OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "remoting/host/host_token_validator_factory.h" | |
6 | |
7 #include <set> | |
8 | |
9 #include "base/bind.h" | |
10 #include "base/callback.h" | |
11 #include "base/json/json_reader.h" | |
12 #include "base/location.h" | |
13 #include "base/logging.h" | |
14 #include "base/single_thread_task_runner.h" | |
15 #include "base/supports_user_data.h" | |
Wez
2013/03/06 01:01:08
Is this include required?
rmsousa
2013/03/25 22:45:58
Done.
| |
16 #include "base/thread_task_runner_handle.h" | |
Wez
2013/03/06 01:01:08
Is this include necessary?
rmsousa
2013/03/25 22:45:58
Done.
| |
17 #include "base/values.h" | |
18 #include "googleurl/src/gurl.h" | |
19 #include "net/base/escape.h" | |
20 #include "net/url_request/url_fetcher.h" | |
21 #include "net/url_request/url_fetcher_delegate.h" | |
22 #include "net/url_request/url_request_status.h" | |
23 | |
24 namespace remoting { | |
25 | |
26 class HostTokenValidator | |
27 : public net::URLFetcherDelegate, | |
28 public protocol::ThirdPartyAuthenticator::TokenValidator { | |
29 public: | |
30 HostTokenValidator( | |
31 scoped_refptr<net::URLRequestContextGetter> request_context_getter) | |
32 : request_context_getter_(request_context_getter) { | |
33 } | |
34 | |
35 ~HostTokenValidator() { | |
Wez
2013/03/06 01:01:08
nit: virtual
rmsousa
2013/03/25 22:45:58
Done.
| |
36 } | |
37 | |
38 void ValidateThirdPartyToken( | |
Wez
2013/03/06 01:01:08
nit: Add comment "TokenValidator interface."
Wez
2013/03/06 01:01:08
virtual + OVERRIDE
rmsousa
2013/03/25 22:45:58
Done.
rmsousa
2013/03/25 22:45:58
Done.
| |
39 const std::string& token_validation_url, | |
40 const std::string& token, | |
41 const std::string& host_public_key, | |
42 const std::string& token_signature, | |
43 const std::string& scope, | |
44 const base::Callback<void( | |
45 const std::string& shared_secret)>& on_token_validated) { | |
46 DCHECK(!request_); | |
47 DCHECK(!scope.empty()); | |
Wez
2013/03/06 01:01:08
nit: DCHECK e.g. that on_token_validated_ is non-n
rmsousa
2013/03/25 22:45:58
Done.
| |
48 scope_ = scope; | |
Wez
2013/03/06 01:01:08
nit: Space after DCHECKS, and after this parameter
rmsousa
2013/03/25 22:45:58
Done.
| |
49 on_token_validated_ = on_token_validated; | |
50 std::string post_body = | |
51 "code=" + net::EscapeUrlEncodedData(token, true) + | |
52 "&client_id=" + net::EscapeUrlEncodedData( | |
53 host_public_key, true) + | |
54 "&client_secret=" + net::EscapeUrlEncodedData( | |
55 token_signature, true) + | |
56 "&grant_type=authorization_code"; | |
57 request_.reset(net::URLFetcher::Create( | |
58 GURL(token_validation_url), net::URLFetcher::POST, this)); | |
59 request_->SetUploadData("application/x-www-form-urlencoded", post_body); | |
60 request_->SetRequestContext(request_context_getter_); | |
61 request_->Start(); | |
62 } | |
63 | |
64 void OnURLFetchComplete(const net::URLFetcher* source) { | |
Wez
2013/03/06 01:01:08
nit: Add comment "URLFetcherDelegate interface."
