1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "remoting/protocol/third_party_host_authenticator.h" 6 7 #include "base/base64.h" 8 #include "base/bind.h" 9 #include "base/callback.h" 10 #include "base/logging.h" 11 #include "remoting/base/constants.h" 12 #include "remoting/base/rsa_key_pair.h" 13 #include "remoting/protocol/v2_authenticator.h" 14 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h" 15 16 namespace remoting { 17 namespace protocol { 18 19 ThirdPartyHostAuthenticator::ThirdPartyHostAuthenticator( 20 const std::string& local_cert, 21 scoped_refptr<RsaKeyPair> key_pair, 22 scoped_ptr<TokenValidator> token_validator) 23 : ThirdPartyAuthenticatorBase(MESSAGE_READY), 24 local_cert_(local_cert), 25 key_pair_(key_pair), 26 token_validator_(token_validator.Pass()) { 27 } 28 29 ThirdPartyHostAuthenticator::~ThirdPartyHostAuthenticator() { 30 } 31 32 void ThirdPartyHostAuthenticator::ProcessTokenMessage( 33 const buzz::XmlElement* message, 34 const base::Closure& resume_callback) { 35 // Host has already sent the URL and expects a token from the client. 36 std::string token = message->TextNamed(kTokenTag); 37 if (token.empty()) { 38 LOG(ERROR) << "Third-party authentication protocol error: missing token."; 39 token_state_ = REJECTED; 40 rejection_reason_ = PROTOCOL_ERROR; 41 resume_callback.Run(); 42 return; 43 } 44 45 token_state_ = PROCESSING_MESSAGE; 46 47 // This message also contains the client's first SPAKE message. Copy the 48 // message into the callback, so that OnThirdPartyTokenValidated can give it 49 // to the underlying SPAKE authenticator that will be created. 50 // |token_validator_| is owned, so Unretained() is safe here. 51 token_validator_->ValidateThirdPartyToken(token, base::Bind( 52 &ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated, 53 base::Unretained(this), 54 base::Owned(new buzz::XmlElement(*message)), 55 resume_callback)); 56 } 57 58 void ThirdPartyHostAuthenticator::AddTokenElements( 59 buzz::XmlElement* message) { 60 DCHECK_EQ(token_state_, MESSAGE_READY); 61 DCHECK(token_validator_->token_url().is_valid()); 62 DCHECK(!token_validator_->token_scope().empty()); 63 64 buzz::XmlElement* token_url_tag = new buzz::XmlElement( 65 kTokenUrlTag); 66 token_url_tag->SetBodyText(token_validator_->token_url().spec()); 67 message->AddElement(token_url_tag); 68 buzz::XmlElement* token_scope_tag = new buzz::XmlElement( 69 kTokenScopeTag); 70 token_scope_tag->SetBodyText(token_validator_->token_scope()); 71 message->AddElement(token_scope_tag); 72 token_state_ = WAITING_MESSAGE; 73 } 74 75 void ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated( 76 const buzz::XmlElement* message, 77 const base::Closure& resume_callback, 78 const std::string& shared_secret) { 79 if (shared_secret.empty()) { 80 token_state_ = REJECTED; 81 rejection_reason_ = INVALID_CREDENTIALS; 82 resume_callback.Run(); 83 return; 84 } 85 86 // The other side already started the SPAKE authentication. 87 token_state_ = ACCEPTED; 88 underlying_ = V2Authenticator::CreateForHost( 89 local_cert_, key_pair_, shared_secret, WAITING_MESSAGE); 90 underlying_->ProcessMessage(message, resume_callback); 91 } 92 93 } // namespace protocol 94 } // namespace remoting 95
