Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(916)

Side by Side Diff: remoting/protocol/me2me_host_authenticator_factory.cc

Issue 2682473003: Add support for multiple allowed domains (Closed)
Patch Set: Rework to follow a deprecation approach Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "remoting/protocol/me2me_host_authenticator_factory.h" 5 #include "remoting/protocol/me2me_host_authenticator_factory.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/base64.h" 9 #include "base/base64.h"
10 #include "base/memory/ptr_util.h" 10 #include "base/memory/ptr_util.h"
11 #include "base/strings/string_util.h" 11 #include "base/strings/string_util.h"
12 #include "remoting/base/rsa_key_pair.h" 12 #include "remoting/base/rsa_key_pair.h"
13 #include "remoting/protocol/channel_authenticator.h" 13 #include "remoting/protocol/channel_authenticator.h"
14 #include "remoting/protocol/negotiating_host_authenticator.h" 14 #include "remoting/protocol/negotiating_host_authenticator.h"
15 #include "remoting/protocol/rejecting_authenticator.h" 15 #include "remoting/protocol/rejecting_authenticator.h"
16 #include "remoting/protocol/token_validator.h" 16 #include "remoting/protocol/token_validator.h"
17 #include "remoting/signaling/jid_util.h" 17 #include "remoting/signaling/jid_util.h"
18 #include "third_party/libjingle_xmpp/xmllite/xmlelement.h" 18 #include "third_party/libjingle_xmpp/xmllite/xmlelement.h"
19 19
20 namespace remoting { 20 namespace remoting {
21 namespace protocol { 21 namespace protocol {
22 22
23 // static 23 // static
24 std::unique_ptr<AuthenticatorFactory> 24 std::unique_ptr<AuthenticatorFactory>
25 Me2MeHostAuthenticatorFactory::CreateWithPin( 25 Me2MeHostAuthenticatorFactory::CreateWithPin(
26 bool use_service_account, 26 bool use_service_account,
27 const std::string& host_owner, 27 const std::string& host_owner,
28 const std::string& local_cert, 28 const std::string& local_cert,
29 scoped_refptr<RsaKeyPair> key_pair, 29 scoped_refptr<RsaKeyPair> key_pair,
30 const std::string& required_client_domain, 30 std::vector<std::string> required_client_domain_list,
31 const std::string& pin_hash, 31 const std::string& pin_hash,
32 scoped_refptr<PairingRegistry> pairing_registry) { 32 scoped_refptr<PairingRegistry> pairing_registry) {
33 std::unique_ptr<Me2MeHostAuthenticatorFactory> result( 33 std::unique_ptr<Me2MeHostAuthenticatorFactory> result(
34 new Me2MeHostAuthenticatorFactory()); 34 new Me2MeHostAuthenticatorFactory());
35 result->use_service_account_ = use_service_account; 35 result->use_service_account_ = use_service_account;
36 result->host_owner_ = host_owner; 36 result->host_owner_ = host_owner;
37 result->local_cert_ = local_cert; 37 result->local_cert_ = local_cert;
38 result->key_pair_ = key_pair; 38 result->key_pair_ = key_pair;
39 result->required_client_domain_ = required_client_domain; 39 result->required_client_domain_list_ = std::move(required_client_domain_list);
40 result->pin_hash_ = pin_hash; 40 result->pin_hash_ = pin_hash;
41 result->pairing_registry_ = pairing_registry; 41 result->pairing_registry_ = pairing_registry;
42 return std::move(result); 42 return std::move(result);
43 } 43 }
44 44
45 45
46 // static 46 // static
47 std::unique_ptr<AuthenticatorFactory> 47 std::unique_ptr<AuthenticatorFactory>
48 Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth( 48 Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth(
49 bool use_service_account, 49 bool use_service_account,
50 const std::string& host_owner, 50 const std::string& host_owner,
51 const std::string& local_cert, 51 const std::string& local_cert,
52 scoped_refptr<RsaKeyPair> key_pair, 52 scoped_refptr<RsaKeyPair> key_pair,
53 const std::string& required_client_domain, 53 std::vector<std::string> required_client_domain_list,
54 scoped_refptr<TokenValidatorFactory> token_validator_factory) { 54 scoped_refptr<TokenValidatorFactory> token_validator_factory) {
55 std::unique_ptr<Me2MeHostAuthenticatorFactory> result( 55 std::unique_ptr<Me2MeHostAuthenticatorFactory> result(
56 new Me2MeHostAuthenticatorFactory()); 56 new Me2MeHostAuthenticatorFactory());
57 result->use_service_account_ = use_service_account; 57 result->use_service_account_ = use_service_account;
58 result->host_owner_ = host_owner; 58 result->host_owner_ = host_owner;
59 result->local_cert_ = local_cert; 59 result->local_cert_ = local_cert;
60 result->key_pair_ = key_pair; 60 result->key_pair_ = key_pair;
