remoting/host/host_token_validator_factory.cc - Issue 12313085: Host-side third party token validation

Side by Side Diff: remoting/host/host_token_validator_factory.cc

Issue 12313085: Host-side third party token validation (Closed) Base URL: http://git.chromium.org/chromium/src.git@third_party_auth_protocol

Patch Set: Created 7 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« remoting/host/host_token_validator_factory.h ('K') | « remoting/host/host_token_validator_factory.h ('k') | remoting/host/policy_hack/policy_watcher.h » ('j') | remoting/host/remoting_me2me_host.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "remoting/host/host_token_validator_factory.h"

	6

	7 #include <set>

	8

	9 #include "base/bind.h"

	10 #include "base/callback.h"

	11 #include "base/json/json_reader.h"

	12 #include "base/location.h"

	13 #include "base/logging.h"

	14 #include "base/single_thread_task_runner.h"

	15 #include "base/supports_user_data.h"
	Wez 2013/03/06 01:01:08 Is this include required? Is this include required? rmsousa 2013/03/25 22:45:58 Done. Show quoted text On 2013/03/06 01:01:08, Wez wrote: > Is this include required? Done.
	16 #include "base/thread_task_runner_handle.h"
	Wez 2013/03/06 01:01:08 Is this include necessary? Is this include necessary? rmsousa 2013/03/25 22:45:58 Done. Show quoted text On 2013/03/06 01:01:08, Wez wrote: > Is this include necessary? Done.
	17 #include "base/values.h"

	18 #include "googleurl/src/gurl.h"

	19 #include "net/base/escape.h"

	20 #include "net/url_request/url_fetcher.h"

	21 #include "net/url_request/url_fetcher_delegate.h"

	22 #include "net/url_request/url_request_status.h"

	23

	24 namespace remoting {

	25

	26 class HostTokenValidator

	27 : public net::URLFetcherDelegate,

	28 public protocol::ThirdPartyAuthenticator::TokenValidator {

	29 public:

	30 HostTokenValidator(

	31 scoped_refptr<net::URLRequestContextGetter> request_context_getter)

	32 : request_context_getter_(request_context_getter) {

	33 }

	34

	35 ~HostTokenValidator() {
	Wez 2013/03/06 01:01:08 nit: virtual nit: virtual rmsousa 2013/03/25 22:45:58 Done. Show quoted text On 2013/03/06 01:01:08, Wez wrote: > nit: virtual Done.
	36 }

	37

	38 void ValidateThirdPartyToken(
	Wez 2013/03/06 01:01:08 nit: Add comment "TokenValidator interface." nit: Add comment "TokenValidator interface." Wez 2013/03/06 01:01:08 virtual + OVERRIDE virtual + OVERRIDE rmsousa 2013/03/25 22:45:58 Done. Show quoted text On 2013/03/06 01:01:08, Wez wrote: > nit: Add comment "TokenValidator interface." Done. rmsousa 2013/03/25 22:45:58 Done. Show quoted text On 2013/03/06 01:01:08, Wez wrote: > virtual + OVERRIDE Done.
	39 const std::string& token_validation_url,

	40 const std::string& token,

	41 const std::string& host_public_key,

	42 const std::string& token_signature,

	43 const std::string& scope,

	44 const base::Callback<void(

	45 const std::string& shared_secret)>& on_token_validated) {

	46 DCHECK(!request_);

	47 DCHECK(!scope.empty());
	Wez 2013/03/06 01:01:08 nit: DCHECK e.g. that on_token_validated_ is non-n nit: DCHECK e.g. that on_token_validated_ is non-null, and other parameters are valid? rmsousa 2013/03/25 22:45:58 Done. Show quoted text On 2013/03/06 01:01:08, Wez wrote: > nit: DCHECK e.g. that on_token_validated_ is non-null, and other parameters are > valid? Done.
	48 scope_ = scope;
	Wez 2013/03/06 01:01:08 nit: Space after DCHECKS, and after this parameter nit: Space after DCHECKS, and after this parameter-saving block. rmsousa 2013/03/25 22:45:58 Done. Show quoted text On 2013/03/06 01:01:08, Wez wrote: > nit: Space after DCHECKS, and after this parameter-saving block. Done.
	49 on_token_validated_ = on_token_validated;

	50 std::string post_body =

	51 "code=" + net::EscapeUrlEncodedData(token, true) +

	52 "&client_id=" + net::EscapeUrlEncodedData(

	53 host_public_key, true) +

	54 "&client_secret=" + net::EscapeUrlEncodedData(

	55 token_signature, true) +

	56 "&grant_type=authorization_code";

	57 request_.reset(net::URLFetcher::Create(

	58 GURL(token_validation_url), net::URLFetcher::POST, this));

	59 request_->SetUploadData("application/x-www-form-urlencoded", post_body);

	60 request_->SetRequestContext(request_context_getter_);

	61 request_->Start();

	62 }

	63

	64 void OnURLFetchComplete(const net::URLFetcher* source) {
	Wez 2013/03/06 01:01:08 nit: Add comment "URLFetcherDelegate interface." nit: Add comment "URLFetcherDelegate interface." Wez 2013/03/06 01:01:08 virtual + OVERRIDE virtual + OVERRIDE rmsousa 2013/03/25 22:45:58 Done. Show quoted text On 2013/03/06 01:01:08, Wez wrote: > virtual + OVERRIDE Done. rmsousa 2013/03/25 22:45:58 Done. Show quoted text On 2013/03/06 01:01:08, Wez wrote: > nit: Add comment "URLFetcherDelegate interface." Done.
	65 DCHECK_EQ(request_.get(), source);

