OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "remoting/protocol/me2me_host_authenticator_factory.h" | 5 #include "remoting/protocol/me2me_host_authenticator_factory.h" |
6 | 6 |
| 7 #include "base/base64.h" |
7 #include "base/string_util.h" | 8 #include "base/string_util.h" |
8 #include "crypto/rsa_private_key.h" | 9 #include "crypto/rsa_private_key.h" |
9 #include "remoting/protocol/v1_authenticator.h" | 10 #include "remoting/protocol/v1_authenticator.h" |
10 #include "remoting/protocol/v2_authenticator.h" | 11 #include "remoting/protocol/v2_authenticator.h" |
11 | 12 |
12 namespace remoting { | 13 namespace remoting { |
13 namespace protocol { | 14 namespace protocol { |
14 | 15 |
| 16 |
| 17 bool SharedSecretHash::Parse(const std::string& as_string) { |
| 18 size_t separator = as_string.find(':'); |
| 19 if (separator == std::string::npos) |
| 20 return false; |
| 21 |
| 22 std::string function_name = as_string.substr(0, separator); |
| 23 if (function_name == "plain") { |
| 24 hash_function = AuthenticationMethod::NONE; |
| 25 } else if (function_name == "hmac") { |
| 26 hash_function = AuthenticationMethod::HMAC_SHA256; |
| 27 } else { |
| 28 return false; |
| 29 } |
| 30 |
| 31 if (!base::Base64Decode(as_string.substr(separator + 1), &value)) { |
| 32 return false; |
| 33 } |
| 34 |
| 35 return true; |
| 36 } |
| 37 |
15 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory( | 38 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory( |
16 const std::string& local_jid, | 39 const std::string& local_jid, |
17 const std::string& local_cert, | 40 const std::string& local_cert, |
18 const crypto::RSAPrivateKey& local_private_key, | 41 const crypto::RSAPrivateKey& local_private_key, |
19 const std::string& shared_secret) | 42 const SharedSecretHash& shared_secret_hash) |
20 : local_cert_(local_cert), | 43 : local_cert_(local_cert), |
21 local_private_key_(local_private_key.Copy()), | 44 local_private_key_(local_private_key.Copy()), |
22 shared_secret_(shared_secret) { | 45 shared_secret_hash_(shared_secret_hash) { |
23 // Verify that |local_jid| is bare. | 46 // Verify that |local_jid| is bare. |
24 DCHECK_EQ(local_jid.find('/'), std::string::npos); | 47 DCHECK_EQ(local_jid.find('/'), std::string::npos); |
25 local_jid_prefix_ = local_jid + '/'; | 48 local_jid_prefix_ = local_jid + '/'; |
26 } | 49 } |
27 | 50 |
28 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() { | 51 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() { |
29 } | 52 } |
30 | 53 |
31 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator( | 54 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator( |
32 const std::string& remote_jid, | 55 const std::string& remote_jid, |
33 const buzz::XmlElement* first_message) { | 56 const buzz::XmlElement* first_message) { |
34 // Reject incoming connection if the client's jid is not an ASCII string. | 57 // Reject incoming connection if the client's jid is not an ASCII string. |
35 if (!IsStringASCII(remote_jid)) { | 58 if (!IsStringASCII(remote_jid)) { |
36 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; | 59 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; |
37 return scoped_ptr<Authenticator>(NULL); | 60 return scoped_ptr<Authenticator>(NULL); |
38 } | 61 } |
39 | 62 |
40 // Check that the client has the same bare jid as the host, i.e. | 63 // Check that the client has the same bare jid as the host, i.e. |
41 // client's full JID starts with host's bare jid. Comparison is case | 64 // client's full JID starts with host's bare jid. Comparison is case |
42 // insensitive. | 65 // insensitive. |
43 if (!StartsWithASCII(remote_jid, local_jid_prefix_, false)) { | 66 if (!StartsWithASCII(remote_jid, local_jid_prefix_, false)) { |
44 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; | 67 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; |
45 return scoped_ptr<Authenticator>(NULL); | 68 return scoped_ptr<Authenticator>(NULL); |
46 } | 69 } |
47 | 70 |
48 // TODO(sergeyu): V2 authenticator is not finished yet. Enable it | 71 if (V2Authenticator::IsEkeMessage(first_message)) { |
49 // here when it is finished. crbug.com/105214 | 72 return V2Authenticator::CreateForHost( |
50 // | 73 local_cert_, *local_private_key_, shared_secret_hash_.value); |
51 // if (V2Authenticator::IsEkeMessage(first_message)) { | 74 } |
52 // return V2Authenticator::CreateForHost( | |
53 // local_cert_, local_private_key_.get(), shared_secret_); | |
54 // } | |
55 | 75 |
56 // TODO(sergeyu): Old clients still use V1 auth protocol. Remove | 76 // TODO(sergeyu): Old clients still use V1 auth protocol. Remove |
57 // this once we are done migrating to V2. | 77 // this once we are done migrating to V2. crbug.com/110483 . |
58 return scoped_ptr<Authenticator>(new V1HostAuthenticator( | 78 return scoped_ptr<Authenticator>(new V1HostAuthenticator( |
59 local_cert_, *local_private_key_, | 79 local_cert_, *local_private_key_, "", remote_jid)); |
60 shared_secret_, remote_jid)); | |
61 } | 80 } |
62 | 81 |
63 } // namespace protocol | 82 } // namespace protocol |
64 } // namespace remoting | 83 } // namespace remoting |
OLD | NEW |