Index: remoting/host/remoting_me2me_host.cc |
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc |
index 05b941ba995d6277969c519365c245d60628c8f3..4741d571beef6e9cd189da9e1f7fd4254ff77879 100644 |
--- a/remoting/host/remoting_me2me_host.cc |
+++ b/remoting/host/remoting_me2me_host.cc |
@@ -34,6 +34,7 @@ |
#include "remoting/base/auto_thread_task_runner.h" |
#include "remoting/base/breakpad.h" |
#include "remoting/base/constants.h" |
+#include "remoting/base/rsa_key_pair.h" |
#include "remoting/host/branding.h" |
#include "remoting/host/chromoting_host.h" |
#include "remoting/host/chromoting_host_context.h" |
@@ -64,6 +65,7 @@ |
#include "remoting/host/session_manager_factory.h" |
#include "remoting/host/signaling_connector.h" |
#include "remoting/host/ui_strings.h" |
+#include "remoting/host/url_fetcher_token_validator_factory.h" |
#include "remoting/host/usage_stats_consent.h" |
#include "remoting/jingle_glue/xmpp_signal_strategy.h" |
#include "remoting/protocol/me2me_host_authenticator_factory.h" |
@@ -234,6 +236,8 @@ class HostProcess |
bool OnNatPolicyUpdate(bool nat_traversal_enabled); |
bool OnCurtainPolicyUpdate(bool curtain_required); |
bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix); |
+ bool OnHostTokenUrlPolicyUpdate(const GURL& token_url, |
+ const GURL& token_validation_url); |
void StartHost(); |
@@ -297,6 +301,9 @@ class HostProcess |
scoped_ptr<CurtainMode> curtain_; |
scoped_ptr<CurtainingHostObserver> curtaining_host_observer_; |
bool curtain_required_; |
+ GURL token_url_; |
+ GURL token_validation_url_; |
+ scoped_ptr<UrlFetcherTokenValidatorFactory> token_validator_factory_; |
scoped_ptr<XmppSignalStrategy> signal_strategy_; |
scoped_ptr<SignalingConnector> signaling_connector_; |
@@ -339,6 +346,10 @@ HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context, |
base::Bind(&HostProcess::OnCurtainModeFailed, |
base::Unretained(this))); |
+ // Create the validator factory for third-party token authentication. |
+ token_validator_factory_.reset(new UrlFetcherTokenValidatorFactory( |
+ context_->url_request_context_getter())); |
+ |
StartOnUiThread(); |
} |
@@ -513,7 +524,8 @@ void HostProcess::CreateAuthenticatorFactory() { |
scoped_ptr<protocol::AuthenticatorFactory> factory( |
new protocol::Me2MeHostAuthenticatorFactory( |
- local_certificate, key_pair_, host_secret_hash_)); |
+ local_certificate, key_pair_, host_secret_hash_, |
+ token_url_, token_validation_url_, token_validator_factory_.get())); |
#if defined(OS_POSIX) |
// On Linux and Mac, perform a PAM authorization step after authentication. |
factory.reset(new PamAuthorizationFactory(factory.Pass())); |
@@ -771,6 +783,16 @@ void HostProcess::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) { |
&bool_value)) { |
restart_required |= OnCurtainPolicyUpdate(bool_value); |
} |
+ std::string token_url_string, token_validation_url_string; |
+ if (policies->GetString( |
+ policy_hack::PolicyWatcher::kHostTokenUrlPolicyName, |
+ &token_url_string) && |
+ policies->GetString( |
+ policy_hack::PolicyWatcher::kHostTokenValidationUrlPolicyName, |
+ &token_validation_url_string)) { |
+ restart_required |= OnHostTokenUrlPolicyUpdate( |
+ GURL(token_url_string), GURL(token_validation_url_string)); |
+ } |
if (state_ == HOST_INITIALIZING) { |
StartHost(); |
@@ -893,6 +915,34 @@ bool HostProcess::OnHostTalkGadgetPrefixPolicyUpdate( |
return false; |
} |
+bool HostProcess::OnHostTokenUrlPolicyUpdate( |
+ const GURL& token_url, |
+ const GURL& token_validation_url) { |
+ // Returns true if the host has to be restarted after this policy update. |
+ DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
+ |
+ if (token_url_ != token_url || |
+ token_validation_url_ != token_validation_url) { |
+ if (token_url.is_empty() && token_validation_url.is_empty()) { |
+ LOG(INFO) << "Policy disables third-party authentication"; |
+ } else if ((!token_url.is_valid() || !token_validation_url.is_valid())) { |
+ LOG(ERROR) << "One of the third-party token URLs is empty or invalid. " |
+ << "TokenUrl: " << token_url << ", " |
+ << "TokenValidationUrl: " << token_validation_url; |
+ } else { |
+ LOG(INFO) << "Policy sets third-party token URLs: " |
+ << "TokenUrl: " << token_url << ", " |
+ << "TokenValidationUrl: " << token_validation_url; |
+ } |
+ |
+ token_url_ = token_url; |
+ token_validation_url_ = token_validation_url; |
+ return true; |
+ } |
+ |
+ return false; |
+} |
+ |
void HostProcess::StartHost() { |
DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
DCHECK(!host_); |