Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(62)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: remoting/host/remoting_me2me_host.cc

Issue 12313085: Host-side third party token validation (Closed) Base URL: http://git.chromium.org/chromium/src.git@third_party_auth_protocol
Patch Set: Reviewer comments Created 7 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « remoting/host/policy_hack/policy_watcher_unittest.cc ('k') | remoting/host/url_fetcher_token_validator_factory.h » ('j') | remoting/protocol/negotiating_authenticator.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: remoting/host/remoting_me2me_host.cc
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc
index 129834bb1567306666aa534f80fca3677671426b..4eae5c453945fb2eb2d58dcfc041524e8ef1e0ce 100644
--- a/remoting/host/remoting_me2me_host.cc
+++ b/remoting/host/remoting_me2me_host.cc
@@ -34,6 +34,7 @@
#include "remoting/base/auto_thread_task_runner.h"
#include "remoting/base/breakpad.h"
#include "remoting/base/constants.h"
+#include "remoting/base/rsa_key_pair.h"
#include "remoting/host/branding.h"
#include "remoting/host/chromoting_host.h"
#include "remoting/host/chromoting_host_context.h"
@@ -65,6 +66,7 @@
#include "remoting/host/session_manager_factory.h"
#include "remoting/host/signaling_connector.h"
#include "remoting/host/ui_strings.h"
+#include "remoting/host/url_fetcher_token_validator_factory.h"
#include "remoting/host/usage_stats_consent.h"
#include "remoting/jingle_glue/xmpp_signal_strategy.h"
#include "remoting/protocol/me2me_host_authenticator_factory.h"
@@ -235,6 +237,8 @@ class HostProcess
bool OnNatPolicyUpdate(bool nat_traversal_enabled);
bool OnCurtainPolicyUpdate(bool curtain_required);
bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix);
+ bool OnHostTokenUrlPolicyUpdate(const GURL& token_url,
+ const GURL& token_validation_url);
void StartHost();
@@ -298,6 +302,8 @@ class HostProcess
scoped_ptr<CurtainMode> curtain_;
scoped_ptr<CurtainingHostObserver> curtaining_host_observer_;
bool curtain_required_;
+ GURL token_url_;
+ GURL token_validation_url_;
scoped_ptr<XmppSignalStrategy> signal_strategy_;
scoped_ptr<SignalingConnector> signaling_connector_;
@@ -515,9 +521,15 @@ void HostProcess::CreateAuthenticatorFactory() {
return;
}
+ scoped_refptr<UrlFetcherTokenValidatorFactory> token_validator_factory =
+ new UrlFetcherTokenValidatorFactory(
+ token_url_, token_validation_url_, key_pair_,
+ context_->url_request_context_getter());
+
scoped_ptr<protocol::AuthenticatorFactory> factory(
new protocol::Me2MeHostAuthenticatorFactory(
- local_certificate, key_pair_, host_secret_hash_));
+ local_certificate, key_pair_, host_secret_hash_,
+ token_validator_factory));
#if defined(OS_POSIX)
// On Linux and Mac, perform a PAM authorization step after authentication.
factory.reset(new PamAuthorizationFactory(factory.Pass()));
@@ -767,6 +779,16 @@ void HostProcess::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) {
&bool_value)) {
restart_required |= OnCurtainPolicyUpdate(bool_value);
}
+ std::string token_url_string, token_validation_url_string;
+ if (policies->GetString(
+ policy_hack::PolicyWatcher::kHostTokenUrlPolicyName,
+ &token_url_string) &&
+ policies->GetString(
+ policy_hack::PolicyWatcher::kHostTokenValidationUrlPolicyName,
+ &token_validation_url_string)) {
+ restart_required |= OnHostTokenUrlPolicyUpdate(
+ GURL(token_url_string), GURL(token_validation_url_string));
+ }
if (state_ == HOST_INITIALIZING) {
StartHost();
@@ -889,6 +911,34 @@ bool HostProcess::OnHostTalkGadgetPrefixPolicyUpdate(
return false;
}
+bool HostProcess::OnHostTokenUrlPolicyUpdate(
+ const GURL& token_url,
+ const GURL& token_validation_url) {
+ // Returns true if the host has to be restarted after this policy update.
+ DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
+
+ if (token_url_ != token_url ||
+ token_validation_url_ != token_validation_url) {
+ if (token_url.is_empty() && token_validation_url.is_empty()) {
+ LOG(INFO) << "Policy disables third-party authentication";
+ } else if ((!token_url.is_valid() || !token_validation_url.is_valid())) {
+ LOG(ERROR) << "One of the third-party token URLs is empty or invalid. "
+ << "TokenUrl: " << token_url << ", "
+ << "TokenValidationUrl: " << token_validation_url;
+ } else {
+ LOG(INFO) << "Policy sets third-party token URLs: "
+ << "TokenUrl: " << token_url << ", "
+ << "TokenValidationUrl: " << token_validation_url;
+ }
+
+ token_url_ = token_url;
+ token_validation_url_ = token_validation_url;
+ return true;
+ }
+
+ return false;
+}
+
void HostProcess::StartHost() {
DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
DCHECK(!host_);
« no previous file with comments | « remoting/host/policy_hack/policy_watcher_unittest.cc ('k') | remoting/host/url_fetcher_token_validator_factory.h » ('j') | remoting/protocol/negotiating_authenticator.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698