1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "remoting/protocol/third_party_host_authenticator.h"
#include "base/base64.h"
#include "base/bind.h"
#include "base/callback.h"
#include "base/logging.h"
#include "remoting/base/constants.h"
#include "remoting/base/rsa_key_pair.h"
#include "remoting/protocol/v2_authenticator.h"
#include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
namespace remoting {
namespace protocol {
ThirdPartyHostAuthenticator::ThirdPartyHostAuthenticator(
const std::string& local_cert,
scoped_refptr<RsaKeyPair> key_pair,
scoped_ptr<TokenValidator> token_validator)
: ThirdPartyAuthenticatorBase(MESSAGE_READY),
local_cert_(local_cert),
key_pair_(key_pair),
token_validator_(token_validator.Pass()) {
}
ThirdPartyHostAuthenticator::~ThirdPartyHostAuthenticator() {
}
void ThirdPartyHostAuthenticator::ProcessTokenMessage(
const buzz::XmlElement* message,
const base::Closure& resume_callback) {
// Host has already sent the URL and expects a token from the client.
std::string token = message->TextNamed(kTokenTag);
if (token.empty()) {
LOG(ERROR) << "Third-party authentication protocol error: missing token.";
token_state_ = REJECTED;
rejection_reason_ = PROTOCOL_ERROR;
resume_callback.Run();
return;
}
token_state_ = PROCESSING_MESSAGE;
// This message also contains the client's first SPAKE message. Copy the
// message into the callback, so that OnThirdPartyTokenValidated can give it
// to the underlying SPAKE authenticator that will be created.
// |token_validator_| is owned, so Unretained() is safe here.
token_validator_->ValidateThirdPartyToken(token, base::Bind(
&ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated,
base::Unretained(this),
base::Owned(new buzz::XmlElement(*message)),
resume_callback));
}
void ThirdPartyHostAuthenticator::AddTokenElements(
buzz::XmlElement* message) {
DCHECK_EQ(token_state_, MESSAGE_READY);
DCHECK(token_validator_->token_url().is_valid());
DCHECK(!token_validator_->token_scope().empty());
buzz::XmlElement* token_url_tag = new buzz::XmlElement(
kTokenUrlTag);
token_url_tag->SetBodyText(token_validator_->token_url().spec());
message->AddElement(token_url_tag);
buzz::XmlElement* token_scope_tag = new buzz::XmlElement(
kTokenScopeTag);
token_scope_tag->SetBodyText(token_validator_->token_scope());
message->AddElement(token_scope_tag);
token_state_ = WAITING_MESSAGE;
}
void ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated(
const buzz::XmlElement* message,
const base::Closure& resume_callback,
const std::string& shared_secret) {
if (shared_secret.empty()) {
token_state_ = REJECTED;
rejection_reason_ = INVALID_CREDENTIALS;
resume_callback.Run();
return;
}
// The other side already started the SPAKE authentication.
token_state_ = ACCEPTED;
underlying_ = V2Authenticator::CreateForHost(
local_cert_, key_pair_, shared_secret, WAITING_MESSAGE);
underlying_->ProcessMessage(message, resume_callback);
}
} // namespace protocol
} // namespace remoting
|