| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/protocol/me2me_host_authenticator_factory.h" | 5 #include "remoting/protocol/me2me_host_authenticator_factory.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/string_util.h" | 8 #include "base/string_util.h" |
| 9 #include "remoting/protocol/channel_authenticator.h" | 9 #include "remoting/protocol/channel_authenticator.h" |
| 10 #include "remoting/protocol/key_pair.h" | 10 #include "remoting/protocol/key_pair.h" |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 52 | 52 |
| 53 protected: | 53 protected: |
| 54 State state_; | 54 State state_; |
| 55 }; | 55 }; |
| 56 | 56 |
| 57 } // namespace | 57 } // namespace |
| 58 | 58 |
| 59 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory( | 59 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory( |
| 60 const std::string& local_cert, | 60 const std::string& local_cert, |
| 61 scoped_ptr<KeyPair> key_pair, | 61 scoped_ptr<KeyPair> key_pair, |
| 62 const SharedSecretHash& shared_secret_hash) | 62 const SharedSecretHash& shared_secret_hash, |
| 63 const std::string& third_party_token_url, |
| 64 const std::string& third_party_token_validation_url, |
| 65 ThirdPartyAuthenticator::TokenValidatorFactory* |
| 66 third_party_token_validator_factory) |
| 63 : local_cert_(local_cert), | 67 : local_cert_(local_cert), |
| 64 key_pair_(key_pair.Pass()), | 68 key_pair_(key_pair.Pass()), |
| 65 shared_secret_hash_(shared_secret_hash) { | 69 shared_secret_hash_(shared_secret_hash), |
| 70 third_party_token_url_(third_party_token_url), |
| 71 third_party_token_validation_url_(third_party_token_validation_url), |
| 72 third_party_token_validator_factory_(third_party_token_validator_factory) |
| 73 { |
| 66 } | 74 } |
| 67 | 75 |
| 68 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() { | 76 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() { |
| 69 } | 77 } |
| 70 | 78 |
| 71 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator( | 79 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator( |
| 72 const std::string& local_jid, | 80 const std::string& local_jid, |
| 73 const std::string& remote_jid, | 81 const std::string& remote_jid, |
| 74 const buzz::XmlElement* first_message) { | 82 const buzz::XmlElement* first_message) { |
| 75 | 83 |
| 76 size_t slash_pos = local_jid.find('/'); | 84 size_t slash_pos = local_jid.find('/'); |
| 77 if (slash_pos == std::string::npos) { | 85 if (slash_pos == std::string::npos) { |
| 78 LOG(DFATAL) << "Invalid local JID:" << local_jid; | 86 LOG(DFATAL) << "Invalid local JID:" << local_jid; |
| 79 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); | 87 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); |
| 80 } | 88 } |
| 81 | 89 |
| 82 // Verify that the client's jid is an ASCII string, and then check | 90 // Verify that the client's jid is an ASCII string, and then check |
| 83 // that the client has the same bare jid as the host, i.e. client's | 91 // that the client has the same bare jid as the host, i.e. client's |
| 84 // full JID starts with host's bare jid. Comparison is case | 92 // full JID starts with host's bare jid. Comparison is case |
| 85 // insensitive. | 93 // insensitive. |
| 86 if (!IsStringASCII(remote_jid) || | 94 if (!IsStringASCII(remote_jid) || |
| 87 !StartsWithASCII(remote_jid, local_jid.substr(0, slash_pos + 1), false)) { | 95 !StartsWithASCII(remote_jid, local_jid.substr(0, slash_pos + 1), false)) { |
| 88 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; | 96 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; |
| 89 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); | 97 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); |
| 90 } | 98 } |
| 91 | 99 |
| 92 return NegotiatingAuthenticator::CreateForHost( | 100 if (third_party_token_url_.empty() || |
| 93 local_cert_, key_pair_->Copy(), shared_secret_hash_.value, | 101 third_party_token_validation_url_.empty() || |
| 94 shared_secret_hash_.hash_function); | 102 third_party_token_validator_factory_ == NULL) { |
| 103 return NegotiatingAuthenticator::CreateForHostSharedSecret( |
| 104 local_cert_, key_pair_->Copy(), shared_secret_hash_.value, |
| 105 shared_secret_hash_.hash_function); |
| 106 } else { |
| 107 std::string third_party_token_scope = |
| 108 "client:" + remote_jid + " host:" + local_jid; |
| 109 return NegotiatingAuthenticator::CreateForHostThirdPartyAuth( |
| 110 local_cert_, key_pair_->Copy(), third_party_token_url_, |
| 111 third_party_token_validation_url_, third_party_token_scope, |
| 112 third_party_token_validator_factory_); |
| 113 } |
| 95 } | 114 } |
| 96 | 115 |
| 97 } // namespace protocol | 116 } // namespace protocol |
| 98 } // namespace remoting | 117 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12326090:
Third Party authentication protocol. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@host_key_pair