remoting/protocol/third_party_host_authenticator.cc - Issue 12326090: Third Party authentication protocol.

Side by Side Diff: remoting/protocol/third_party_host_authenticator.cc

Issue 12326090: Third Party authentication protocol. (Closed) Base URL: http://git.chromium.org/chromium/src.git@host_key_pair

Patch Set: Reviewer comments Created 7 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2013 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "remoting/protocol/third_party_host_authenticator.h"

	6

	7 #include "base/base64.h"

	8 #include "base/bind.h"

	9 #include "base/callback.h"

	10 #include "base/logging.h"

	11 #include "remoting/base/constants.h"

	12 #include "remoting/base/rsa_key_pair.h"

	13 #include "remoting/protocol/v2_authenticator.h"

	14 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h"

	15

	16 namespace remoting {

	17 namespace protocol {

	18

	19 ThirdPartyHostAuthenticator::ThirdPartyHostAuthenticator(

	20 const std::string& local_cert,

	21 scoped_refptr<RsaKeyPair> key_pair,

	22 scoped_ptr<TokenValidator> token_validator)

	23 : ThirdPartyAuthenticatorBase(MESSAGE_READY),

	24 local_cert_(local_cert),

	25 key_pair_(key_pair),

	26 token_validator_(token_validator.Pass()) {

	27 }

	28

	29 ThirdPartyHostAuthenticator::~ThirdPartyHostAuthenticator() {

	30 }

	31

	32 void ThirdPartyHostAuthenticator::ProcessTokenMessage(

	33 const buzz::XmlElement* message,

	34 const base::Closure& resume_callback) {

	35 // Host has already sent the URL and expects a token from the client.

	36 std::string token = message->TextNamed(kTokenTag);

	37 if (!token.empty()) {
	Sergey Ulanov 2013/03/22 05:58:43 nit: better to handle the error case here first. nit: better to handle the error case here first. rmsousa 2013/03/22 21:19:05 Done. Show quoted text On 2013/03/22 05:58:43, sergeyu wrote: > nit: better to handle the error case here first. Done.
	38 token_state_ = PROCESSING_MESSAGE;

	39 // This message also contains the client's first SPAKE message. Copy the

	40 // message into the callback, so that OnThirdPartyTokenValidated can give it

	41 // to the underlying SPAKE authenticator that will be created.

	42 // \|token_validator_\| is owned, so Unretained() is safe here.

	43 token_validator_->ValidateThirdPartyToken(token, base::Bind(

	44 &ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated,

	45 base::Unretained(this),

	46 base::Owned(new buzz::XmlElement(*message)),

	47 resume_callback));

	48 return;

	49 }

	50

	51 LOG(ERROR) << "Third-party authentication protocol error: missing token.";

	52 token_state_ = REJECTED;

	53 rejection_reason_ = PROTOCOL_ERROR;

	54 resume_callback.Run();

	55 }

	56

	57 void ThirdPartyHostAuthenticator::AddTokenElements(

	58 buzz::XmlElement* message) {

	59 DCHECK(token_state_ == MESSAGE_READY);
	Sergey Ulanov 2013/03/22 05:58:43 DCHECK_EQ DCHECK_EQ rmsousa 2013/03/22 21:19:05 Done. Show quoted text On 2013/03/22 05:58:43, sergeyu wrote: > DCHECK_EQ Done.
	60 DCHECK(token_validator_->token_url().is_valid());

	61 DCHECK(!token_validator_->token_scope().empty());

	62

	63 buzz::XmlElement* token_url_tag = new buzz::XmlElement(

	64 kTokenUrlTag);

	65 token_url_tag->SetBodyText(token_validator_->token_url().spec());

	66 message->AddElement(token_url_tag);

	67 buzz::XmlElement* token_scope_tag = new buzz::XmlElement(

	68 kTokenScopeTag);

	69 token_scope_tag->SetBodyText(token_validator_->token_scope());

	70 message->AddElement(token_scope_tag);

	71 token_state_ = WAITING_MESSAGE;

	72 }

	73

	74 void ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated(

	75 const buzz::XmlElement* message,

	76 const base::Closure& resume_callback,

	77 const std::string& shared_secret) {

	78 if (!shared_secret.empty()) {
	Wez 2013/03/22 06:17:01 nit: as above, consider putting error case first nit: as above, consider putting error case first Wez 2013/03/22 06:17:01 nit: as above, handle the error case first and ear nit: as above, handle the error case first and early-exit rather than if...else rmsousa 2013/03/22 21:19:05 Done. Show quoted text On 2013/03/22 06:17:01, Wez wrote: > nit: as above, handle the error case first and early-exit rather than if...else Done. rmsousa 2013/03/22 21:19:05 Done. Show quoted text On 2013/03/22 06:17:01, Wez wrote: > nit: as above, consider putting error case first Done.
	79 // The other side already started the SPAKE authentication.
	Wez 2013/03/22 06:17:01 nit: as above, handle the error-case first and the nit: as above, handle the error-case first and then early exit rather than if...else Wez 2013/03/22 06:17:01 nit: as above, handle the error case first and ear nit: as above, handle the error case first and early exit rather than if...else rmsousa 2013/03/22 21:19:05 Done. Show quoted text On 2013/03/22 06:17:01, Wez wrote: > nit: as above, handle the error-case first and then early exit rather than > if...else Done. rmsousa 2013/03/22 21:19:05 Done. Show quoted text On 2013/03/22 06:17:01, Wez wrote: > nit: as above, handle the error case first and early exit rather than if...else Done.
	80 token_state_ = ACCEPTED;

	81 underlying_ = V2Authenticator::CreateForHost(

	82 local_cert_, key_pair_, shared_secret, WAITING_MESSAGE);

	83 underlying_->ProcessMessage(message, resume_callback);

	84 } else {

	85 token_state_ = REJECTED;

	86 rejection_reason_ = INVALID_CREDENTIALS;

	87 resume_callback.Run();

	88 }

	89 }

	90

	91 } // namespace protocol

	92 } // namespace remoting

OLD	NEW

« remoting/protocol/third_party_host_authenticator.h ('K') | « remoting/protocol/third_party_host_authenticator.h ('k') | remoting/remoting.gyp » ('j') | no next file with comments »