Host-side third party token validation

remoting/host/remoting_me2me_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This file implements a standalone host process for Me2Me.
 
 #include <string>
 
 #include "base/at_exit.h"
 #include "base/bind.h"
@@ skipping 16 matching lines @@
 #include "crypto/nss_util.h"
 #include "ipc/ipc_channel.h"
 #include "ipc/ipc_channel_proxy.h"
 #include "ipc/ipc_listener.h"
 #include "net/base/network_change_notifier.h"
 #include "net/socket/ssl_server_socket.h"
 #include "net/url_request/url_fetcher.h"
 #include "remoting/base/auto_thread_task_runner.h"
 #include "remoting/base/breakpad.h"
 #include "remoting/base/constants.h"
+#include "remoting/base/rsa_key_pair.h"
 #include "remoting/base/util.h"
 #include "remoting/host/branding.h"
 #include "remoting/host/chromoting_host.h"
 #include "remoting/host/chromoting_host_context.h"
 #include "remoting/host/chromoting_messages.h"
 #include "remoting/host/config_file_watcher.h"
 #include "remoting/host/curtain_mode.h"
 #include "remoting/host/curtaining_host_observer.h"
 #include "remoting/host/desktop_environment.h"
 #include "remoting/host/desktop_session_connector.h"
@@ skipping 10 matching lines @@
 #include "remoting/host/ipc_host_event_logger.h"
 #include "remoting/host/json_host_config.h"
 #include "remoting/host/log_to_server.h"
 #include "remoting/host/logging.h"
 #include "remoting/host/me2me_desktop_environment.h"
 #include "remoting/host/network_settings.h"
 #include "remoting/host/policy_hack/policy_watcher.h"
 #include "remoting/host/service_urls.h"
 #include "remoting/host/session_manager_factory.h"
 #include "remoting/host/signaling_connector.h"
+#include "remoting/host/token_validator_factory_impl.h"
 #include "remoting/host/ui_strings.h"
 #include "remoting/host/usage_stats_consent.h"
 #include "remoting/jingle_glue/xmpp_signal_strategy.h"
 #include "remoting/protocol/me2me_host_authenticator_factory.h"
 
 #if defined(OS_POSIX)
 #include <signal.h>
 #include "base/file_descriptor_posix.h"
 #include "remoting/host/pam_authorization_factory_posix.h"
 #include "remoting/host/posix/signal_handler.h"
@@ skipping 121 matching lines @@
 
   // Applies the host config, returning true if successful.
   bool ApplyConfig(scoped_ptr<JsonHostConfig> config);
 
   void OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies);
   bool OnHostDomainPolicyUpdate(const std::string& host_domain);
   bool OnUsernamePolicyUpdate(bool username_match_required);
   bool OnNatPolicyUpdate(bool nat_traversal_enabled);
   bool OnCurtainPolicyUpdate(bool curtain_required);
   bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix);
+  bool OnHostTokenUrlPolicyUpdate(const GURL& token_url,
+                                  const GURL& token_validation_url);
 
   void StartHost();
 
   void OnAuthFailed();
 
   void OnCurtainModeFailed();
 
   void OnRemoteSessionSwitchedToConsole();
 
   // Invoked when the user uses the Disconnect windows to terminate
@@ skipping 43 matching lines @@
   std::string xmpp_login_;
   std::string xmpp_auth_token_;
   std::string xmpp_auth_service_;
   scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_;
   bool allow_nat_traversal_;
   std::string talkgadget_prefix_;
 
   scoped_ptr<CurtainMode> curtain_;
   scoped_ptr<CurtainingHostObserver> curtaining_host_observer_;
   bool curtain_required_;
+  GURL token_url_;
+  GURL token_validation_url_;
 
   scoped_ptr<XmppSignalStrategy> signal_strategy_;
   scoped_ptr<SignalingConnector> signaling_connector_;
   scoped_ptr<HeartbeatSender> heartbeat_sender_;
   scoped_ptr<HostChangeNotificationListener> host_change_notification_listener_;
   scoped_ptr<LogToServer> log_to_server_;
   scoped_ptr<HostEventLogger> host_event_logger_;
 
   // Created on the UI thread and used on the network thread.
   scoped_ptr<HostUserInterface> host_user_interface_;
@@ skipping 193 matching lines @@
 
   if (state_ != HOST_STARTED)
     return;
 
   std::string local_certificate = key_pair_->GenerateCertificate();
   if (local_certificate.empty()) {
     LOG(ERROR) << "Failed to generate host certificate.";
     ShutdownHost(kInitializationFailed);
     return;
   }
+  scoped_ptr<protocol::AuthenticatorFactory> factory;
 
