Index: remoting/host/token_validator_base.cc |
diff --git a/remoting/host/token_validator_factory_impl.cc b/remoting/host/token_validator_base.cc |
similarity index 51% |
copy from remoting/host/token_validator_factory_impl.cc |
copy to remoting/host/token_validator_base.cc |
index f5cc5ab12dbb2b8638748e8c83c90c21df2059ac..c872222037aa217d53b76907602b76389eedf6eb 100644 |
--- a/remoting/host/token_validator_factory_impl.cc |
+++ b/remoting/host/token_validator_base.cc |
@@ -2,21 +2,17 @@ |
// Use of this source code is governed by a BSD-style license that can be |
// found in the LICENSE file. |
-#include "remoting/host/token_validator_factory_impl.h" |
- |
-#include <set> |
+#include "remoting/host/token_validator_base.h" |
#include "base/base64.h" |
#include "base/bind.h" |
#include "base/callback.h" |
#include "base/json/json_reader.h" |
-#include "base/location.h" |
#include "base/logging.h" |
#include "base/memory/weak_ptr.h" |
#include "base/single_thread_task_runner.h" |
#include "base/strings/string_util.h" |
#include "base/values.h" |
-#include "crypto/random.h" |
#include "net/base/escape.h" |
#include "net/base/io_buffer.h" |
#include "net/base/request_priority.h" |
@@ -34,13 +30,10 @@ |
#include "net/url_request/url_request.h" |
#include "net/url_request/url_request_context.h" |
#include "net/url_request/url_request_status.h" |
-#include "remoting/base/rsa_key_pair.h" |
#include "url/gurl.h" |
namespace { |
-// Length in bytes of the cryptographic nonce used to salt the token scope. |
-const size_t kNonceLength = 16; // 128 bits. |
const int kBufferSize = 4096; |
const char kCertIssuerWildCard[] = "*"; |
@@ -48,80 +41,24 @@ const char kCertIssuerWildCard[] = "*"; |
namespace remoting { |
-class TokenValidatorImpl |
- : public net::URLRequest::Delegate, |
- public protocol::ThirdPartyHostAuthenticator::TokenValidator { |
- public: |
- TokenValidatorImpl( |
- const ThirdPartyAuthConfig& third_party_auth_config, |
- scoped_refptr<RsaKeyPair> key_pair, |
- const std::string& local_jid, |
- const std::string& remote_jid, |
- scoped_refptr<net::URLRequestContextGetter> request_context_getter); |
- virtual ~TokenValidatorImpl(); |
- |
- // TokenValidator interface. |
- virtual const GURL& token_url() const OVERRIDE; |
- virtual const std::string& token_scope() const OVERRIDE; |
- virtual void ValidateThirdPartyToken( |
- const std::string& token, |
- const base::Callback<void( |
- const std::string& shared_secret)>& on_token_validated) OVERRIDE; |
- |
- // URLFetcherDelegate interface. |
- virtual void OnResponseStarted(net::URLRequest* source) OVERRIDE; |
- virtual void OnReadCompleted(net::URLRequest* source, |
- int bytes_read) OVERRIDE; |
- virtual void OnCertificateRequested( |
- net::URLRequest* source, |
- net::SSLCertRequestInfo* cert_request_info) OVERRIDE; |
- |
- private: |
- static std::string CreateScope(const std::string& local_jid, |
- const std::string& remote_jid); |
- |
- void OnCertificatesSelected(net::CertificateList* selected_certs, |
- net::ClientCertStore* unused); |
- bool IsValidScope(const std::string& token_scope); |
- std::string ProcessResponse(); |
- |
- std::string post_body_; |
- scoped_ptr<net::URLRequest> request_; |
- scoped_refptr<net::IOBuffer> buffer_; |