61 result->required_client_domain_ = required_client_domain; 61 result->required_client_domain_list_ = std::move(required_client_domain_list);
62 result->token_validator_factory_ = token_validator_factory; 62 result->token_validator_factory_ = token_validator_factory;
63 return std::move(result); 63 return std::move(result);
64 } 64 }
65 65
66 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory() {} 66 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory() {}
67 67
68 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() {} 68 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() {}
69 69
70 std::unique_ptr<Authenticator> 70 std::unique_ptr<Authenticator>
71 Me2MeHostAuthenticatorFactory::CreateAuthenticator( 71 Me2MeHostAuthenticatorFactory::CreateAuthenticator(
(...skipping 22 matching lines...) Expand all
94 if (!base::IsStringASCII(remote_jid) || 94 if (!base::IsStringASCII(remote_jid) ||
95 !base::StartsWith(remote_jid, remote_jid_prefix + '/', 95 !base::StartsWith(remote_jid, remote_jid_prefix + '/',
96 base::CompareCase::INSENSITIVE_ASCII)) { 96 base::CompareCase::INSENSITIVE_ASCII)) {
97 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid 97 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid
98 << ": Prefix mismatch. Expected: " << remote_jid_prefix; 98 << ": Prefix mismatch. Expected: " << remote_jid_prefix;
99 return base::WrapUnique( 99 return base::WrapUnique(
100 new RejectingAuthenticator(Authenticator::INVALID_CREDENTIALS)); 100 new RejectingAuthenticator(Authenticator::INVALID_CREDENTIALS));
101 } 101 }
102 102
103 // If necessary, verify that the client's jid belongs to the correct domain. 103 // If necessary, verify that the client's jid belongs to the correct domain.
104 if (!required_client_domain_.empty()) { 104 if (!required_client_domain_list_.empty()) {
105 std::string client_username = remote_jid; 105 std::string client_username = remote_jid;
106 size_t pos = client_username.find('/'); 106 size_t pos = client_username.find('/');
107 if (pos != std::string::npos) { 107 if (pos != std::string::npos) {
108 client_username.replace(pos, std::string::npos, ""); 108 client_username.replace(pos, std::string::npos, "");
109 } 109 }
110 if (!base::EndsWith(client_username, 110 bool matched = false;
111 std::string("@") + required_client_domain_, 111 for (const std::string& domain : required_client_domain_list_) {
112 base::CompareCase::INSENSITIVE_ASCII)) { 112 if (base::EndsWith(client_username, std::string("@") + domain,
113 base::CompareCase::INSENSITIVE_ASCII)) {
114 matched = true;
115 break;
116 }
117 }
118 if (!matched) {
113 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid 119 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid
114 << ": Domain mismatch."; 120 << ": Domain not allowed.";
115 return base::WrapUnique( 121 return base::MakeUnique<RejectingAuthenticator>(
116 new RejectingAuthenticator(Authenticator::INVALID_ACCOUNT)); 122 Authenticator::INVALID_ACCOUNT);
117 } 123 }
118 } 124 }
119 125
120 if (!local_cert_.empty() && key_pair_.get()) { 126 if (!local_cert_.empty() && key_pair_.get()) {
121 std::string normalized_local_jid = NormalizeJid(local_jid); 127 std::string normalized_local_jid = NormalizeJid(local_jid);
122 std::string normalized_remote_jid = NormalizeJid(remote_jid); 128 std::string normalized_remote_jid = NormalizeJid(remote_jid);
123 129
124 if (token_validator_factory_) { 130 if (token_validator_factory_) {
125 return NegotiatingHostAuthenticator::CreateWithThirdPartyAuth( 131 return NegotiatingHostAuthenticator::CreateWithThirdPartyAuth(
126 normalized_local_jid, normalized_remote_jid, local_cert_, key_pair_, 132 normalized_local_jid, normalized_remote_jid, local_cert_, key_pair_,
127 token_validator_factory_); 133 token_validator_factory_);
128 } 134 }
129 135
130 return NegotiatingHostAuthenticator::CreateWithSharedSecret( 136 return NegotiatingHostAuthenticator::CreateWithSharedSecret(
131 normalized_local_jid, normalized_remote_jid, local_cert_, key_pair_, 137 normalized_local_jid, normalized_remote_jid, local_cert_, key_pair_,
132 pin_hash_, pairing_registry_); 138 pin_hash_, pairing_registry_);
133 } 139 }
134 140
135 return base::WrapUnique( 141 return base::WrapUnique(
136 new RejectingAuthenticator(Authenticator::INVALID_CREDENTIALS)); 142 new RejectingAuthenticator(Authenticator::INVALID_CREDENTIALS));
137 } 143 }
138 144
139 } // namespace protocol 145 } // namespace protocol
140 } // namespace remoting 146 } // namespace remoting
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698