OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "remoting/protocol/it2me_host_authenticator_factory.h" | 5 #include "remoting/protocol/it2me_host_authenticator_factory.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/strings/string_util.h" |
8 #include "remoting/base/rsa_key_pair.h" | 9 #include "remoting/base/rsa_key_pair.h" |
9 #include "remoting/protocol/negotiating_host_authenticator.h" | 10 #include "remoting/protocol/negotiating_host_authenticator.h" |
| 11 #include "remoting/protocol/rejecting_authenticator.h" |
10 | 12 |
11 namespace remoting { | 13 namespace remoting { |
12 namespace protocol { | 14 namespace protocol { |
13 | 15 |
14 It2MeHostAuthenticatorFactory::It2MeHostAuthenticatorFactory( | 16 It2MeHostAuthenticatorFactory::It2MeHostAuthenticatorFactory( |
15 const std::string& local_cert, | 17 const std::string& local_cert, |
16 scoped_refptr<RsaKeyPair> key_pair, | 18 scoped_refptr<RsaKeyPair> key_pair, |
17 const std::string& shared_secret) | 19 const std::string& shared_secret, |
| 20 const std::string& required_client_domain) |
18 : local_cert_(local_cert), | 21 : local_cert_(local_cert), |
19 key_pair_(key_pair), | 22 key_pair_(key_pair), |
20 shared_secret_(shared_secret) { | 23 shared_secret_(shared_secret), |
| 24 required_client_domain_(required_client_domain) { |
21 } | 25 } |
22 | 26 |
23 It2MeHostAuthenticatorFactory::~It2MeHostAuthenticatorFactory() { | 27 It2MeHostAuthenticatorFactory::~It2MeHostAuthenticatorFactory() { |
24 } | 28 } |
25 | 29 |
26 scoped_ptr<Authenticator> It2MeHostAuthenticatorFactory::CreateAuthenticator( | 30 scoped_ptr<Authenticator> It2MeHostAuthenticatorFactory::CreateAuthenticator( |
27 const std::string& local_jid, | 31 const std::string& local_jid, |
28 const std::string& remote_jid, | 32 const std::string& remote_jid, |
29 const buzz::XmlElement* first_message) { | 33 const buzz::XmlElement* first_message) { |
| 34 // Check the client domain policy. |
| 35 if (!required_client_domain_.empty()) { |
| 36 std::string client_username = remote_jid; |
| 37 size_t pos = client_username.find('/'); |
| 38 if (pos != std::string::npos) { |
| 39 client_username.replace(pos, std::string::npos, ""); |
| 40 } |
| 41 if (!base::EndsWith(client_username, |
| 42 std::string("@") + required_client_domain_, |
| 43 base::CompareCase::INSENSITIVE_ASCII)) { |
| 44 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid |
| 45 << ": Domain mismatch."; |
| 46 return make_scoped_ptr( |
| 47 new RejectingAuthenticator(Authenticator::INVALID_CREDENTIALS)); |
| 48 } |
| 49 } |
| 50 |
30 return NegotiatingHostAuthenticator::CreateWithSharedSecret( | 51 return NegotiatingHostAuthenticator::CreateWithSharedSecret( |
31 local_cert_, key_pair_, shared_secret_, AuthenticationMethod::NONE, | 52 local_cert_, key_pair_, shared_secret_, AuthenticationMethod::NONE, |
32 nullptr); | 53 nullptr); |
33 } | 54 } |
34 | 55 |
35 } // namespace protocol | 56 } // namespace protocol |
36 } // namespace remoting | 57 } // namespace remoting |
OLD | NEW |