OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "remoting/host/third_party_auth_config.h" | |
6 | |
7 #include "base/logging.h" | |
8 #include "base/values.h" | |
9 #include "policy/policy_constants.h" | |
10 | |
11 namespace remoting { | |
12 | |
13 namespace { | |
14 | |
15 bool ParseUrlPolicy(const std::string& str, GURL* out) { | |
16 if (str.empty()) { | |
17 *out = GURL(); | |
18 return true; | |
19 } | |
20 | |
21 GURL gurl(str); | |
22 if (!gurl.is_valid()) { | |
23 LOG(ERROR) << "Not a valid URL: " << str; | |
24 return false; | |
25 } | |
26 if (!gurl.SchemeIsSecure()) { | |
27 LOG(ERROR) << "Not a secure URL: " << str; | |
rmsousa
2015/02/27 23:56:14
was this a security requirement? can we make it re
Łukasz Anforowicz
2015/03/02 17:34:47
Not an official security requirement - this is jus
| |
28 return false; | |
29 } | |
30 | |
31 *out = gurl; | |
32 return true; | |
33 } | |
34 | |
35 } // namespace | |
36 | |
37 bool ThirdPartyAuthConfig::Parse( | |
38 const std::string& token_url, | |
39 const std::string& token_validation_url, | |
40 const std::string& token_validation_cert_issuer, | |
41 ThirdPartyAuthConfig* result) { | |
42 ThirdPartyAuthConfig tmp; | |
43 | |
44 // Extract raw values for the 3 individial fields. | |
rmsousa
2015/02/27 23:56:14
nit: individual
Łukasz Anforowicz
2015/03/02 17:34:47
Done.
| |
45 bool urls_valid = true; | |
46 urls_valid &= ParseUrlPolicy(token_url, &tmp.token_url); | |
47 urls_valid &= ParseUrlPolicy(token_validation_url, &tmp.token_validation_url); | |
48 if (!urls_valid) { | |
49 return false; | |
50 } | |
51 tmp.token_validation_cert_issuer = token_validation_cert_issuer; | |
52 | |
53 // Validate inter-dependencies between the 3 fields. | |
54 if (tmp.token_url.is_empty() ^ tmp.token_validation_url.is_empty()) { | |
55 LOG(ERROR) << "TokenUrl and TokenValidationUrl " | |
56 << "have to be specified together."; | |
57 return false; | |
58 } | |
59 if (!tmp.token_validation_cert_issuer.empty() && tmp.token_url.is_empty()) { | |
60 LOG(ERROR) << "TokenValidationCertificateIssuer cannot be used " | |
61 << "without TokenUrl and TokenValidationUrl."; | |
62 return false; | |
63 } | |
64 | |
65 *result = tmp; | |
66 return true; | |
67 } | |
68 | |
69 namespace { | |
70 | |
71 void ExtractHelper(const base::DictionaryValue& policy_dict, | |
72 const std::string& policy_name, | |
73 bool* policy_present, | |
74 std::string* policy_value) { | |
75 if (policy_dict.GetString(policy_name, policy_value)) { | |
76 *policy_present = true; | |
77 } else { | |
78 policy_value->clear(); | |
79 } | |
80 } | |
81 | |
82 } // namespace | |
83 | |
84 bool ThirdPartyAuthConfig::ExtractPolicyValues( | |
85 const base::DictionaryValue& policy_dict, | |
86 std::string* token_url, | |
87 std::string* token_validation_url, | |
88 std::string* token_validation_cert_issuer) { | |
89 bool policies_present = false; | |
90 ExtractHelper(policy_dict, policy::key::kRemoteAccessHostTokenUrl, | |
91 &policies_present, token_url); | |
92 ExtractHelper(policy_dict, policy::key::kRemoteAccessHostTokenValidationUrl, | |
93 &policies_present, token_validation_url); | |
94 ExtractHelper(policy_dict, | |
95 policy::key::kRemoteAccessHostTokenValidationCertificateIssuer, | |
96 &policies_present, token_validation_cert_issuer); | |
97 return policies_present; | |
98 } | |
99 | |
100 std::ostream& operator<<(std::ostream& os, const ThirdPartyAuthConfig& cfg) { | |
101 if (cfg.is_null()) { | |
102 os << "<no 3rd party auth config specified>"; | |
103 } else { | |
104 os << "TokenUrl = " << cfg.token_url << ", "; | |
rmsousa
2015/02/27 23:56:14
super nit: enclose in <> as well?
Łukasz Anforowicz
2015/03/02 17:34:47
Done.
| |
105 os << "TokenValidationUrl = " << cfg.token_validation_url << ", "; | |
106 os << "TokenValidationCertificateIssuer = " | |
107 << cfg.token_validation_cert_issuer; | |
108 } | |
109 return os; | |
110 } | |
111 | |
112 } // namespace remoting | |
OLD | NEW |