remoting/protocol/ssl_hmac_channel_authenticator.cc - Issue 12316083: Move HostKeyPair into protocol::KeyPair.

Side by Side Diff: remoting/protocol/ssl_hmac_channel_authenticator.cc

Issue 12316083: Move HostKeyPair into protocol::KeyPair. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master

Patch Set: Add missing files, move TestKeyPair. Created 7 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« remoting/protocol/negotiating_authenticator.h ('K') | « remoting/protocol/ssl_hmac_channel_authenticator.h ('k') | remoting/protocol/ssl_hmac_channel_authenticator_unittest.cc » ('j') | remoting/protocol/v2_authenticator.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h"	5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h"

6	6

7 #include "base/bind.h"	7 #include "base/bind.h"

8 #include "base/bind_helpers.h"	8 #include "base/bind_helpers.h"

9 #include "crypto/secure_util.h"	9 #include "crypto/secure_util.h"

10 #include "net/base/cert_verifier.h"	10 #include "net/base/cert_verifier.h"

11 #include "net/base/host_port_pair.h"	11 #include "net/base/host_port_pair.h"

12 #include "net/base/io_buffer.h"	12 #include "net/base/io_buffer.h"

13 #include "net/base/net_errors.h"	13 #include "net/base/net_errors.h"

14 #include "net/base/ssl_config_service.h"	14 #include "net/base/ssl_config_service.h"

15 #include "net/base/x509_certificate.h"	15 #include "net/base/x509_certificate.h"

16 #include "net/socket/client_socket_factory.h"	16 #include "net/socket/client_socket_factory.h"

17 #include "net/socket/ssl_client_socket.h"	17 #include "net/socket/ssl_client_socket.h"

18 #include "net/socket/ssl_server_socket.h"	18 #include "net/socket/ssl_server_socket.h"

19 #include "remoting/protocol/auth_util.h"	19 #include "remoting/protocol/auth_util.h"

	20 #include "remoting/protocol/key_pair.h"

20	21

21 namespace remoting {	22 namespace remoting {

22 namespace protocol {	23 namespace protocol {

23	24

24 // static	25 // static

25 scoped_ptr<SslHmacChannelAuthenticator>	26 scoped_ptr<SslHmacChannelAuthenticator>

26 SslHmacChannelAuthenticator::CreateForClient(	27 SslHmacChannelAuthenticator::CreateForClient(

27 const std::string& remote_cert,	28 const std::string& remote_cert,

28 const std::string& auth_key) {	29 const std::string& auth_key) {

29 scoped_ptr<SslHmacChannelAuthenticator> result(	30 scoped_ptr<SslHmacChannelAuthenticator> result(

30 new SslHmacChannelAuthenticator(auth_key));	31 new SslHmacChannelAuthenticator(auth_key));

31 result->remote_cert_ = remote_cert;	32 result->remote_cert_ = remote_cert;

32 return result.Pass();	33 return result.Pass();

33 }	34 }

34	35

35 scoped_ptr<SslHmacChannelAuthenticator>	36 scoped_ptr<SslHmacChannelAuthenticator>

36 SslHmacChannelAuthenticator::CreateForHost(	37 SslHmacChannelAuthenticator::CreateForHost(

37 const std::string& local_cert,	38 const std::string& local_cert,

38 crypto::RSAPrivateKey* local_private_key,	39 scoped_ptr<KeyPair> key_pair,

39 const std::string& auth_key) {	40 const std::string& auth_key) {

40 scoped_ptr<SslHmacChannelAuthenticator> result(	41 scoped_ptr<SslHmacChannelAuthenticator> result(

41 new SslHmacChannelAuthenticator(auth_key));	42 new SslHmacChannelAuthenticator(auth_key));

42 result->local_cert_ = local_cert;	43 result->local_cert_ = local_cert;

43 result->local_private_key_ = local_private_key;	44 result->key_pair_ = key_pair.Pass();

44 return result.Pass();	45 return result.Pass();

45 }	46 }

46	47

47 SslHmacChannelAuthenticator::SslHmacChannelAuthenticator(	48 SslHmacChannelAuthenticator::SslHmacChannelAuthenticator(

48 const std::string& auth_key)	49 const std::string& auth_key)

49 : auth_key_(auth_key),	50 : auth_key_(auth_key) {

50 local_private_key_(NULL) {

51 }	51 }

52	52

53 SslHmacChannelAuthenticator::~SslHmacChannelAuthenticator() {	53 SslHmacChannelAuthenticator::~SslHmacChannelAuthenticator() {

54 }	54 }

55	55

56 void SslHmacChannelAuthenticator::SecureAndAuthenticate(	56 void SslHmacChannelAuthenticator::SecureAndAuthenticate(

