1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "remoting/protocol/third_party_host_authenticator.h" 6 7 #include "base/base64.h" 8 #include "base/bind.h" 9 #include "base/callback.h" 10 #include "base/logging.h" 11 #include "remoting/base/constants.h" 12 #include "remoting/base/rsa_key_pair.h" 13 #include "remoting/protocol/token_validator.h" 14 #include "remoting/protocol/v2_authenticator.h" 15 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h" 16 17 namespace remoting { 18 namespace protocol { 19 20 ThirdPartyHostAuthenticator::ThirdPartyHostAuthenticator( 21 const std::string& local_cert, 22 scoped_refptr<RsaKeyPair> key_pair, 23 scoped_ptr<TokenValidator> token_validator) 24 : ThirdPartyAuthenticatorBase(MESSAGE_READY), 25 local_cert_(local_cert), 26 key_pair_(key_pair), 27 token_validator_(token_validator.Pass()) { 28 } 29 30 ThirdPartyHostAuthenticator::~ThirdPartyHostAuthenticator() { 31 } 32 33 void ThirdPartyHostAuthenticator::ProcessTokenMessage( 34 const buzz::XmlElement* message, 35 const base::Closure& resume_callback) { 36 // Host has already sent the URL and expects a token from the client. 37 std::string token = message->TextNamed(kTokenTag); 38 if (token.empty()) { 39 LOG(ERROR) << "Third-party authentication protocol error: missing token."; 40 token_state_ = REJECTED; 41 rejection_reason_ = PROTOCOL_ERROR; 42 resume_callback.Run(); 43 return; 44 } 45 46 token_state_ = PROCESSING_MESSAGE; 47 48 // This message also contains the client's first SPAKE message. Copy the 49 // message into the callback, so that OnThirdPartyTokenValidated can give it 50 // to the underlying SPAKE authenticator that will be created. 51 // |token_validator_| is owned, so Unretained() is safe here. 52 token_validator_->ValidateThirdPartyToken(token, base::Bind( 53 &ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated, 54 base::Unretained(this), 55 base::Owned(new buzz::XmlElement(*message)), 56 resume_callback)); 57 } 58 59 void ThirdPartyHostAuthenticator::AddTokenElements( 60 buzz::XmlElement* message) { 61 DCHECK_EQ(token_state_, MESSAGE_READY); 62 DCHECK(token_validator_->token_url().is_valid()); 63 DCHECK(!token_validator_->token_scope().empty()); 64 65 buzz::XmlElement* token_url_tag = new buzz::XmlElement( 66 kTokenUrlTag); 67 token_url_tag->SetBodyText(token_validator_->token_url().spec()); 68 message->AddElement(token_url_tag); 69 buzz::XmlElement* token_scope_tag = new buzz::XmlElement( 70 kTokenScopeTag); 71 token_scope_tag->SetBodyText(token_validator_->token_scope()); 72 message->AddElement(token_scope_tag); 73 token_state_ = WAITING_MESSAGE; 74 } 75 76 void ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated( 77 const buzz::XmlElement* message, 78 const base::Closure& resume_callback, 79 const std::string& shared_secret) { 80 if (shared_secret.empty()) { 81 token_state_ = REJECTED; 82 rejection_reason_ = INVALID_CREDENTIALS; 83 resume_callback.Run(); 84 return; 85 } 86 87 // The other side already started the SPAKE authentication. 88 token_state_ = ACCEPTED; 89 underlying_ = V2Authenticator::CreateForHost( 90 local_cert_, key_pair_, shared_secret, WAITING_MESSAGE); 91 underlying_->ProcessMessage(message, resume_callback); 92 } 93 94 } // namespace protocol 95 } // namespace remoting 96
