| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/protocol/negotiating_authenticator.h" | 5 #include "remoting/protocol/negotiating_authenticator.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <sstream> | 8 #include <sstream> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 42 DCHECK(!methods.empty()); | 42 DCHECK(!methods.empty()); |
| 43 for (std::vector<AuthenticationMethod>::const_iterator it = methods.begin(); | 43 for (std::vector<AuthenticationMethod>::const_iterator it = methods.begin(); |
| 44 it != methods.end(); ++it) { | 44 it != methods.end(); ++it) { |
| 45 result->AddMethod(*it); | 45 result->AddMethod(*it); |
| 46 } | 46 } |
| 47 | 47 |
| 48 return scoped_ptr<Authenticator>(result.Pass()); | 48 return scoped_ptr<Authenticator>(result.Pass()); |
| 49 } | 49 } |
| 50 | 50 |
| 51 // static | 51 // static |
| 52 scoped_ptr<Authenticator> NegotiatingAuthenticator::CreateForHost( | 52 scoped_ptr<Authenticator> NegotiatingAuthenticator::CreateForHostSharedSecret( |
| 53 const std::string& local_cert, | 53 const std::string& local_cert, |
| 54 scoped_refptr<RsaKeyPair> key_pair, | 54 scoped_refptr<RsaKeyPair> key_pair, |
| 55 const std::string& shared_secret_hash, | 55 const std::string& shared_secret_hash, |
| 56 AuthenticationMethod::HashFunction hash_function) { | 56 AuthenticationMethod::HashFunction hash_function) { |
| 57 scoped_ptr<NegotiatingAuthenticator> result( | 57 scoped_ptr<NegotiatingAuthenticator> result( |
| 58 new NegotiatingAuthenticator(WAITING_MESSAGE)); | 58 new NegotiatingAuthenticator(WAITING_MESSAGE)); |
| 59 result->local_cert_ = local_cert; | 59 result->local_cert_ = local_cert; |
| 60 result->local_key_pair_ = key_pair; | 60 result->local_key_pair_ = key_pair; |
| 61 result->shared_secret_hash_ = shared_secret_hash; | 61 result->shared_secret_hash_ = shared_secret_hash; |
| 62 result->AddMethod(AuthenticationMethod::Spake2(hash_function)); |
| 62 | 63 |
| 63 result->AddMethod(AuthenticationMethod::Spake2(hash_function)); | 64 return scoped_ptr<Authenticator>(result.Pass()); |
| 65 } |
| 66 |
| 67 // static |
| 68 scoped_ptr<Authenticator> NegotiatingAuthenticator::CreateForHostThirdParty( |
| 69 const std::string& local_cert, |
| 70 scoped_refptr<RsaKeyPair> key_pair, |
| 71 const GURL& token_url, |
| 72 const GURL& token_validation_url, |
| 73 const std::string& local_jid, |
| 74 const std::string& remote_jid, |
| 75 ThirdPartyHostAuthenticator::TokenValidatorFactory* |
| 76 token_validator_factory) { |
| 77 scoped_ptr<NegotiatingAuthenticator> result( |
| 78 new NegotiatingAuthenticator(WAITING_MESSAGE)); |
| 79 result->local_cert_ = local_cert; |
| 80 result->local_key_pair_ = key_pair; |
| 81 result->token_url_ = token_url; |
| 82 result->token_validation_url_ = token_validation_url; |
| 83 result->local_jid_ = local_jid; |
| 84 result->remote_jid_ = remote_jid; |
| 85 result->token_validator_factory_ = token_validator_factory; |
| 86 result->AddMethod(AuthenticationMethod::ThirdParty()); |
| 64 | 87 |
| 65 return scoped_ptr<Authenticator>(result.Pass()); | 88 return scoped_ptr<Authenticator>(result.Pass()); |
| 66 } | 89 } |
| 67 | 90 |
| 68 NegotiatingAuthenticator::NegotiatingAuthenticator( | 91 NegotiatingAuthenticator::NegotiatingAuthenticator( |
| 69 Authenticator::State initial_state) | 92 Authenticator::State initial_state) |
| 70 : current_method_(AuthenticationMethod::Invalid()), | 93 : current_method_(AuthenticationMethod::Invalid()), |
| 71 state_(initial_state), | 94 state_(initial_state), |