- std::string data_; |
- ThirdPartyAuthConfig third_party_auth_config_; |
- scoped_refptr<RsaKeyPair> key_pair_; |
- std::string token_scope_; |
- scoped_refptr<net::URLRequestContextGetter> request_context_getter_; |
- base::Callback<void(const std::string& shared_secret)> on_token_validated_; |
- |
- base::WeakPtrFactory<TokenValidatorImpl> weak_factory_; |
- |
- DISALLOW_COPY_AND_ASSIGN(TokenValidatorImpl); |
-}; |
- |
-TokenValidatorImpl::TokenValidatorImpl( |
+TokenValidatorBase::TokenValidatorBase( |
const ThirdPartyAuthConfig& third_party_auth_config, |
- scoped_refptr<RsaKeyPair> key_pair, |
- const std::string& local_jid, |
- const std::string& remote_jid, |
+ const std::string& token_scope, |
scoped_refptr<net::URLRequestContextGetter> request_context_getter) |
- : buffer_(new net::IOBuffer(kBufferSize)), |
- third_party_auth_config_(third_party_auth_config), |
- key_pair_(key_pair), |
+ : third_party_auth_config_(third_party_auth_config), |
+ token_scope_(token_scope), |
request_context_getter_(request_context_getter), |
+ buffer_(new net::IOBuffer(kBufferSize)), |
weak_factory_(this) { |
DCHECK(third_party_auth_config_.token_url.is_valid()); |
DCHECK(third_party_auth_config_.token_validation_url.is_valid()); |
- DCHECK(key_pair_.get()); |
- token_scope_ = CreateScope(local_jid, remote_jid); |
} |
-TokenValidatorImpl::~TokenValidatorImpl() { |
+TokenValidatorBase::~TokenValidatorBase() { |
} |
// TokenValidator interface. |
-void TokenValidatorImpl::ValidateThirdPartyToken( |
+void TokenValidatorBase::ValidateThirdPartyToken( |
const std::string& token, |
const base::Callback<void( |
const std::string& shared_secret)>& on_token_validated) { |
@@ -130,38 +67,19 @@ void TokenValidatorImpl::ValidateThirdPartyToken( |
on_token_validated_ = on_token_validated; |
- post_body_ = "code=" + net::EscapeUrlEncodedData(token, true) + |
- "&client_id=" + net::EscapeUrlEncodedData( |
- key_pair_->GetPublicKey(), true) + |
- "&client_secret=" + net::EscapeUrlEncodedData( |
- key_pair_->SignMessage(token), true) + |
- "&grant_type=authorization_code"; |
- |
- request_ = request_context_getter_->GetURLRequestContext()->CreateRequest( |
- third_party_auth_config_.token_validation_url, net::DEFAULT_PRIORITY, |
- this); |
- request_->SetExtraRequestHeaderByName( |
- net::HttpRequestHeaders::kContentType, |
- "application/x-www-form-urlencoded", true); |
- request_->set_method("POST"); |
- scoped_ptr<net::UploadElementReader> reader( |
- new net::UploadBytesElementReader( |
- post_body_.data(), post_body_.size())); |
- request_->set_upload(make_scoped_ptr( |
- net::UploadDataStream::CreateWithReader(reader.Pass(), 0))); |
- request_->Start(); |
+ StartValidateRequest(token); |
} |
-const GURL& TokenValidatorImpl::token_url() const { |
+const GURL& TokenValidatorBase::token_url() const { |
return third_party_auth_config_.token_url; |
} |
-const std::string& TokenValidatorImpl::token_scope() const { |
+const std::string& TokenValidatorBase::token_scope() const { |
return token_scope_; |
} |
// URLFetcherDelegate interface. |
-void TokenValidatorImpl::OnResponseStarted(net::URLRequest* source) { |
+void TokenValidatorBase::OnResponseStarted(net::URLRequest* source) { |
DCHECK_EQ(request_.get(), source); |
