Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / remoting / host / third_party_auth_config.cc
blob264bcb3d680766ea63c6b845d7deef911743a857
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "remoting/host/third_party_auth_config.h"
7 #include "base/logging.h"
8 #include "base/values.h"
9 #include "policy/policy_constants.h"
11 namespace remoting {
13 namespace {
15 bool ParseUrlPolicy(const std::string& str, GURL* out) {
16 if (str.empty()) {
17 *out = GURL();
18 return true;
21 GURL gurl(str);
22 if (!gurl.is_valid()) {
23 LOG(ERROR) << "Not a valid URL: " << str;
24 return false;
26 // We validate https-vs-http only on Release builds to help with manual testing.
27 #if defined(NDEBUG)
28 if (!gurl.SchemeIsCryptographic()) {
29 LOG(ERROR) << "Not a secure URL: " << str;
30 return false;
32 #endif
34 *out = gurl;
35 return true;
38 } // namespace
40 bool ThirdPartyAuthConfig::ParseStrings(
41 const std::string& token_url,
42 const std::string& token_validation_url,
43 const std::string& token_validation_cert_issuer,
44 ThirdPartyAuthConfig* result) {
45 ThirdPartyAuthConfig tmp;
47 // Extract raw values for the 3 individual fields.
48 bool urls_valid = true;
49 urls_valid &= ParseUrlPolicy(token_url, &tmp.token_url);
50 urls_valid &= ParseUrlPolicy(token_validation_url, &tmp.token_validation_url);
51 if (!urls_valid) {
52 return false;
54 tmp.token_validation_cert_issuer = token_validation_cert_issuer;
56 // Validate inter-dependencies between the 3 fields.
57 if (tmp.token_url.is_empty() ^ tmp.token_validation_url.is_empty()) {
58 LOG(ERROR) << "TokenUrl and TokenValidationUrl "
59 << "have to be specified together.";
60 return false;
62 if (!tmp.token_validation_cert_issuer.empty() && tmp.token_url.is_empty()) {
63 LOG(ERROR) << "TokenValidationCertificateIssuer cannot be used "
64 << "without TokenUrl and TokenValidationUrl.";
65 return false;
68 *result = tmp;
69 return true;
72 namespace {
74 void ExtractHelper(const base::DictionaryValue& policy_dict,
75 const std::string& policy_name,
76 bool* policy_present,
77 std::string* policy_value) {
78 if (policy_dict.GetString(policy_name, policy_value)) {
79 *policy_present = true;
80 } else {
81 policy_value->clear();
85 } // namespace
87 bool ThirdPartyAuthConfig::ExtractStrings(
88 const base::DictionaryValue& policy_dict,
89 std::string* token_url,
90 std::string* token_validation_url,
91 std::string* token_validation_cert_issuer) {
92 bool policies_present = false;
93 ExtractHelper(policy_dict, policy::key::kRemoteAccessHostTokenUrl,
94 &policies_present, token_url);
95 ExtractHelper(policy_dict, policy::key::kRemoteAccessHostTokenValidationUrl,
96 &policies_present, token_validation_url);
97 ExtractHelper(policy_dict,
98 policy::key::kRemoteAccessHostTokenValidationCertificateIssuer,
99 &policies_present, token_validation_cert_issuer);
100 return policies_present;
103 ThirdPartyAuthConfig::ParseStatus ThirdPartyAuthConfig::Parse(
104 const base::DictionaryValue& policy_dict,
105 ThirdPartyAuthConfig* result) {
106 // Extract 3 individial policy values.
107 std::string token_url;
108 std::string token_validation_url;
109 std::string token_validation_cert_issuer;
110 if (!ThirdPartyAuthConfig::ExtractStrings(policy_dict, &token_url,
111 &token_validation_url,
112 &token_validation_cert_issuer)) {
113 return NoPolicy;
116 // Parse the policy value.
117 if (!ThirdPartyAuthConfig::ParseStrings(token_url, token_validation_url,
118 token_validation_cert_issuer,
119 result)) {
120 return InvalidPolicy;
123 return ParsingSuccess;
126 std::ostream& operator<<(std::ostream& os, const ThirdPartyAuthConfig& cfg) {
127 if (cfg.is_null()) {
128 os << "<no 3rd party auth config specified>";
129 } else {
130 os << "TokenUrl = <" << cfg.token_url << ">, ";
131 os << "TokenValidationUrl = <" << cfg.token_validation_url << ">, ";
132 os << "TokenValidationCertificateIssuer = <"
133 << cfg.token_validation_cert_issuer << ">";
135 return os;
138 } // namespace remoting