remoting/protocol/third_party_host_authenticator.cc - Issue 12326090: Third Party authentication protocol.

Side by Side Diff: remoting/protocol/third_party_host_authenticator.cc

Issue 12326090: Third Party authentication protocol. (Closed) Base URL: http://git.chromium.org/chromium/src.git@host_key_pair

Patch Set: Split authenticator into base, client, host Created 7 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« remoting/protocol/third_party_client_authenticator.cc ('K') | « remoting/protocol/third_party_host_authenticator.h ('k') | remoting/protocol/v2_authenticator.h » ('j') | remoting/protocol/v2_authenticator.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2013 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "remoting/protocol/third_party_host_authenticator.h"

	6

	7 #include "base/base64.h"

	8 #include "base/bind.h"

	9 #include "base/callback.h"

	10 #include "base/logging.h"

	11 #include "remoting/base/constants.h"

	12 #include "remoting/base/rsa_key_pair.h"

	13 #include "remoting/protocol/v2_authenticator.h"

	14 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h"

	15

	16 namespace remoting {

	17 namespace protocol {

	18

	19 ThirdPartyHostAuthenticator::ThirdPartyHostAuthenticator(

	20 const std::string& local_cert,

	21 scoped_refptr<RsaKeyPair> key_pair,

	22 scoped_ptr<TokenValidator> token_validator,

	23 Authenticator::State initial_state)

	24 : ThirdPartyAuthenticatorBase(initial_state),
	Sergey Ulanov 2013/03/07 21:20:41 nit: indent 2 more spaces nit: indent 2 more spaces rmsousa 2013/03/20 01:30:16 Done. Show quoted text On 2013/03/07 21:20:41, sergeyu wrote: > nit: indent 2 more spaces Done.
	25 has_sent_urls_(false),

	26 local_cert_(local_cert),

	27 key_pair_(key_pair),

	28 token_validator_(token_validator.Pass()) {

	29 }

	30

	31 ThirdPartyHostAuthenticator::~ThirdPartyHostAuthenticator() {

	32 }

	33

	34 void ThirdPartyHostAuthenticator::ProcessMessageInternal(

	35 const buzz::XmlElement* message,

	36 const base::Closure& resume_callback) {

	37 if (!has_sent_urls_) {

	38 // The host hasn't sent the token URLs to the client yet, so ignore the

	39 // first message and send the URLs to the client.

	40 DCHECK(!underlying_);

	41

	42 state_ = MESSAGE_READY;

	43 resume_callback.Run();

	44 return;

	45 }

	46 // Host has already sent the URL and expects a token from the client.

	47 std::string token = message->TextNamed(kTokenTag);

	48 if (!token.empty()) {

	49 state_ = PROCESSING_MESSAGE;

	50 // This message also contains the client's first SPAKE message. Copy the

	51 // message into the callback, so that OnThirdPartyTokenValidated can give it

	52 // to the underlying SPAKE authenticator that will be created.

	53 // \|token_validator_\| is owned, so Unretained() is safe here.

	54 token_validator_->ValidateThirdPartyToken(token, base::Bind(

	55 &ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated,

	56 base::Unretained(this),

	57 base::Owned(new buzz::XmlElement(*message)),

	58 resume_callback));

	59 return;

	60 }

	61

	62 LOG(WARNING) << "Missing token.";
	Sergey Ulanov 2013/03/07 21:20:41 change this to ERROR. Make the message more verbos change this to ERROR. Make the message more verbose, e.g. "Third-party authentication protocol error: missing token." rmsousa 2013/03/20 01:30:16 Done. Show quoted text On 2013/03/07 21:20:41, sergeyu wrote: > change this to ERROR. Make the message more verbose, e.g. "Third-party > authentication protocol error: missing token." Done.
	63 state_ = REJECTED;

	64 rejection_reason_ = PROTOCOL_ERROR;

	65 resume_callback.Run();

	66 return;

	67 }

	68

	69 void ThirdPartyHostAuthenticator::GetNextMessageInternal(

	70 buzz::XmlElement* message) {

	71 if (state_ == MESSAGE_READY) {
	Sergey Ulanov 2013/03/07 21:20:41 This should be a DCHECK(). Why would that method b This should be a DCHECK(). Why would that method be called if we are not in MESSAGE_READY state? rmsousa 2013/03/20 01:30:16 This if was moved to the caller. Show quoted text On 2013/03/07 21:20:41, sergeyu wrote: > This should be a DCHECK(). Why would that method be called if we are not in > MESSAGE_READY state? This if was moved to the caller.
	72 DCHECK(token_validator_->token_url().is_valid());

	73 DCHECK(!token_validator_->token_scope().empty());

	74

	75 buzz::XmlElement* token_url_tag = new buzz::XmlElement(

	76 kTokenUrlTag);

	77 token_url_tag->SetBodyText(token_validator_->token_url().spec());

	78 message->AddElement(token_url_tag);

	79 buzz::XmlElement* token_scope_tag = new buzz::XmlElement(

	80 kTokenScopeTag);

	81 token_scope_tag->SetBodyText(token_validator_->token_scope());

	82 message->AddElement(token_scope_tag);

	83 has_sent_urls_ = true;

	84 state_ = WAITING_MESSAGE;

	85 }

	86 }

	87

	88 void ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated(

	89 const buzz::XmlElement* message,

	90 const base::Closure& resume_callback,

	91 const std::string& shared_secret) {

	92 if (!shared_secret.empty()) {

	93 // The other side already started the SPAKE authentication.

	94 state_ = ACCEPTED;

	95 underlying_ = V2Authenticator::CreateForHost(

	96 local_cert_, key_pair_, shared_secret, WAITING_MESSAGE);

	97 underlying_->ProcessMessage(message, resume_callback);

	98 } else {

	99 state_ = REJECTED;

	100 rejection_reason_ = INVALID_CREDENTIALS;

	101 resume_callback.Run();

	102 }

	103 }

	104

	105 } // namespace protocol

	106 } // namespace remoting

OLD	NEW