summaryrefslogtreecommitdiffstats
path: root/remoting/protocol/me2me_host_authenticator_factory.cc
blob: ad813f776dc6b741112a91505842f3d7b4198e92 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "remoting/protocol/me2me_host_authenticator_factory.h"

#include "base/base64.h"
#include "base/string_util.h"
#include "crypto/rsa_private_key.h"
#include "remoting/protocol/channel_authenticator.h"
#include "remoting/protocol/negotiating_authenticator.h"
#include "third_party/libjingle/source/talk/xmllite/xmlelement.h"

namespace remoting {
namespace protocol {

namespace {

// Authenticator that accepts one message and rejects connection after that.
class RejectingAuthenticator : public Authenticator {
 public:
  RejectingAuthenticator()
      : state_(WAITING_MESSAGE) {
  }
  virtual ~RejectingAuthenticator() {
  }

  virtual State state() const OVERRIDE {
    return state_;
  }

  virtual RejectionReason rejection_reason() const OVERRIDE {
    DCHECK_EQ(state_, REJECTED);
    return INVALID_CREDENTIALS;
  }

  virtual void ProcessMessage(const buzz::XmlElement* message) OVERRIDE {
    DCHECK_EQ(state_, WAITING_MESSAGE);
    state_ = REJECTED;
  }

  virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE {
    NOTREACHED();
    return scoped_ptr<buzz::XmlElement>(NULL);
  }

  virtual scoped_ptr<ChannelAuthenticator>
  CreateChannelAuthenticator() const OVERRIDE {
    NOTREACHED();
    return scoped_ptr<ChannelAuthenticator>(NULL);
  }

 protected:
  State state_;
};

}  // namespace

Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory(
    const std::string& local_cert,
    const crypto::RSAPrivateKey& local_private_key,
    const SharedSecretHash& shared_secret_hash)
    : local_cert_(local_cert),
      local_private_key_(local_private_key.Copy()),
      shared_secret_hash_(shared_secret_hash) {
}

Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() {
}

scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator(
    const std::string& local_jid,
    const std::string& remote_jid,
    const buzz::XmlElement* first_message) {

  size_t slash_pos = local_jid.find('/');
  if (slash_pos == std::string::npos) {
    LOG(DFATAL) << "Invalid local JID:" << local_jid;
    return scoped_ptr<Authenticator>(new RejectingAuthenticator());
  }

  // Verify that the client's jid is an ASCII string, and then check
  // that the client has the same bare jid as the host, i.e. client's
  // full JID starts with host's bare jid. Comparison is case
  // insensitive.
  if (!IsStringASCII(remote_jid) ||
      !StartsWithASCII(remote_jid, local_jid.substr(0, slash_pos + 1), false)) {
    LOG(ERROR) << "Rejecting incoming connection from " << remote_jid;
    return scoped_ptr<Authenticator>(new RejectingAuthenticator());
  }

  return NegotiatingAuthenticator::CreateForHost(
      local_cert_, *local_private_key_, shared_secret_hash_.value,
      shared_secret_hash_.hash_function);
}

}  // namespace protocol
}  // namespace remoting