OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "remoting/protocol/me2me_host_authenticator_factory.h" | 5 #include "remoting/protocol/me2me_host_authenticator_factory.h" |
6 | 6 |
7 #include "base/base64.h" | 7 #include "base/base64.h" |
8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
9 #include "remoting/base/rsa_key_pair.h" | 9 #include "remoting/base/rsa_key_pair.h" |
10 #include "remoting/protocol/channel_authenticator.h" | 10 #include "remoting/protocol/channel_authenticator.h" |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
54 | 54 |
55 protected: | 55 protected: |
56 State state_; | 56 State state_; |
57 }; | 57 }; |
58 | 58 |
59 } // namespace | 59 } // namespace |
60 | 60 |
61 // static | 61 // static |
62 scoped_ptr<AuthenticatorFactory> | 62 scoped_ptr<AuthenticatorFactory> |
63 Me2MeHostAuthenticatorFactory::CreateWithSharedSecret( | 63 Me2MeHostAuthenticatorFactory::CreateWithSharedSecret( |
| 64 const std::string& host_owner, |
64 const std::string& local_cert, | 65 const std::string& local_cert, |
65 scoped_refptr<RsaKeyPair> key_pair, | 66 scoped_refptr<RsaKeyPair> key_pair, |
66 const SharedSecretHash& shared_secret_hash, | 67 const SharedSecretHash& shared_secret_hash, |
67 scoped_refptr<PairingRegistry> pairing_registry) { | 68 scoped_refptr<PairingRegistry> pairing_registry) { |
68 scoped_ptr<Me2MeHostAuthenticatorFactory> result( | 69 scoped_ptr<Me2MeHostAuthenticatorFactory> result( |
69 new Me2MeHostAuthenticatorFactory()); | 70 new Me2MeHostAuthenticatorFactory()); |
| 71 result->host_owner_ = host_owner; |
70 result->local_cert_ = local_cert; | 72 result->local_cert_ = local_cert; |
71 result->key_pair_ = key_pair; | 73 result->key_pair_ = key_pair; |
72 result->shared_secret_hash_ = shared_secret_hash; | 74 result->shared_secret_hash_ = shared_secret_hash; |
73 result->pairing_registry_ = pairing_registry; | 75 result->pairing_registry_ = pairing_registry; |
74 return scoped_ptr<AuthenticatorFactory>(result.Pass()); | 76 return scoped_ptr<AuthenticatorFactory>(result.Pass()); |
75 } | 77 } |
76 | 78 |
77 | 79 |
78 // static | 80 // static |
79 scoped_ptr<AuthenticatorFactory> | 81 scoped_ptr<AuthenticatorFactory> |
80 Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth( | 82 Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth( |
| 83 const std::string& host_owner, |
81 const std::string& local_cert, | 84 const std::string& local_cert, |
82 scoped_refptr<RsaKeyPair> key_pair, | 85 scoped_refptr<RsaKeyPair> key_pair, |
83 scoped_ptr<ThirdPartyHostAuthenticator::TokenValidatorFactory> | 86 scoped_ptr<ThirdPartyHostAuthenticator::TokenValidatorFactory> |
84 token_validator_factory) { | 87 token_validator_factory) { |
85 scoped_ptr<Me2MeHostAuthenticatorFactory> result( | 88 scoped_ptr<Me2MeHostAuthenticatorFactory> result( |
86 new Me2MeHostAuthenticatorFactory()); | 89 new Me2MeHostAuthenticatorFactory()); |
| 90 result->host_owner_ = host_owner; |
87 result->local_cert_ = local_cert; | 91 result->local_cert_ = local_cert; |
88 result->key_pair_ = key_pair; | 92 result->key_pair_ = key_pair; |
89 result->token_validator_factory_ = token_validator_factory.Pass(); | 93 result->token_validator_factory_ = token_validator_factory.Pass(); |
90 return scoped_ptr<AuthenticatorFactory>(result.Pass()); | 94 return scoped_ptr<AuthenticatorFactory>(result.Pass()); |
91 } | 95 } |
92 | 96 |
93 // static | 97 // static |
94 scoped_ptr<AuthenticatorFactory> | 98 scoped_ptr<AuthenticatorFactory> |
95 Me2MeHostAuthenticatorFactory::CreateRejecting() { | 99 Me2MeHostAuthenticatorFactory::CreateRejecting() { |
96 return scoped_ptr<AuthenticatorFactory>(new Me2MeHostAuthenticatorFactory()); | 100 return scoped_ptr<AuthenticatorFactory>(new Me2MeHostAuthenticatorFactory()); |
97 } | 101 } |
98 | 102 |
99 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory() { | 103 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory() { |
100 } | 104 } |
101 | 105 |
102 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() { | 106 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() { |
103 } | 107 } |
104 | 108 |
105 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator( | 109 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator( |
106 const std::string& local_jid, | 110 const std::string& local_jid, |
107 const std::string& remote_jid, | 111 const std::string& remote_jid, |
108 const buzz::XmlElement* first_message) { | 112 const buzz::XmlElement* first_message) { |
109 | 113 |
110 size_t slash_pos = local_jid.find('/'); | |
111 if (slash_pos == std::string::npos) { | |
112 LOG(DFATAL) << "Invalid local JID:" << local_jid; | |
113 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); | |
114 } | |
115 | |
116 // Verify that the client's jid is an ASCII string, and then check | 114 // Verify that the client's jid is an ASCII string, and then check |
117 // that the client has the same bare jid as the host, i.e. client's | 115 // that the client has the same bare jid as the host, i.e. client's |
118 // full JID starts with host's bare jid. Comparison is case | 116 // full JID starts with host's bare jid. Comparison is case |
119 // insensitive. | 117 // insensitive. |
120 if (!IsStringASCII(remote_jid) || | 118 if (!IsStringASCII(remote_jid) || |
121 !StartsWithASCII(remote_jid, local_jid.substr(0, slash_pos + 1), false)) { | 119 !StartsWithASCII(remote_jid, host_owner_ + '/', false)) { |
122 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; | 120 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; |
123 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); | 121 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); |
124 } | 122 } |
125 | 123 |
126 if (!local_cert_.empty() && key_pair_.get()) { | 124 if (!local_cert_.empty() && key_pair_.get()) { |
127 if (token_validator_factory_) { | 125 if (token_validator_factory_) { |
128 return NegotiatingHostAuthenticator::CreateWithThirdPartyAuth( | 126 return NegotiatingHostAuthenticator::CreateWithThirdPartyAuth( |
129 local_cert_, key_pair_, | 127 local_cert_, key_pair_, |
130 token_validator_factory_->CreateTokenValidator( | 128 token_validator_factory_->CreateTokenValidator( |
131 local_jid, remote_jid)); | 129 local_jid, remote_jid)); |
132 } | 130 } |
133 | 131 |
134 return NegotiatingHostAuthenticator::CreateWithSharedSecret( | 132 return NegotiatingHostAuthenticator::CreateWithSharedSecret( |
135 local_cert_, key_pair_, shared_secret_hash_.value, | 133 local_cert_, key_pair_, shared_secret_hash_.value, |
136 shared_secret_hash_.hash_function, pairing_registry_); | 134 shared_secret_hash_.hash_function, pairing_registry_); |
137 } | 135 } |
138 | 136 |
139 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); | 137 return scoped_ptr<Authenticator>(new RejectingAuthenticator()); |
140 } | 138 } |
141 | 139 |
142 } // namespace protocol | 140 } // namespace protocol |
143 } // namespace remoting | 141 } // namespace remoting |
OLD | NEW |