Wez
2013/03/06 01:01:08
virtual + OVERRIDE
rmsousa
2013/03/25 22:45:58
Done.
rmsousa
2013/03/25 22:45:58
Done.
| |
65 DCHECK_EQ(request_.get(), source); | |
66 | |
67 on_token_validated_.Run(GetSharedSecretFromResponse(source)); | |
68 request_.reset(); | |
Wez
2013/03/06 01:01:08
This will fail if the callback caused a new valida
rmsousa
2013/03/25 22:45:58
Good catch. Done.
| |
69 } | |
70 | |
71 private: | |
72 bool ValidateScope(const std::string& scope) { | |
Wez
2013/03/06 01:01:08
nit: IsValidScope()
rmsousa
2013/03/25 22:45:58
Done.
| |
73 // TODO(rmsousa): Deal with reordering/subsets/supersets/aliases/etc. | |
74 return scope == scope_; | |
75 } | |
76 | |
77 std::string GetSharedSecretFromResponse(const net::URLFetcher* source) { | |
78 std::string shared_secret; | |
Wez
2013/03/06 01:01:08
nit: Add a comment e.g. "Verify that we got a succ
rmsousa
2013/03/25 22:45:58
Done.
| |
79 int response = source->GetResponseCode(); | |
80 net::URLRequestStatus status = source->GetStatus(); | |
81 std::string data; | |
82 if (!status.is_success() || response != 200) { | |
83 LOG(ERROR) << | |
84 "Error " << response << " validating token: '" << data << "'"; | |
85 return shared_secret; | |
86 } | |
87 | |
88 source->GetResponseAsString(&data); | |
Wez
2013/03/06 01:01:08
nit: Comment e.g. "Decode the JSON data from the r
rmsousa
2013/03/25 22:45:58
Done.
| |
89 scoped_ptr<base::Value> value(base::JSONReader::Read(data)); | |
90 if (!value.get() || value->GetType() != base::Value::TYPE_DICTIONARY) { | |
91 LOG(ERROR) << "Invalid token validation response: '" << data << "'"; | |
92 return shared_secret; | |
93 } | |
94 | |
95 DictionaryValue* dict = static_cast<DictionaryValue*>(value.get()); | |
Wez
2013/03/06 01:01:08
nit: Comment e.g. "Fetch the scope and check that
rmsousa
2013/03/25 22:45:58
Done.
| |
96 std::string scope; | |
97 dict->GetStringWithoutPathExpansion("scope", &scope); | |
98 if (!ValidateScope(scope)) { | |
99 LOG(ERROR) << | |
100 "Invalid scope: '" << scope << "', expected: '" << scope_ <<"'."; | |
101 return shared_secret; | |
102 } | |
103 | |
104 dict->GetStringWithoutPathExpansion("access_token", &shared_secret); | |
Wez
2013/03/06 01:01:08
nit: Comment e.g. "Scope was valid, so return the
rmsousa
2013/03/25 22:45:58
Done.
| |
105 return shared_secret; | |
106 } | |
107 | |
108 scoped_refptr<net::URLRequestContextGetter> request_context_getter_; | |
109 scoped_ptr<net::URLFetcher> request_; | |
110 std::string scope_; | |
111 base::Callback<void(const std::string& shared_secret)> on_token_validated_; | |
Wez
2013/03/06 01:01:08
nit: Blank line before DISALLOW...
rmsousa
2013/03/25 22:45:58
Done.
| |
112 DISALLOW_COPY_AND_ASSIGN(HostTokenValidator); | |
113 }; | |
114 | |
115 HostTokenValidatorFactory::HostTokenValidatorFactory( | |
116 scoped_refptr<net::URLRequestContextGetter> request_context_getter) | |
117 : request_context_getter_(request_context_getter) { | |
118 } | |
119 | |
120 HostTokenValidatorFactory::~HostTokenValidatorFactory() { | |
121 } | |
122 | |
123 scoped_ptr<protocol::ThirdPartyAuthenticator::TokenValidator> | |
124 HostTokenValidatorFactory::CreateTokenValidator() { | |
125 return scoped_ptr<protocol::ThirdPartyAuthenticator::TokenValidator>( | |
126 new HostTokenValidator(request_context_getter_)); | |
127 } | |
128 | |
129 } // namespace remoting | |
OLD | NEW |