1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "remoting/protocol/third_party_host_authenticator.h"
7 #include "base/base64.h"
9 #include "base/callback.h"
10 #include "base/logging.h"
11 #include "remoting/base/constants.h"
12 #include "remoting/base/rsa_key_pair.h"
13 #include "remoting/protocol/token_validator.h"
14 #include "remoting/protocol/v2_authenticator.h"
15 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
20 ThirdPartyHostAuthenticator::ThirdPartyHostAuthenticator(
21 const std::string
& local_cert
,
22 scoped_refptr
<RsaKeyPair
> key_pair
,
23 scoped_ptr
<TokenValidator
> token_validator
)
24 : ThirdPartyAuthenticatorBase(MESSAGE_READY
),
25 local_cert_(local_cert
),
27 token_validator_(token_validator
.Pass()) {
30 ThirdPartyHostAuthenticator::~ThirdPartyHostAuthenticator() {
33 void ThirdPartyHostAuthenticator::ProcessTokenMessage(
34 const buzz::XmlElement
* message
,
35 const base::Closure
& resume_callback
) {
36 // Host has already sent the URL and expects a token from the client.
37 std::string token
= message
->TextNamed(kTokenTag
);
39 LOG(ERROR
) << "Third-party authentication protocol error: missing token.";
40 token_state_
= REJECTED
;
41 rejection_reason_
= PROTOCOL_ERROR
;
42 resume_callback
.Run();
46 token_state_
= PROCESSING_MESSAGE
;
48 // This message also contains the client's first SPAKE message. Copy the
49 // message into the callback, so that OnThirdPartyTokenValidated can give it
50 // to the underlying SPAKE authenticator that will be created.
51 // |token_validator_| is owned, so Unretained() is safe here.
52 token_validator_
->ValidateThirdPartyToken(token
, base::Bind(
53 &ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated
,
54 base::Unretained(this),
55 base::Owned(new buzz::XmlElement(*message
)),
59 void ThirdPartyHostAuthenticator::AddTokenElements(
60 buzz::XmlElement
* message
) {
61 DCHECK_EQ(token_state_
, MESSAGE_READY
);
62 DCHECK(token_validator_
->token_url().is_valid());
63 DCHECK(!token_validator_
->token_scope().empty());
65 buzz::XmlElement
* token_url_tag
= new buzz::XmlElement(
67 token_url_tag
->SetBodyText(token_validator_
->token_url().spec());
68 message
->AddElement(token_url_tag
);
69 buzz::XmlElement
* token_scope_tag
= new buzz::XmlElement(
71 token_scope_tag
->SetBodyText(token_validator_
->token_scope());
72 message
->AddElement(token_scope_tag
);
73 token_state_
= WAITING_MESSAGE
;
76 void ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated(
77 const buzz::XmlElement
* message
,
78 const base::Closure
& resume_callback
,
79 const std::string
& shared_secret
) {
80 if (shared_secret
.empty()) {
81 token_state_
= REJECTED
;
82 rejection_reason_
= INVALID_CREDENTIALS
;
83 resume_callback
.Run();
87 // The other side already started the SPAKE authentication.
88 token_state_
= ACCEPTED
;
89 underlying_
= V2Authenticator::CreateForHost(
90 local_cert_
, key_pair_
, shared_secret
, WAITING_MESSAGE
);
91 underlying_
->ProcessMessage(message
, resume_callback
);
94 } // namespace protocol
95 } // namespace remoting