	66

	67 on_token_validated_.Run(GetSharedSecretFromResponse(source));

	68 request_.reset();
	Wez 2013/03/06 01:01:08 This will fail if the callback caused a new valida This will fail if the callback caused a new validation to be started, or caused the validator to be torn down - can you reset \|request_\| before the callback? rmsousa 2013/03/25 22:45:58 Good catch. Done. Show quoted text On 2013/03/06 01:01:08, Wez wrote: > This will fail if the callback caused a new validation to be started, or caused > the validator to be torn down - can you reset \|request_\| before the callback? Good catch. Done.
	69 }

	70

	71 private:

	72 bool ValidateScope(const std::string& scope) {
	Wez 2013/03/06 01:01:08 nit: IsValidScope() nit: IsValidScope() rmsousa 2013/03/25 22:45:58 Done. Show quoted text On 2013/03/06 01:01:08, Wez wrote: > nit: IsValidScope() Done.
	73 // TODO(rmsousa): Deal with reordering/subsets/supersets/aliases/etc.

	74 return scope == scope_;

	75 }

	76

	77 std::string GetSharedSecretFromResponse(const net::URLFetcher* source) {

	78 std::string shared_secret;
	Wez 2013/03/06 01:01:08 nit: Add a comment e.g. "Verify that we got a succ nit: Add a comment e.g. "Verify that we got a success response." rmsousa 2013/03/25 22:45:58 Done. Show quoted text On 2013/03/06 01:01:08, Wez wrote: > nit: Add a comment e.g. "Verify that we got a success response." Done.
	79 int response = source->GetResponseCode();

	80 net::URLRequestStatus status = source->GetStatus();

	81 std::string data;

	82 if (!status.is_success() \|\| response != 200) {

	83 LOG(ERROR) <<

	84 "Error " << response << " validating token: '" << data << "'";

	85 return shared_secret;

	86 }

	87

	88 source->GetResponseAsString(&data);
	Wez 2013/03/06 01:01:08 nit: Comment e.g. "Decode the JSON data from the r nit: Comment e.g. "Decode the JSON data from the response." rmsousa 2013/03/25 22:45:58 Done. Show quoted text On 2013/03/06 01:01:08, Wez wrote: > nit: Comment e.g. "Decode the JSON data from the response." Done.
	89 scoped_ptr<base::Value> value(base::JSONReader::Read(data));

	90 if (!value.get() \|\| value->GetType() != base::Value::TYPE_DICTIONARY) {

	91 LOG(ERROR) << "Invalid token validation response: '" << data << "'";

	92 return shared_secret;

	93 }

	94

	95 DictionaryValue* dict = static_cast<DictionaryValue*>(value.get());
	Wez 2013/03/06 01:01:08 nit: Comment e.g. "Fetch the scope and check that nit: Comment e.g. "Fetch the scope and check that it is valid." rmsousa 2013/03/25 22:45:58 Done. Show quoted text On 2013/03/06 01:01:08, Wez wrote: > nit: Comment e.g. "Fetch the scope and check that it is valid." Done.
	96 std::string scope;

	97 dict->GetStringWithoutPathExpansion("scope", &scope);

	98 if (!ValidateScope(scope)) {

	99 LOG(ERROR) <<

	100 "Invalid scope: '" << scope << "', expected: '" << scope_ <<"'.";

	101 return shared_secret;

	102 }

	103

	104 dict->GetStringWithoutPathExpansion("access_token", &shared_secret);
	Wez 2013/03/06 01:01:08 nit: Comment e.g. "Scope was valid, so return the nit: Comment e.g. "Scope was valid, so return the secret to the caller." rmsousa 2013/03/25 22:45:58 Done. Show quoted text On 2013/03/06 01:01:08, Wez wrote: > nit: Comment e.g. "Scope was valid, so return the secret to the caller." Done.
	105 return shared_secret;

	106 }

	107

	108 scoped_refptr<net::URLRequestContextGetter> request_context_getter_;

	109 scoped_ptr<net::URLFetcher> request_;

	110 std::string scope_;

	111 base::Callback<void(const std::string& shared_secret)> on_token_validated_;
	Wez 2013/03/06 01:01:08 nit: Blank line before DISALLOW... nit: Blank line before DISALLOW... rmsousa 2013/03/25 22:45:58 Done. Show quoted text On 2013/03/06 01:01:08, Wez wrote: > nit: Blank line before DISALLOW... Done.
	112 DISALLOW_COPY_AND_ASSIGN(HostTokenValidator);

	113 };

	114

	115 HostTokenValidatorFactory::HostTokenValidatorFactory(

	116 scoped_refptr<net::URLRequestContextGetter> request_context_getter)

	117 : request_context_getter_(request_context_getter) {

	118 }

	119

	120 HostTokenValidatorFactory::~HostTokenValidatorFactory() {

	121 }

	122

	123 scoped_ptr<protocol::ThirdPartyAuthenticator::TokenValidator>

	124 HostTokenValidatorFactory::CreateTokenValidator() {

	125 return scoped_ptr<protocol::ThirdPartyAuthenticator::TokenValidator>(

	126 new HostTokenValidator(request_context_getter_));

	127 }

	128

	129 } // namespace remoting

OLD	NEW