| 72 rejection_reason_(INVALID_CREDENTIALS), | 95 rejection_reason_(INVALID_CREDENTIALS), |
| 73 weak_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)) { | 96 weak_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)) { |
| (...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 214 return current_authenticator_->CreateChannelAuthenticator(); | 237 return current_authenticator_->CreateChannelAuthenticator(); |
| 215 } | 238 } |
| 216 | 239 |
| 217 bool NegotiatingAuthenticator::is_host_side() const { | 240 bool NegotiatingAuthenticator::is_host_side() const { |
| 218 return local_key_pair_.get() != NULL; | 241 return local_key_pair_.get() != NULL; |
| 219 } | 242 } |
| 220 | 243 |
| 221 void NegotiatingAuthenticator::CreateAuthenticator( | 244 void NegotiatingAuthenticator::CreateAuthenticator( |
| 222 Authenticator::State preferred_initial_state, | 245 Authenticator::State preferred_initial_state, |
| 223 const base::Closure& resume_callback) { | 246 const base::Closure& resume_callback) { |
| 247 DCHECK(current_method_.is_valid()); |
| 224 if (is_host_side()) { | 248 if (is_host_side()) { |
| 225 current_authenticator_ = V2Authenticator::CreateForHost( | 249 if (current_method_.type() == AuthenticationMethod::THIRD_PARTY) { |
| 226 local_cert_, local_key_pair_, shared_secret_hash_, | 250 current_authenticator_.reset(new ThirdPartyHostAuthenticator( |
| 227 preferred_initial_state); | 251 local_cert_, local_key_pair_, |
| 252 token_validator_factory_->CreateTokenValidator( |
| 253 token_url_, token_validation_url_, local_key_pair_, |
| 254 local_jid_, remote_jid_))); |
| 255 } else { |
| 256 DCHECK_EQ(current_method_.type(), AuthenticationMethod::SPAKE2); |
| 257 current_authenticator_ = V2Authenticator::CreateForHost( |
| 258 local_cert_, local_key_pair_, shared_secret_hash_, |
| 259 preferred_initial_state); |
| 260 } |
| 228 resume_callback.Run(); | 261 resume_callback.Run(); |
| 229 } else { | 262 } else { |
| 230 fetch_secret_callback_.Run(base::Bind( | 263 fetch_secret_callback_.Run(base::Bind( |
| 231 &NegotiatingAuthenticator::CreateV2AuthenticatorWithSecret, | 264 &NegotiatingAuthenticator::CreateV2AuthenticatorWithSecret, |
| 232 weak_factory_.GetWeakPtr(), preferred_initial_state, resume_callback)); | 265 weak_factory_.GetWeakPtr(), preferred_initial_state, resume_callback)); |
| 233 } | 266 } |
| 234 } | 267 } |
| 235 | 268 |
| 236 void NegotiatingAuthenticator::ProcessMessageInternal( | 269 void NegotiatingAuthenticator::ProcessMessageInternal( |
| 237 const buzz::XmlElement* message, | 270 const buzz::XmlElement* message, |
| (...skipping 14 matching lines...) Expand all Loading... |
| 252 const std::string& shared_secret) { | 285 const std::string& shared_secret) { |
| 253 current_authenticator_ = V2Authenticator::CreateForClient( | 286 current_authenticator_ = V2Authenticator::CreateForClient( |
| 254 AuthenticationMethod::ApplyHashFunction( | 287 AuthenticationMethod::ApplyHashFunction( |
| 255 current_method_.hash_function(), authentication_tag_, shared_secret), | 288 current_method_.hash_function(), authentication_tag_, shared_secret), |
| 256 initial_state); | 289 initial_state); |
| 257 resume_callback.Run(); | 290 resume_callback.Run(); |
| 258 } | 291 } |
| 259 | 292 |
| 260 } // namespace protocol | 293 } // namespace protocol |
| 261 } // namespace remoting | 294 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12313085:
Host-side third party token validation (Closed)
Base URL: http://git.chromium.org/chromium/src.git@third_party_auth_protocol