57 scoped_ptr<net::StreamSocket> socket, const DoneCallback& done_callback) {	57 scoped_ptr<net::StreamSocket> socket, const DoneCallback& done_callback) {

58 DCHECK(CalledOnValidThread());	58 DCHECK(CalledOnValidThread());

59 DCHECK(socket->IsConnected());	59 DCHECK(socket->IsConnected());

60	60

61 done_callback_ = done_callback;	61 done_callback_ = done_callback;

62	62

63 int result;	63 int result;

64 if (is_ssl_server()) {	64 if (is_ssl_server()) {

65 scoped_refptr<net::X509Certificate> cert =	65 scoped_refptr<net::X509Certificate> cert =

66 net::X509Certificate::CreateFromBytes(	66 net::X509Certificate::CreateFromBytes(

67 local_cert_.data(), local_cert_.length());	67 local_cert_.data(), local_cert_.length());

68 if (!cert) {	68 if (!cert) {

69 LOG(ERROR) << "Failed to parse X509Certificate";	69 LOG(ERROR) << "Failed to parse X509Certificate";

70 NotifyError(net::ERR_FAILED);	70 NotifyError(net::ERR_FAILED);

71 return;	71 return;

72 }	72 }

73	73

74 net::SSLConfig ssl_config;	74 net::SSLConfig ssl_config;

75 net::SSLServerSocket* server_socket = net::CreateSSLServerSocket(	75 net::SSLServerSocket* server_socket = net::CreateSSLServerSocket(

76 socket.release(), cert, local_private_key_, ssl_config);	76 socket.release(), cert, key_pair_->private_key(), ssl_config);
	Wez 2013/02/23 03:43:20 What is the SSL Server Socket lifetime requirement What is the SSL Server Socket lifetime requirement on the RSA key its passed? Do we need to worry about the Socket out-living the Authenticator (and hence the key), for example? rmsousa 2013/02/26 02:38:52 SSLServerSocket copies the key. Show quoted text On 2013/02/23 03:43:20, Wez wrote: > What is the SSL Server Socket lifetime requirement on the RSA key its passed? Do > we need to worry about the Socket out-living the Authenticator (and hence the > key), for example? SSLServerSocket copies the key.
77 socket_.reset(server_socket);	77 socket_.reset(server_socket);

78	78

79 result = server_socket->Handshake(base::Bind(	79 result = server_socket->Handshake(base::Bind(

80 &SslHmacChannelAuthenticator::OnConnected, base::Unretained(this)));	80 &SslHmacChannelAuthenticator::OnConnected, base::Unretained(this)));

81 } else {	81 } else {

82 cert_verifier_.reset(net::CertVerifier::CreateDefault());	82 cert_verifier_.reset(net::CertVerifier::CreateDefault());

83	83

84 net::SSLConfig::CertAndStatus cert_and_status;	84 net::SSLConfig::CertAndStatus cert_and_status;

85 cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID;	85 cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID;

86 cert_and_status.der_cert = remote_cert_;	86 cert_and_status.der_cert = remote_cert_;

(...skipping 19 matching lines...) Expand all Loading...
106 base::Unretained(this)));	106 base::Unretained(this)));

107 }	107 }

108	108

109 if (result == net::ERR_IO_PENDING)	109 if (result == net::ERR_IO_PENDING)

110 return;	110 return;

111	111

112 OnConnected(result);	112 OnConnected(result);

113 }	113 }

114	114

115 bool SslHmacChannelAuthenticator::is_ssl_server() {	115 bool SslHmacChannelAuthenticator::is_ssl_server() {

116 return local_private_key_ != NULL;	116 return key_pair_.get() != NULL;

117 }	117 }

118	118

119 void SslHmacChannelAuthenticator::OnConnected(int result) {	119 void SslHmacChannelAuthenticator::OnConnected(int result) {

120 if (result != net::OK) {	120 if (result != net::OK) {

121 LOG(WARNING) << "Failed to establish SSL connection";	121 LOG(WARNING) << "Failed to establish SSL connection";

122 NotifyError(result);	122 NotifyError(result);

123 return;	123 return;

124 }	124 }

125	125

126 // Generate authentication digest to write to the socket.	126 // Generate authentication digest to write to the socket.

(...skipping 130 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
257 }	257 }

258 }	258 }

259	259

260 void SslHmacChannelAuthenticator::NotifyError(int error) {	260 void SslHmacChannelAuthenticator::NotifyError(int error) {

261 done_callback_.Run(static_cast<net::Error>(error),	261 done_callback_.Run(static_cast<net::Error>(error),

262 scoped_ptr<net::StreamSocket>(NULL));	262 scoped_ptr<net::StreamSocket>(NULL));

263 }	263 }

264	264

265 } // namespace protocol	265 } // namespace protocol

266 } // namespace remoting	266 } // namespace remoting

OLD	NEW