Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(746)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: remoting/protocol/me2me_host_authenticator_factory.cc

Issue 12313085: Host-side third party token validation (Closed) Base URL: http://git.chromium.org/chromium/src.git@third_party_auth_protocol
Patch Set: Add missing parameters Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« remoting/host/url_fetcher_token_validator_factory.cc ('K') | « remoting/protocol/me2me_host_authenticator_factory.h ('k') | remoting/protocol/negotiating_authenticator.h » ('j') | remoting/protocol/negotiating_authenticator.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "remoting/protocol/me2me_host_authenticator_factory.h" 5 #include "remoting/protocol/me2me_host_authenticator_factory.h"
6 6
7 #include "base/base64.h" 7 #include "base/base64.h"
8 #include "base/string_util.h" 8 #include "base/string_util.h"
9 #include "remoting/base/rsa_key_pair.h" 9 #include "remoting/base/rsa_key_pair.h"
10 #include "remoting/protocol/channel_authenticator.h" 10 #include "remoting/protocol/channel_authenticator.h"
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
54 54
55 protected: 55 protected:
56 State state_; 56 State state_;
57 }; 57 };
58 58
59 } // namespace 59 } // namespace
60 60
61 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory( 61 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory(
62 const std::string& local_cert, 62 const std::string& local_cert,
63 scoped_refptr<RsaKeyPair> key_pair, 63 scoped_refptr<RsaKeyPair> key_pair,
64 const SharedSecretHash& shared_secret_hash) 64 const SharedSecretHash& shared_secret_hash,
65 const GURL& token_url,
66 const GURL& token_validation_url,
67 ThirdPartyHostAuthenticator::TokenValidatorFactory* token_validator_factory)
65 : local_cert_(local_cert), 68 : local_cert_(local_cert),
66 key_pair_(key_pair), 69 key_pair_(key_pair),
67 shared_secret_hash_(shared_secret_hash) { 70 shared_secret_hash_(shared_secret_hash),
71 token_url_(token_url),
72 token_validation_url_(token_validation_url),
73 token_validator_factory_(token_validator_factory) {
68 } 74 }
69 75
70 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() { 76 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() {
71 } 77 }
72 78
79 bool Me2MeHostAuthenticatorFactory::IsThirdPartyAuthenticationEnabled() const {
80 return token_url_.is_valid() && token_validation_url_.is_valid() && key_pair_;
81 }
82
73 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator( 83 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator(
74 const std::string& local_jid, 84 const std::string& local_jid,
75 const std::string& remote_jid, 85 const std::string& remote_jid,
76 const buzz::XmlElement* first_message) { 86 const buzz::XmlElement* first_message) {
77 87
78 size_t slash_pos = local_jid.find('/'); 88 size_t slash_pos = local_jid.find('/');
79 if (slash_pos == std::string::npos) { 89 if (slash_pos == std::string::npos) {
80 LOG(DFATAL) << "Invalid local JID:" << local_jid; 90 LOG(DFATAL) << "Invalid local JID:" << local_jid;
81 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); 91 return scoped_ptr<Authenticator>(new RejectingAuthenticator());
82 } 92 }
83 93
84 // Verify that the client's jid is an ASCII string, and then check 94 // Verify that the client's jid is an ASCII string, and then check
85 // that the client has the same bare jid as the host, i.e. client's 95 // that the client has the same bare jid as the host, i.e. client's
86 // full JID starts with host's bare jid. Comparison is case 96 // full JID starts with host's bare jid. Comparison is case
87 // insensitive. 97 // insensitive.
88 if (!IsStringASCII(remote_jid) || 98 if (!IsStringASCII(remote_jid) ||
89 !StartsWithASCII(remote_jid, local_jid.substr(0, slash_pos + 1), false)) { 99 !StartsWithASCII(remote_jid, local_jid.substr(0, slash_pos + 1), false)) {
90 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; 100 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid;
91 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); 101 return scoped_ptr<Authenticator>(new RejectingAuthenticator());
92 } 102 }
93 103
94 return NegotiatingAuthenticator::CreateForHost( 104 if (IsThirdPartyAuthenticationEnabled()) {
105 return NegotiatingAuthenticator::CreateForHostThirdParty(
106 local_cert_, key_pair_, token_url_, token_validation_url_,
107 local_jid, remote_jid, token_validator_factory_);
108 }
109 return NegotiatingAuthenticator::CreateForHostSharedSecret(
95 local_cert_, key_pair_, shared_secret_hash_.value, 110 local_cert_, key_pair_, shared_secret_hash_.value,
96 shared_secret_hash_.hash_function); 111 shared_secret_hash_.hash_function);
97 } 112 }
98 113
99 } // namespace protocol 114 } // namespace protocol
100 } // namespace remoting 115 } // namespace remoting
OLDNEW
« remoting/host/url_fetcher_token_validator_factory.cc ('K') | « remoting/protocol/me2me_host_authenticator_factory.h ('k') | remoting/protocol/negotiating_authenticator.h » ('j') | remoting/protocol/negotiating_authenticator.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698