int bytes_read = 0; |
@@ -169,7 +87,7 @@ void TokenValidatorImpl::OnResponseStarted(net::URLRequest* source) { |
OnReadCompleted(request_.get(), bytes_read); |
} |
-void TokenValidatorImpl::OnReadCompleted(net::URLRequest* source, |
+void TokenValidatorBase::OnReadCompleted(net::URLRequest* source, |
int bytes_read) { |
DCHECK_EQ(request_.get(), source); |
@@ -189,7 +107,7 @@ void TokenValidatorImpl::OnReadCompleted(net::URLRequest* source, |
} |
} |
-void TokenValidatorImpl::OnCertificateRequested( |
+void TokenValidatorBase::OnCertificateRequested( |
net::URLRequest* source, |
net::SSLCertRequestInfo* cert_request_info) { |
DCHECK_EQ(request_.get(), source); |
@@ -211,12 +129,12 @@ void TokenValidatorImpl::OnCertificateRequested( |
net::CertificateList* selected_certs(new net::CertificateList()); |
client_cert_store->GetClientCerts( |
*cert_request_info, selected_certs, |
- base::Bind(&TokenValidatorImpl::OnCertificatesSelected, |
+ base::Bind(&TokenValidatorBase::OnCertificatesSelected, |
weak_factory_.GetWeakPtr(), base::Owned(selected_certs), |
base::Owned(client_cert_store))); |
} |
-void TokenValidatorImpl::OnCertificatesSelected( |
+void TokenValidatorBase::OnCertificatesSelected( |
net::CertificateList* selected_certs, |
net::ClientCertStore* unused) { |
const std::string& issuer = |
@@ -233,22 +151,12 @@ void TokenValidatorImpl::OnCertificatesSelected( |
} |
} |
-bool TokenValidatorImpl::IsValidScope(const std::string& token_scope) { |
+bool TokenValidatorBase::IsValidScope(const std::string& token_scope) { |
// TODO(rmsousa): Deal with reordering/subsets/supersets/aliases/etc. |
return token_scope == token_scope_; |
} |
-std::string TokenValidatorImpl::CreateScope( |
- const std::string& local_jid, |
- const std::string& remote_jid) { |
- std::string nonce_bytes; |
- crypto::RandBytes(WriteInto(&nonce_bytes, kNonceLength + 1), kNonceLength); |
- std::string nonce; |
- base::Base64Encode(nonce_bytes, &nonce); |
- return "client:" + remote_jid + " host:" + local_jid + " nonce:" + nonce; |
-} |
- |
-std::string TokenValidatorImpl::ProcessResponse() { |
+std::string TokenValidatorBase::ProcessResponse() { |
// Verify that we got a successful response. |
net::URLRequestStatus status = request_->status(); |
if (!status.is_success()) { |
@@ -287,26 +195,4 @@ std::string TokenValidatorImpl::ProcessResponse() { |
return shared_secret; |
} |
-TokenValidatorFactoryImpl::TokenValidatorFactoryImpl( |
- const ThirdPartyAuthConfig& third_party_auth_config, |
- scoped_refptr<RsaKeyPair> key_pair, |
- scoped_refptr<net::URLRequestContextGetter> request_context_getter) |
- : third_party_auth_config_(third_party_auth_config), |
- key_pair_(key_pair), |
- request_context_getter_(request_context_getter) { |
-} |
- |
-TokenValidatorFactoryImpl::~TokenValidatorFactoryImpl() { |
-} |
- |
-scoped_ptr<protocol::ThirdPartyHostAuthenticator::TokenValidator> |
-TokenValidatorFactoryImpl::CreateTokenValidator( |
- const std::string& local_jid, |
- const std::string& remote_jid) { |
- return scoped_ptr<protocol::ThirdPartyHostAuthenticator::TokenValidator>( |
- new TokenValidatorImpl(third_party_auth_config_, |
- key_pair_, local_jid, remote_jid, |
- request_context_getter_)); |
-} |
- |
} // namespace remoting |