Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(201)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: remoting/host/third_party_auth_config.cc

Issue 966433002: Malformed PortRange or ThirdPartyAuthConfig trigger OnPolicyError. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixing a Windows-specific, pre-processor-related build break. Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « remoting/host/third_party_auth_config.h ('k') | remoting/host/third_party_auth_config_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "remoting/host/third_party_auth_config.h"
6
7 #include "base/logging.h"
8 #include "base/values.h"
9 #include "policy/policy_constants.h"
10
11 namespace remoting {
12
13 namespace {
14
15 bool ParseUrlPolicy(const std::string& str, GURL* out) {
16 if (str.empty()) {
17 *out = GURL();
18 return true;
19 }
20
21 GURL gurl(str);
22 if (!gurl.is_valid()) {
23 LOG(ERROR) << "Not a valid URL: " << str;
24 return false;
25 }
26 // We validate https-vs-http only on Release builds to help with manual testing.
27 #if defined(NDEBUG)
28 if (!gurl.SchemeIsSecure()) {
29 LOG(ERROR) << "Not a secure URL: " << str;
30 return false;
31 }
32 #endif
33
34 *out = gurl;
35 return true;
36 }
37
38 } // namespace
39
40 bool ThirdPartyAuthConfig::ParseStrings(
41 const std::string& token_url,
42 const std::string& token_validation_url,
43 const std::string& token_validation_cert_issuer,
44 ThirdPartyAuthConfig* result) {
45 ThirdPartyAuthConfig tmp;
46
47 // Extract raw values for the 3 individual fields.
48 bool urls_valid = true;
49 urls_valid &= ParseUrlPolicy(token_url, &tmp.token_url);
50 urls_valid &= ParseUrlPolicy(token_validation_url, &tmp.token_validation_url);
51 if (!urls_valid) {
52 return false;
53 }
54 tmp.token_validation_cert_issuer = token_validation_cert_issuer;
55
56 // Validate inter-dependencies between the 3 fields.
57 if (tmp.token_url.is_empty() ^ tmp.token_validation_url.is_empty()) {
58 LOG(ERROR) << "TokenUrl and TokenValidationUrl "
59 << "have to be specified together.";
60 return false;
61 }
62 if (!tmp.token_validation_cert_issuer.empty() && tmp.token_url.is_empty()) {
63 LOG(ERROR) << "TokenValidationCertificateIssuer cannot be used "
64 << "without TokenUrl and TokenValidationUrl.";
65 return false;
66 }
67
68 *result = tmp;
69 return true;
70 }
71
72 namespace {
73
74 void ExtractHelper(const base::DictionaryValue& policy_dict,
75 const std::string& policy_name,
76 bool* policy_present,
77 std::string* policy_value) {
78 if (policy_dict.GetString(policy_name, policy_value)) {
79 *policy_present = true;
80 } else {
81 policy_value->clear();
82 }
83 }
84
85 } // namespace
86
87 bool ThirdPartyAuthConfig::ExtractStrings(
88 const base::DictionaryValue& policy_dict,
89 std::string* token_url,
90 std::string* token_validation_url,
91 std::string* token_validation_cert_issuer) {
92 bool policies_present = false;
93 ExtractHelper(policy_dict, policy::key::kRemoteAccessHostTokenUrl,
94 &policies_present, token_url);
95 ExtractHelper(policy_dict, policy::key::kRemoteAccessHostTokenValidationUrl,
96 &policies_present, token_validation_url);
97 ExtractHelper(policy_dict,
98 policy::key::kRemoteAccessHostTokenValidationCertificateIssuer,
99 &policies_present, token_validation_cert_issuer);
100 return policies_present;
101 }
102
103 ThirdPartyAuthConfig::ParseStatus ThirdPartyAuthConfig::Parse(
104 const base::DictionaryValue& policy_dict,
105 ThirdPartyAuthConfig* result) {
106 // Extract 3 individial policy values.
107 std::string token_url;
108 std::string token_validation_url;
109 std::string token_validation_cert_issuer;
110 if (!ThirdPartyAuthConfig::ExtractStrings(policy_dict, &token_url,
111 &token_validation_url,
112 &token_validation_cert_issuer)) {
113 return NoPolicy;
114 }
115
116 // Parse the policy value.
117 if (!ThirdPartyAuthConfig::ParseStrings(token_url, token_validation_url,
118 token_validation_cert_issuer,
119 result)) {
120 return InvalidPolicy;
121 }
122
123 return ParsingSuccess;
124 }
125
126 std::ostream& operator<<(std::ostream& os, const ThirdPartyAuthConfig& cfg) {
127 if (cfg.is_null()) {
128 os << "<no 3rd party auth config specified>";
129 } else {
130 os << "TokenUrl = <" << cfg.token_url << ">, ";
131 os << "TokenValidationUrl = <" << cfg.token_validation_url << ">, ";
132 os << "TokenValidationCertificateIssuer = <"
133 << cfg.token_validation_cert_issuer << ">";
134 }
135 return os;
136 }
137
138 } // namespace remoting
OLDNEW
« no previous file with comments | « remoting/host/third_party_auth_config.h ('k') | remoting/host/third_party_auth_config_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698