remoting/protocol/me2me_host_authenticator_factory.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "remoting/protocol/me2me_host_authenticator_factory.h"
   6
   7 #include "base/base64.h"
   8 #include "base/strings/string_util.h"
   9 #include "remoting/base/rsa_key_pair.h"
  10 #include "remoting/protocol/channel_authenticator.h"
  11 #include "remoting/protocol/negotiating_host_authenticator.h"
  12 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
  13
  14 namespace remoting {
  15 namespace protocol {
  16
  17 namespace {
  18
  19 // Authenticator that accepts one message and rejects connection after that.
  20 class RejectingAuthenticator : public Authenticator {
  21  public:
  22   RejectingAuthenticator()
  23       : state_(WAITING_MESSAGE) {
  24   }
  25   virtual ~RejectingAuthenticator() {
  26   }
  27
  28   virtual State state() const OVERRIDE {
  29     return state_;
  30   }
  31
  32   virtual RejectionReason rejection_reason() const OVERRIDE {
  33     DCHECK_EQ(state_, REJECTED);
  34     return INVALID_CREDENTIALS;
  35   }
  36
  37   virtual void ProcessMessage(const buzz::XmlElement* message,
  38                               const base::Closure& resume_callback) OVERRIDE {
  39     DCHECK_EQ(state_, WAITING_MESSAGE);
  40     state_ = REJECTED;
  41     resume_callback.Run();
  42   }
  43
  44   virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE {
  45     NOTREACHED();
  46     return scoped_ptr<buzz::XmlElement>();
  47   }
  48
  49   virtual scoped_ptr<ChannelAuthenticator>
  50   CreateChannelAuthenticator() const OVERRIDE {
  51     NOTREACHED();
  52     return scoped_ptr<ChannelAuthenticator>();
  53   }
  54
  55  protected:
  56   State state_;
  57 };
  58
  59 }  // namespace
  60
  61 // static
  62 scoped_ptr<AuthenticatorFactory>
  63 Me2MeHostAuthenticatorFactory::CreateWithSharedSecret(
  64     const std::string& host_owner,
  65     const std::string& local_cert,
  66     scoped_refptr<RsaKeyPair> key_pair,
  67     const SharedSecretHash& shared_secret_hash,
  68     scoped_refptr<PairingRegistry> pairing_registry) {
  69   scoped_ptr<Me2MeHostAuthenticatorFactory> result(
  70       new Me2MeHostAuthenticatorFactory());
  71   result->host_owner_ = host_owner;
  72   result->local_cert_ = local_cert;
  73   result->key_pair_ = key_pair;
  74   result->shared_secret_hash_ = shared_secret_hash;
  75   result->pairing_registry_ = pairing_registry;
  76   return scoped_ptr<AuthenticatorFactory>(result.Pass());
  77 }
  78
  79
  80 // static
  81 scoped_ptr<AuthenticatorFactory>
  82 Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth(
  83     const std::string& host_owner,
  84     const std::string& local_cert,
  85     scoped_refptr<RsaKeyPair> key_pair,
  86     scoped_ptr<ThirdPartyHostAuthenticator::TokenValidatorFactory>
  87         token_validator_factory) {
  88   scoped_ptr<Me2MeHostAuthenticatorFactory> result(
  89       new Me2MeHostAuthenticatorFactory());
  90   result->host_owner_ = host_owner;
  91   result->local_cert_ = local_cert;
  92   result->key_pair_ = key_pair;
  93   result->token_validator_factory_ = token_validator_factory.Pass();
  94   return scoped_ptr<AuthenticatorFactory>(result.Pass());
  95 }
  96
  97 // static
  98 scoped_ptr<AuthenticatorFactory>
  99     Me2MeHostAuthenticatorFactory::CreateRejecting() {
 100   return scoped_ptr<AuthenticatorFactory>(new Me2MeHostAuthenticatorFactory());
 101 }
 102
 103 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory() {
 104 }
 105
 106 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() {
 107 }
 108
 109 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator(
 110     const std::string& local_jid,
 111     const std::string& remote_jid,
 112     const buzz::XmlElement* first_message) {
 113
 114   // Verify that the client's jid is an ASCII string, and then check
 115   // that the client has the same bare jid as the host, i.e. client's
 116   // full JID starts with host's bare jid. Comparison is case
 117   // insensitive.
 118   if (!IsStringASCII(remote_jid) ||
 119       !StartsWithASCII(remote_jid, host_owner_ + '/', false)) {
 120     LOG(ERROR) << "Rejecting incoming connection from " << remote_jid;
 121     return scoped_ptr<Authenticator>(new RejectingAuthenticator());
 122   }
 123
 124   if (!local_cert_.empty() && key_pair_.get()) {
 125     if (token_validator_factory_) {
 126       return NegotiatingHostAuthenticator::CreateWithThirdPartyAuth(
 127           local_cert_, key_pair_,
 128           token_validator_factory_->CreateTokenValidator(
 129               local_jid, remote_jid));
 130     }
 131
 132     return NegotiatingHostAuthenticator::CreateWithSharedSecret(
 133         local_cert_, key_pair_, shared_secret_hash_.value,
 134         shared_secret_hash_.hash_function, pairing_registry_);
 135   }
 136
 137   return scoped_ptr<Authenticator>(new RejectingAuthenticator());
 138 }
 139
 140 }  // namespace protocol
 141 }  // namespace remoting