remoting/protocol/third_party_host_authenticator.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "remoting/protocol/third_party_host_authenticator.h"
   6
   7 #include "base/base64.h"
   8 #include "base/bind.h"
   9 #include "base/callback.h"
  10 #include "base/logging.h"
  11 #include "remoting/base/constants.h"
  12 #include "remoting/base/rsa_key_pair.h"
  13 #include "remoting/protocol/v2_authenticator.h"
  14 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
  15
  16 namespace remoting {
  17 namespace protocol {
  18
  19 ThirdPartyHostAuthenticator::ThirdPartyHostAuthenticator(
  20     const std::string& local_cert,
  21     scoped_refptr<RsaKeyPair> key_pair,
  22     scoped_ptr<TokenValidator> token_validator)
  23     : ThirdPartyAuthenticatorBase(MESSAGE_READY),
  24       local_cert_(local_cert),
  25       key_pair_(key_pair),
  26       token_validator_(token_validator.Pass()) {
  27 }
  28
  29 ThirdPartyHostAuthenticator::~ThirdPartyHostAuthenticator() {
  30 }
  31
  32 void ThirdPartyHostAuthenticator::ProcessTokenMessage(
  33     const buzz::XmlElement* message,
  34     const base::Closure& resume_callback) {
  35   // Host has already sent the URL and expects a token from the client.
  36   std::string token = message->TextNamed(kTokenTag);
  37   if (token.empty()) {
  38     LOG(ERROR) << "Third-party authentication protocol error: missing token.";
  39     token_state_ = REJECTED;
  40     rejection_reason_ = PROTOCOL_ERROR;
  41     resume_callback.Run();
  42     return;
  43   }
  44
  45   token_state_ = PROCESSING_MESSAGE;
  46
  47   // This message also contains the client's first SPAKE message. Copy the
  48   // message into the callback, so that OnThirdPartyTokenValidated can give it
  49   // to the underlying SPAKE authenticator that will be created.
  50   // |token_validator_| is owned, so Unretained() is safe here.
  51   token_validator_->ValidateThirdPartyToken(token, base::Bind(
  52           &ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated,
  53           base::Unretained(this),
  54           base::Owned(new buzz::XmlElement(*message)),
  55           resume_callback));
  56 }
  57
  58 void ThirdPartyHostAuthenticator::AddTokenElements(
  59     buzz::XmlElement* message) {
  60   DCHECK_EQ(token_state_, MESSAGE_READY);
  61   DCHECK(token_validator_->token_url().is_valid());
  62   DCHECK(!token_validator_->token_scope().empty());
  63
  64   buzz::XmlElement* token_url_tag = new buzz::XmlElement(
  65       kTokenUrlTag);
  66   token_url_tag->SetBodyText(token_validator_->token_url().spec());
  67   message->AddElement(token_url_tag);
  68   buzz::XmlElement* token_scope_tag = new buzz::XmlElement(
  69       kTokenScopeTag);
  70   token_scope_tag->SetBodyText(token_validator_->token_scope());
  71   message->AddElement(token_scope_tag);
  72   token_state_ = WAITING_MESSAGE;
  73 }
  74
  75 void ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated(
  76     const buzz::XmlElement* message,
  77     const base::Closure& resume_callback,
  78     const std::string& shared_secret) {
  79   if (shared_secret.empty()) {
  80     token_state_ = REJECTED;
  81     rejection_reason_ = INVALID_CREDENTIALS;
  82     resume_callback.Run();
  83     return;
  84   }
  85
  86   // The other side already started the SPAKE authentication.
  87   token_state_ = ACCEPTED;
  88   underlying_ = V2Authenticator::CreateForHost(
  89       local_cert_, key_pair_, shared_secret, WAITING_MESSAGE);
  90   underlying_->ProcessMessage(message, resume_callback);
  91 }
  92
  93 }  // namespace protocol
  94 }  // namespace remoting