allocate a buffer to write the digest. |
| 95 auth_write_buf_ = new net::DrainableIOBuffer( |
| 96 new net::StringIOBuffer(auth_bytes), auth_bytes.size()); |
| 97 WriteAuthenticationBytes(); |
| 98 } |
| 99 |
| 100 void V1ClientChannelAuthenticator::WriteAuthenticationBytes() { |
| 101 while (true) { |
| 102 int result = socket_->Write(auth_write_buf_, |
| 103 auth_write_buf_->BytesRemaining(), |
| 104 &auth_write_callback_); |
| 105 if (result == net::ERR_IO_PENDING) |
| 106 break; |
| 107 if (!HandleAuthBytesWritten(result)) |
| 108 break; |
| 109 } |
| 110 } |
| 111 |
| 112 void V1ClientChannelAuthenticator::OnAuthBytesWritten(int result) { |
| 113 DCHECK(CalledOnValidThread()); |
| 114 |
| 115 if (HandleAuthBytesWritten(result)) |
| 116 WriteAuthenticationBytes(); |
| 117 } |
| 118 |
| 119 bool V1ClientChannelAuthenticator::HandleAuthBytesWritten(int result) { |
| 120 if (result <= 0) { |
| 121 LOG(ERROR) << "Error writing authentication: " << result; |
| 122 done_callback_.Run(static_cast<net::Error>(result), NULL); |
| 123 return false; |
| 124 } |
| 125 |
| 126 auth_write_buf_->DidConsume(result); |
| 127 if (auth_write_buf_->BytesRemaining() > 0) |
| 128 return true; |
| 129 |
| 130 done_callback_.Run(net::OK, socket_.release()); |
| 131 return false; |
| 132 } |
| 133 |
| 134 } // namespace protocol |
| 135 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8604001:
Move SSL layer initialization into ChannelAuthenticator implementations. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src