OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "remoting/protocol/me2me_host_authenticator_factory.h" | 5 #include "remoting/protocol/me2me_host_authenticator_factory.h" |
6 | 6 |
7 #include "base/base64.h" | 7 #include "base/base64.h" |
8 #include "base/string_util.h" | 8 #include "base/string_util.h" |
9 #include "crypto/rsa_private_key.h" | |
10 #include "remoting/protocol/channel_authenticator.h" | 9 #include "remoting/protocol/channel_authenticator.h" |
| 10 #include "remoting/protocol/key_pair.h" |
11 #include "remoting/protocol/negotiating_authenticator.h" | 11 #include "remoting/protocol/negotiating_authenticator.h" |
12 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h" | 12 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h" |
13 | 13 |
14 namespace remoting { | 14 namespace remoting { |
15 namespace protocol { | 15 namespace protocol { |
16 | 16 |
17 namespace { | 17 namespace { |
18 | 18 |
19 // Authenticator that accepts one message and rejects connection after that. | 19 // Authenticator that accepts one message and rejects connection after that. |
20 class RejectingAuthenticator : public Authenticator { | 20 class RejectingAuthenticator : public Authenticator { |
(...skipping 30 matching lines...) Expand all Loading... |
51 } | 51 } |
52 | 52 |
53 protected: | 53 protected: |
54 State state_; | 54 State state_; |
55 }; | 55 }; |
56 | 56 |
57 } // namespace | 57 } // namespace |
58 | 58 |
59 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory( | 59 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory( |
60 const std::string& local_cert, | 60 const std::string& local_cert, |
61 const crypto::RSAPrivateKey& local_private_key, | 61 scoped_ptr<KeyPair> key_pair, |
62 const SharedSecretHash& shared_secret_hash) | 62 const SharedSecretHash& shared_secret_hash) |
63 : local_cert_(local_cert), | 63 : local_cert_(local_cert), |
64 local_private_key_(local_private_key.Copy()), | 64 key_pair_(key_pair.Pass()), |
65 shared_secret_hash_(shared_secret_hash) { | 65 shared_secret_hash_(shared_secret_hash) { |
66 } | 66 } |
67 | 67 |
68 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() { | 68 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() { |
69 } | 69 } |
70 | 70 |
71 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator( | 71 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator( |
72 const std::string& local_jid, | 72 const std::string& local_jid, |
73 const std::string& remote_jid, | 73 const std::string& remote_jid, |
74 const buzz::XmlElement* first_message) { | 74 const buzz::XmlElement* first_message) { |
75 | 75 |
76 size_t slash_pos = local_jid.find('/'); | 76 size_t slash_pos = local_jid.find('/'); |
77 if (slash_pos == std::string::npos) { | 77 if (slash_pos == std::string::npos) { |
78 LOG(DFATAL) << "Invalid local JID:" << local_jid; | 78 LOG(DFATAL) << "Invalid local JID:" << local_jid; |
79 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); | 79 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); |
80 } | 80 } |
81 | 81 |
82 // Verify that the client's jid is an ASCII string, and then check | 82 // Verify that the client's jid is an ASCII string, and then check |
83 // that the client has the same bare jid as the host, i.e. client's | 83 // that the client has the same bare jid as the host, i.e. client's |
84 // full JID starts with host's bare jid. Comparison is case | 84 // full JID starts with host's bare jid. Comparison is case |
85 // insensitive. | 85 // insensitive. |
86 if (!IsStringASCII(remote_jid) || | 86 if (!IsStringASCII(remote_jid) || |
87 !StartsWithASCII(remote_jid, local_jid.substr(0, slash_pos + 1), false)) { | 87 !StartsWithASCII(remote_jid, local_jid.substr(0, slash_pos + 1), false)) { |
88 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; | 88 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; |
89 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); | 89 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); |
90 } | 90 } |
91 | 91 |
92 return NegotiatingAuthenticator::CreateForHost( | 92 return NegotiatingAuthenticator::CreateForHost( |
93 local_cert_, *local_private_key_, shared_secret_hash_.value, | 93 local_cert_, key_pair_->Copy(), shared_secret_hash_.value, |
94 shared_secret_hash_.hash_function); | 94 shared_secret_hash_.hash_function); |
95 } | 95 } |
96 | 96 |
97 } // namespace protocol | 97 } // namespace protocol |
98 } // namespace remoting | 98 } // namespace remoting |
OLD | NEW |