Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(76)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: remoting/protocol/me2me_host_authenticator_factory.cc

Issue 12313085: Host-side third party token validation (Closed) Base URL: http://git.chromium.org/chromium/src.git@third_party_auth_protocol
Patch Set: Reviewer comments Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« remoting/host/url_fetcher_token_validator_factory.cc ('K') | « remoting/protocol/me2me_host_authenticator_factory.h ('k') | remoting/protocol/negotiating_authenticator_unittest.cc » ('j') | remoting/protocol/negotiating_host_authenticator.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "remoting/protocol/me2me_host_authenticator_factory.h" 5 #include "remoting/protocol/me2me_host_authenticator_factory.h"
6 6
7 #include "base/base64.h" 7 #include "base/base64.h"
8 #include "base/string_util.h" 8 #include "base/string_util.h"
9 #include "remoting/base/rsa_key_pair.h" 9 #include "remoting/base/rsa_key_pair.h"
10 #include "remoting/protocol/channel_authenticator.h" 10 #include "remoting/protocol/channel_authenticator.h"
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
54 54
55 protected: 55 protected:
56 State state_; 56 State state_;
57 }; 57 };
58 58
59 } // namespace 59 } // namespace
60 60
61 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory( 61 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory(
62 const std::string& local_cert, 62 const std::string& local_cert,
63 scoped_refptr<RsaKeyPair> key_pair, 63 scoped_refptr<RsaKeyPair> key_pair,
64 const SharedSecretHash& shared_secret_hash) 64 const SharedSecretHash& shared_secret_hash,
65 scoped_ptr<ThirdPartyHostAuthenticator::TokenValidatorFactory>
66 token_validator_factory)
65 : local_cert_(local_cert), 67 : local_cert_(local_cert),
66 key_pair_(key_pair), 68 key_pair_(key_pair),
67 shared_secret_hash_(shared_secret_hash) { 69 shared_secret_hash_(shared_secret_hash),
70 token_validator_factory_(token_validator_factory.Pass()) {
68 } 71 }
69 72
70 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() { 73 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() {
71 } 74 }
72 75
73 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator( 76 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator(
74 const std::string& local_jid, 77 const std::string& local_jid,
75 const std::string& remote_jid, 78 const std::string& remote_jid,
76 const buzz::XmlElement* first_message) { 79 const buzz::XmlElement* first_message) {
77 80
78 size_t slash_pos = local_jid.find('/'); 81 size_t slash_pos = local_jid.find('/');
79 if (slash_pos == std::string::npos) { 82 if (slash_pos == std::string::npos) {
80 LOG(DFATAL) << "Invalid local JID:" << local_jid; 83 LOG(DFATAL) << "Invalid local JID:" << local_jid;
81 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); 84 return scoped_ptr<Authenticator>(new RejectingAuthenticator());
82 } 85 }
83 86
84 // Verify that the client's jid is an ASCII string, and then check 87 // Verify that the client's jid is an ASCII string, and then check
85 // that the client has the same bare jid as the host, i.e. client's 88 // that the client has the same bare jid as the host, i.e. client's
86 // full JID starts with host's bare jid. Comparison is case 89 // full JID starts with host's bare jid. Comparison is case
87 // insensitive. 90 // insensitive.
88 if (!IsStringASCII(remote_jid) || 91 if (!IsStringASCII(remote_jid) ||
89 !StartsWithASCII(remote_jid, local_jid.substr(0, slash_pos + 1), false)) { 92 !StartsWithASCII(remote_jid, local_jid.substr(0, slash_pos + 1), false)) {
90 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; 93 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid;
91 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); 94 return scoped_ptr<Authenticator>(new RejectingAuthenticator());
92 } 95 }
93 96
94 return scoped_ptr<Authenticator>(new NegotiatingHostAuthenticator( 97 if (token_validator_factory_->IsEnabled()) {
98 return NegotiatingHostAuthenticator::CreateWithThirdPartyAuth(
99 local_cert_, key_pair_, token_validator_factory_->CreateTokenValidator(
100 local_jid, remote_jid));
101 }
Wez 2013/04/05 22:46:12 nit: blank line after this
rmsousa 2013/04/06 00:37:25 Done.
102 return NegotiatingHostAuthenticator::CreateWithSharedSecret(
95 local_cert_, key_pair_, shared_secret_hash_.value, 103 local_cert_, key_pair_, shared_secret_hash_.value,
96 shared_secret_hash_.hash_function)); 104 shared_secret_hash_.hash_function);
97 } 105 }
98 106
99 } // namespace protocol 107 } // namespace protocol
100 } // namespace remoting 108 } // namespace remoting
OLDNEW
« remoting/host/url_fetcher_token_validator_factory.cc ('K') | « remoting/protocol/me2me_host_authenticator_factory.h ('k') | remoting/protocol/negotiating_authenticator_unittest.cc » ('j') | remoting/protocol/negotiating_host_authenticator.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698