summaryrefslogtreecommitdiffstats
path: root/remoting/protocol/third_party_client_authenticator.cc
blob: 27d792b43c726f034b8775d0a346b10862f4bc0d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "remoting/protocol/third_party_client_authenticator.h"

#include "base/base64.h"
#include "base/bind.h"
#include "base/callback.h"
#include "base/logging.h"
#include "googleurl/src/gurl.h"
#include "remoting/base/constants.h"
#include "remoting/base/rsa_key_pair.h"
#include "remoting/protocol/channel_authenticator.h"
#include "remoting/protocol/v2_authenticator.h"
#include "third_party/libjingle/source/talk/xmllite/xmlelement.h"

namespace remoting {
namespace protocol {

ThirdPartyClientAuthenticator::ThirdPartyClientAuthenticator(
    scoped_ptr<TokenFetcher> token_fetcher)
    : ThirdPartyAuthenticatorBase(WAITING_MESSAGE),
      token_fetcher_(token_fetcher.Pass()) {
}

ThirdPartyClientAuthenticator::~ThirdPartyClientAuthenticator() {
}

void ThirdPartyClientAuthenticator::ProcessTokenMessage(
    const buzz::XmlElement* message,
    const base::Closure& resume_callback) {
  std::string token_url = message->TextNamed(kTokenUrlTag);
  std::string token_scope = message->TextNamed(kTokenScopeTag);

  if (token_url.empty() || token_scope.empty()) {
    LOG(ERROR) << "Third-party authentication protocol error: "
        "missing token verification URL or scope.";
    token_state_ = REJECTED;
    rejection_reason_ = PROTOCOL_ERROR;
    resume_callback.Run();
    return;
  }

  token_state_ = PROCESSING_MESSAGE;

  // |token_fetcher_| is owned, so Unretained() is safe here.
  token_fetcher_->FetchThirdPartyToken(
      GURL(token_url), token_scope, base::Bind(
          &ThirdPartyClientAuthenticator::OnThirdPartyTokenFetched,
          base::Unretained(this), resume_callback));
}

void ThirdPartyClientAuthenticator::AddTokenElements(
    buzz::XmlElement* message) {
  DCHECK_EQ(token_state_, MESSAGE_READY);
  DCHECK(!token_.empty());

  buzz::XmlElement* token_tag = new buzz::XmlElement(kTokenTag);
  token_tag->SetBodyText(token_);
  message->AddElement(token_tag);
  token_state_ = ACCEPTED;
}

void ThirdPartyClientAuthenticator::OnThirdPartyTokenFetched(
    const base::Closure& resume_callback,
    const std::string& third_party_token,
    const std::string& shared_secret) {
  token_ = third_party_token;
  if (token_.empty() || shared_secret.empty()) {
    token_state_ = REJECTED;
    rejection_reason_ = INVALID_CREDENTIALS;
  } else {
    token_state_ = MESSAGE_READY;
    underlying_ = V2Authenticator::CreateForClient(
        shared_secret, MESSAGE_READY);
  }
  resume_callback.Run();
}

}  // namespace protocol
}  // namespace remoting