1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "remoting/protocol/third_party_host_authenticator.h"
6
7 #include "base/base64.h"
8 #include "base/bind.h"
9 #include "base/callback.h"
10 #include "base/logging.h"
11 #include "remoting/base/constants.h"
12 #include "remoting/base/rsa_key_pair.h"
13 #include "remoting/protocol/v2_authenticator.h"
14 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
15
16 namespace remoting {
17 namespace protocol {
18
ThirdPartyHostAuthenticator(const std::string & local_cert,scoped_refptr<RsaKeyPair> key_pair,scoped_ptr<TokenValidator> token_validator)19 ThirdPartyHostAuthenticator::ThirdPartyHostAuthenticator(
20 const std::string& local_cert,
21 scoped_refptr<RsaKeyPair> key_pair,
22 scoped_ptr<TokenValidator> token_validator)
23 : ThirdPartyAuthenticatorBase(MESSAGE_READY),
24 local_cert_(local_cert),
25 key_pair_(key_pair),
26 token_validator_(token_validator.Pass()) {
27 }
28
~ThirdPartyHostAuthenticator()29 ThirdPartyHostAuthenticator::~ThirdPartyHostAuthenticator() {
30 }
31
ProcessTokenMessage(const buzz::XmlElement * message,const base::Closure & resume_callback)32 void ThirdPartyHostAuthenticator::ProcessTokenMessage(
33 const buzz::XmlElement* message,
34 const base::Closure& resume_callback) {
35 // Host has already sent the URL and expects a token from the client.
36 std::string token = message->TextNamed(kTokenTag);
37 if (token.empty()) {
38 LOG(ERROR) << "Third-party authentication protocol error: missing token.";
39 token_state_ = REJECTED;
40 rejection_reason_ = PROTOCOL_ERROR;
41 resume_callback.Run();
42 return;
43 }
44
45 token_state_ = PROCESSING_MESSAGE;
46
47 // This message also contains the client's first SPAKE message. Copy the
48 // message into the callback, so that OnThirdPartyTokenValidated can give it
49 // to the underlying SPAKE authenticator that will be created.
50 // |token_validator_| is owned, so Unretained() is safe here.
51 token_validator_->ValidateThirdPartyToken(token, base::Bind(
52 &ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated,
53 base::Unretained(this),
54 base::Owned(new buzz::XmlElement(*message)),
55 resume_callback));
56 }
57
AddTokenElements(buzz::XmlElement * message)58 void ThirdPartyHostAuthenticator::AddTokenElements(
59 buzz::XmlElement* message) {
60 DCHECK_EQ(token_state_, MESSAGE_READY);
61 DCHECK(token_validator_->token_url().is_valid());
62 DCHECK(!token_validator_->token_scope().empty());
63
64 buzz::XmlElement* token_url_tag = new buzz::XmlElement(
65 kTokenUrlTag);
66 token_url_tag->SetBodyText(token_validator_->token_url().spec());
67 message->AddElement(token_url_tag);
68 buzz::XmlElement* token_scope_tag = new buzz::XmlElement(
69 kTokenScopeTag);
70 token_scope_tag->SetBodyText(token_validator_->token_scope());
71 message->AddElement(token_scope_tag);
72 token_state_ = WAITING_MESSAGE;
73 }
74
OnThirdPartyTokenValidated(const buzz::XmlElement * message,const base::Closure & resume_callback,const std::string & shared_secret)75 void ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated(
76 const buzz::XmlElement* message,
77 const base::Closure& resume_callback,
78 const std::string& shared_secret) {
79 if (shared_secret.empty()) {
80 token_state_ = REJECTED;
81 rejection_reason_ = INVALID_CREDENTIALS;
82 resume_callback.Run();
83 return;
84 }
85
86 // The other side already started the SPAKE authentication.
87 token_state_ = ACCEPTED;
88 underlying_ = V2Authenticator::CreateForHost(
89 local_cert_, key_pair_, shared_secret, WAITING_MESSAGE);
90 underlying_->ProcessMessage(message, resume_callback);
91 }
92
93 } // namespace protocol
94 } // namespace remoting
95