OLD | NEW |
(Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "remoting/host/third_party_auth_config.h" |
| 6 |
| 7 #include "base/logging.h" |
| 8 #include "base/values.h" |
| 9 #include "policy/policy_constants.h" |
| 10 |
| 11 namespace remoting { |
| 12 |
| 13 namespace { |
| 14 |
| 15 bool ParseUrlPolicy(const std::string& str, GURL* out) { |
| 16 if (str.empty()) { |
| 17 *out = GURL(); |
| 18 return true; |
| 19 } |
| 20 |
| 21 GURL gurl(str); |
| 22 if (!gurl.is_valid()) { |
| 23 LOG(ERROR) << "Not a valid URL: " << str; |
| 24 return false; |
| 25 } |
| 26 // We validate https-vs-http only on Release builds to help with manual testing. |
| 27 #if defined(NDEBUG) |
| 28 if (!gurl.SchemeIsSecure()) { |
| 29 LOG(ERROR) << "Not a secure URL: " << str; |
| 30 return false; |
| 31 } |
| 32 #endif |
| 33 |
| 34 *out = gurl; |
| 35 return true; |
| 36 } |
| 37 |
| 38 } // namespace |
| 39 |
| 40 bool ThirdPartyAuthConfig::ParseStrings( |
| 41 const std::string& token_url, |
| 42 const std::string& token_validation_url, |
| 43 const std::string& token_validation_cert_issuer, |
| 44 ThirdPartyAuthConfig* result) { |
| 45 ThirdPartyAuthConfig tmp; |
| 46 |
| 47 // Extract raw values for the 3 individual fields. |
| 48 bool urls_valid = true; |
| 49 urls_valid &= ParseUrlPolicy(token_url, &tmp.token_url); |
| 50 urls_valid &= ParseUrlPolicy(token_validation_url, &tmp.token_validation_url); |
| 51 if (!urls_valid) { |
| 52 return false; |
| 53 } |
| 54 tmp.token_validation_cert_issuer = token_validation_cert_issuer; |
| 55 |
| 56 // Validate inter-dependencies between the 3 fields. |
| 57 if (tmp.token_url.is_empty() ^ tmp.token_validation_url.is_empty()) { |
| 58 LOG(ERROR) << "TokenUrl and TokenValidationUrl " |
| 59 << "have to be specified together."; |
| 60 return false; |
| 61 } |
| 62 if (!tmp.token_validation_cert_issuer.empty() && tmp.token_url.is_empty()) { |
| 63 LOG(ERROR) << "TokenValidationCertificateIssuer cannot be used " |
| 64 << "without TokenUrl and TokenValidationUrl."; |
| 65 return false; |
| 66 } |
| 67 |
| 68 *result = tmp; |
| 69 return true; |
| 70 } |
| 71 |
| 72 namespace { |
| 73 |
| 74 void ExtractHelper(const base::DictionaryValue& policy_dict, |
| 75 const std::string& policy_name, |
| 76 bool* policy_present, |
| 77 std::string* policy_value) { |
| 78 if (policy_dict.GetString(policy_name, policy_value)) { |
| 79 *policy_present = true; |
| 80 } else { |
| 81 policy_value->clear(); |
| 82 } |
| 83 } |
| 84 |
| 85 } // namespace |
| 86 |
| 87 bool ThirdPartyAuthConfig::ExtractStrings( |
| 88 const base::DictionaryValue& policy_dict, |
| 89 std::string* token_url, |
| 90 std::string* token_validation_url, |
| 91 std::string* token_validation_cert_issuer) { |
| 92 bool policies_present = false; |
| 93 ExtractHelper(policy_dict, policy::key::kRemoteAccessHostTokenUrl, |
| 94 &policies_present, token_url); |
| 95 ExtractHelper(policy_dict, policy::key::kRemoteAccessHostTokenValidationUrl, |
| 96 &policies_present, token_validation_url); |
| 97 ExtractHelper(policy_dict, |
| 98 policy::key::kRemoteAccessHostTokenValidationCertificateIssuer, |
| 99 &policies_present, token_validation_cert_issuer); |
| 100 return policies_present; |
| 101 } |
| 102 |
| 103 ThirdPartyAuthConfig::ParseStatus ThirdPartyAuthConfig::Parse( |
| 104 const base::DictionaryValue& policy_dict, |
| 105 ThirdPartyAuthConfig* result) { |
| 106 // Extract 3 individial policy values. |
| 107 std::string token_url; |
| 108 std::string token_validation_url; |
| 109 std::string token_validation_cert_issuer; |
| 110 if (!ThirdPartyAuthConfig::ExtractStrings(policy_dict, &token_url, |
| 111 &token_validation_url, |
| 112 &token_validation_cert_issuer)) { |
| 113 return NoPolicy; |
| 114 } |
| 115 |
| 116 // Parse the policy value. |
| 117 if (!ThirdPartyAuthConfig::ParseStrings(token_url, token_validation_url, |
| 118 token_validation_cert_issuer, |
| 119 result)) { |
| 120 return InvalidPolicy; |
| 121 } |
| 122 |
| 123 return ParsingSuccess; |
| 124 } |
| 125 |
| 126 std::ostream& operator<<(std::ostream& os, const ThirdPartyAuthConfig& cfg) { |
| 127 if (cfg.is_null()) { |
| 128 os << "<no 3rd party auth config specified>"; |
| 129 } else { |
| 130 os << "TokenUrl = <" << cfg.token_url << ">, "; |
| 131 os << "TokenValidationUrl = <" << cfg.token_validation_url << ">, "; |
| 132 os << "TokenValidationCertificateIssuer = <" |
| 133 << cfg.token_validation_cert_issuer << ">"; |
| 134 } |
| 135 return os; |
| 136 } |
| 137 |
| 138 } // namespace remoting |
OLD | NEW |