Index: remoting/host/remoting_me2me_host.cc |
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc |
index 2614950375c408ac8c7971ca0bc8f7a75efc18ad..3fdaa34fac6399b9bec964d12cf4311d8d1e6861 100644 |
--- a/remoting/host/remoting_me2me_host.cc |
+++ b/remoting/host/remoting_me2me_host.cc |
@@ -34,6 +34,7 @@ |
#include "remoting/base/auto_thread_task_runner.h" |
#include "remoting/base/breakpad.h" |
#include "remoting/base/constants.h" |
+#include "remoting/base/rsa_key_pair.h" |
#include "remoting/base/util.h" |
#include "remoting/host/branding.h" |
#include "remoting/host/chromoting_host.h" |
@@ -65,6 +66,7 @@ |
#include "remoting/host/session_manager_factory.h" |
#include "remoting/host/signaling_connector.h" |
#include "remoting/host/ui_strings.h" |
+#include "remoting/host/url_fetcher_token_validator_factory.h" |
#include "remoting/host/usage_stats_consent.h" |
#include "remoting/jingle_glue/xmpp_signal_strategy.h" |
#include "remoting/protocol/me2me_host_authenticator_factory.h" |
@@ -205,6 +207,8 @@ class HostProcess |
bool OnNatPolicyUpdate(bool nat_traversal_enabled); |
bool OnCurtainPolicyUpdate(bool curtain_required); |
bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix); |
+ bool OnHostTokenUrlPolicyUpdate(const GURL& token_url, |
+ const GURL& token_validation_url); |
void StartHost(); |
@@ -268,6 +272,8 @@ class HostProcess |
scoped_ptr<CurtainMode> curtain_; |
scoped_ptr<CurtainingHostObserver> curtaining_host_observer_; |
bool curtain_required_; |
+ GURL token_url_; |
+ GURL token_validation_url_; |
scoped_ptr<XmppSignalStrategy> signal_strategy_; |
scoped_ptr<SignalingConnector> signaling_connector_; |
@@ -482,9 +488,17 @@ void HostProcess::CreateAuthenticatorFactory() { |
return; |
} |
+ // Create the validator factory for third-party token authentication. |
+ scoped_ptr<protocol::ThirdPartyHostAuthenticator::TokenValidatorFactory> |
+ token_validator_factory(new UrlFetcherTokenValidatorFactory( |
+ token_url_, token_validation_url_, key_pair_, |
+ context_->url_request_context_getter())); |
+ |
scoped_ptr<protocol::AuthenticatorFactory> factory( |
new protocol::Me2MeHostAuthenticatorFactory( |
- local_certificate, key_pair_, host_secret_hash_)); |
+ local_certificate, key_pair_, host_secret_hash_, |
+ token_validator_factory.Pass())); |
+ |
#if defined(OS_POSIX) |
// On Linux and Mac, perform a PAM authorization step after authentication. |
factory.reset(new PamAuthorizationFactory(factory.Pass())); |
@@ -742,6 +756,16 @@ void HostProcess::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) { |
&bool_value)) { |
restart_required |= OnCurtainPolicyUpdate(bool_value); |
} |
+ std::string token_url_string, token_validation_url_string; |
+ if (policies->GetString( |
Sergey Ulanov
2013/04/05 20:28:34
not related to this CL, so not worth fixing here:
rmsousa
2013/04/06 00:37:25
Done.
|
+ policy_hack::PolicyWatcher::kHostTokenUrlPolicyName, |
+ &token_url_string) && |
+ policies->GetString( |
+ policy_hack::PolicyWatcher::kHostTokenValidationUrlPolicyName, |
+ &token_validation_url_string)) { |
+ restart_required |= OnHostTokenUrlPolicyUpdate( |
+ GURL(token_url_string), GURL(token_validation_url_string)); |
+ } |
if (state_ == HOST_INITIALIZING) { |
StartHost(); |
@@ -865,6 +889,34 @@ bool HostProcess::OnHostTalkGadgetPrefixPolicyUpdate( |
return false; |
} |
+bool HostProcess::OnHostTokenUrlPolicyUpdate( |
+ const GURL& token_url, |
+ const GURL& token_validation_url) { |
+ // Returns true if the host has to be restarted after this policy update. |
+ DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
+ |
+ if (token_url_ != token_url || |
+ token_validation_url_ != token_validation_url) { |
+ if (token_url.is_empty() && token_validation_url.is_empty()) { |
+ LOG(INFO) << "Policy disables third-party authentication"; |
+ } else if ((!token_url.is_valid() || !token_validation_url.is_valid())) { |
+ LOG(ERROR) << "One of the third-party token URLs is empty or invalid. " |
+ << "TokenUrl: " << token_url << ", " |
Sergey Ulanov
2013/04/05 20:28:34
nit: << should be aligned with << on the previous
rmsousa
2013/04/06 00:37:25
Done.
|
+ << "TokenValidationUrl: " << token_validation_url; |
+ } else { |
+ LOG(INFO) << "Policy sets third-party token URLs: " |
+ << "TokenUrl: " << token_url << ", " |
+ << "TokenValidationUrl: " << token_validation_url; |
+ } |
+ |
+ token_url_ = token_url; |
+ token_validation_url_ = token_validation_url; |
+ return true; |
+ } |
+ |
+ return false; |
+} |
+ |
void HostProcess::StartHost() { |
DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
DCHECK(!host_); |