-  scoped_ptr<protocol::AuthenticatorFactory> factory(
-      new protocol::Me2MeHostAuthenticatorFactory(
-          local_certificate, key_pair_, host_secret_hash_));
+  if (token_url_.is_empty() && token_validation_url_.is_empty()) {
+    factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithSharedSecret(
+        local_certificate, key_pair_, host_secret_hash_);
+  } else if (token_url_.is_valid() && token_validation_url_.is_valid()) {
+    scoped_ptr<protocol::ThirdPartyHostAuthenticator::TokenValidatorFactory>
+        token_validator_factory(new TokenValidatorFactoryImpl(
+            token_url_, token_validation_url_, key_pair_,
+            context_->url_request_context_getter()));
+    factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth(
+        local_certificate, key_pair_, token_validator_factory.Pass());
+  } else {
+    LOG(ERROR) << "One of the third-party token URLs is empty or invalid. "
+               << "Host will reject all clients until policies are corrected. "
+               << "TokenUrl: " << token_url_ << ", "
+               << "TokenValidationUrl: " << token_validation_url_;
+    factory = protocol::Me2MeHostAuthenticatorFactory::CreateRejecting();

[Sergey Ulanov, 2013/04/06 00:56:32]

It would be better if we had a mode in which the host process is started but the
host is offline. There are two downside to keeping it offline: (1) it consumes
resources by keeping XMPP connection, (2) confusing UX because the host shown as
Online while there is no way to access it. This is a minor concern because we
don't expect too many hosts to be in that state. Maybe add TODO to fix it.

+  }
+
 #if defined(OS_POSIX)
   // On Linux and Mac, perform a PAM authorization step after authentication.
   factory.reset(new PamAuthorizationFactory(factory.Pass()));
 #endif
   host_->SetAuthenticatorFactory(factory.Pass());
 }
 
 // IPC::Listener implementation.
 bool HostProcess::OnMessageReceived(const IPC::Message& message) {
   DCHECK(context_->ui_task_runner()->BelongsToCurrentThread());
@@ skipping 237 matching lines @@
   if (policies->GetString(
           policy_hack::PolicyWatcher::kHostTalkGadgetPrefixPolicyName,
           &string_value)) {
     restart_required |= OnHostTalkGadgetPrefixPolicyUpdate(string_value);
   }
   if (policies->GetBoolean(
           policy_hack::PolicyWatcher::kHostRequireCurtainPolicyName,
           &bool_value)) {
     restart_required |= OnCurtainPolicyUpdate(bool_value);
   }
+  std::string token_url_string, token_validation_url_string;
+  if (policies->GetString(
+          policy_hack::PolicyWatcher::kHostTokenUrlPolicyName,
+          &token_url_string) &&
+      policies->GetString(
+          policy_hack::PolicyWatcher::kHostTokenValidationUrlPolicyName,
+          &token_validation_url_string)) {
+    restart_required |= OnHostTokenUrlPolicyUpdate(
+        GURL(token_url_string), GURL(token_validation_url_string));
+  }
 
   if (state_ == HOST_INITIALIZING) {
     StartHost();
   } else if (state_ == HOST_STARTED && restart_required) {
     RestartHost();
   }
 }
 
 bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) {
   // Returns true if the host has to be restarted after this policy update.
@@ skipping 103 matching lines @@
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
 
   if (talkgadget_prefix != talkgadget_prefix_) {
     LOG(INFO) << "Policy sets talkgadget prefix: " << talkgadget_prefix;
     talkgadget_prefix_ = talkgadget_prefix;
     return true;
   }
   return false;
 }
 
+bool HostProcess::OnHostTokenUrlPolicyUpdate(
+    const GURL& token_url,
+    const GURL& token_validation_url) {
+  // Returns true if the host has to be restarted after this policy update.
+  DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
+
+  if (token_url_ != token_url ||
+      token_validation_url_ != token_validation_url) {
+    LOG(INFO) << "Policy sets third-party token URLs: "
+              << "TokenUrl: " << token_url << ", "
+              << "TokenValidationUrl: " << token_validation_url;
+
+    token_url_ = token_url;
+    token_validation_url_ = token_validation_url;
+    return true;
+  }
+
+  return false;
+}
+
 void HostProcess::StartHost() {
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
   DCHECK(!host_);
   DCHECK(!signal_strategy_.get());
   DCHECK(state_ == HOST_INITIALIZING || state_ == HOST_STOPPING_TO_RESTART ||
          state_ == HOST_STOPPED) << state_;
   state_ = HOST_STARTED;
 
   signal_strategy_.reset(
       new XmppSignalStrategy(context_->url_request_context_getter(),
@@ skipping 239 matching lines @@
   return exit_code;
 }
 
 }  // namespace remoting
 
 #if !defined(OS_WIN)
 int main(int argc, char** argv) {
   return remoting::HostMain(argc, argv);
 }
 #endif  // !defined(OS_WIN)