remoting/protocol/third_party_host_authenticator.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "remoting/protocol/third_party_host_authenticator.h"
   6
   7 #include "base/base64.h"
   8 #include "base/bind.h"
   9 #include "base/callback.h"
  10 #include "base/logging.h"
  11 #include "remoting/base/constants.h"
  12 #include "remoting/base/rsa_key_pair.h"
  13 #include "remoting/protocol/token_validator.h"
  14 #include "remoting/protocol/v2_authenticator.h"
  15 #include "third_party/webrtc/libjingle/xmllite/xmlelement.h"
  16
  17 namespace remoting {
  18 namespace protocol {
  19
  20 ThirdPartyHostAuthenticator::ThirdPartyHostAuthenticator(
  21     const std::string& local_cert,
  22     scoped_refptr<RsaKeyPair> key_pair,
  23     scoped_ptr<TokenValidator> token_validator)
  24     : ThirdPartyAuthenticatorBase(MESSAGE_READY),
  25       local_cert_(local_cert),
  26       key_pair_(key_pair),
  27       token_validator_(token_validator.Pass()) {
  28 }
  29
  30 ThirdPartyHostAuthenticator::~ThirdPartyHostAuthenticator() {
  31 }
  32
  33 void ThirdPartyHostAuthenticator::ProcessTokenMessage(
  34     const buzz::XmlElement* message,
  35     const base::Closure& resume_callback) {
  36   // Host has already sent the URL and expects a token from the client.
  37   std::string token = message->TextNamed(kTokenTag);
  38   if (token.empty()) {
  39     LOG(ERROR) << "Third-party authentication protocol error: missing token.";
  40     token_state_ = REJECTED;
  41     rejection_reason_ = PROTOCOL_ERROR;
  42     resume_callback.Run();
  43     return;
  44   }
  45
  46   token_state_ = PROCESSING_MESSAGE;
  47
  48   // This message also contains the client's first SPAKE message. Copy the
  49   // message into the callback, so that OnThirdPartyTokenValidated can give it
  50   // to the underlying SPAKE authenticator that will be created.
  51   // |token_validator_| is owned, so Unretained() is safe here.
  52   token_validator_->ValidateThirdPartyToken(token, base::Bind(
  53           &ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated,
  54           base::Unretained(this),
  55           base::Owned(new buzz::XmlElement(*message)),
  56           resume_callback));
  57 }
  58
  59 void ThirdPartyHostAuthenticator::AddTokenElements(
  60     buzz::XmlElement* message) {
  61   DCHECK_EQ(token_state_, MESSAGE_READY);
  62   DCHECK(token_validator_->token_url().is_valid());
  63   DCHECK(!token_validator_->token_scope().empty());
  64
  65   buzz::XmlElement* token_url_tag = new buzz::XmlElement(
  66       kTokenUrlTag);
  67   token_url_tag->SetBodyText(token_validator_->token_url().spec());
  68   message->AddElement(token_url_tag);
  69   buzz::XmlElement* token_scope_tag = new buzz::XmlElement(
  70       kTokenScopeTag);
  71   token_scope_tag->SetBodyText(token_validator_->token_scope());
  72   message->AddElement(token_scope_tag);
  73   token_state_ = WAITING_MESSAGE;
  74 }
  75
  76 void ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated(
  77     const buzz::XmlElement* message,
  78     const base::Closure& resume_callback,
  79     const std::string& shared_secret) {
  80   if (shared_secret.empty()) {
  81     token_state_ = REJECTED;
  82     rejection_reason_ = INVALID_CREDENTIALS;
  83     resume_callback.Run();
  84     return;
  85   }
  86
  87   // The other side already started the SPAKE authentication.
  88   token_state_ = ACCEPTED;
  89   underlying_ = V2Authenticator::CreateForHost(
  90       local_cert_, key_pair_, shared_secret, WAITING_MESSAGE);
  91   underlying_->ProcessMessage(message, resume_callback);
  92 }
  93
  94 }  // namespace protocol
  95 }  // namespace remoting