1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "remoting/protocol/third_party_host_authenticator.h"
6
7 #include "base/base64.h"
8 #include "base/bind.h"
9 #include "base/callback.h"
10 #include "base/logging.h"
11 #include "remoting/base/constants.h"
12 #include "remoting/base/rsa_key_pair.h"
13 #include "remoting/protocol/token_validator.h"
14 #include "remoting/protocol/v2_authenticator.h"
15 #include "third_party/webrtc/libjingle/xmllite/xmlelement.h"
16
17 namespace remoting {
18 namespace protocol {
19
ThirdPartyHostAuthenticator(const std::string & local_cert,scoped_refptr<RsaKeyPair> key_pair,scoped_ptr<TokenValidator> token_validator)20 ThirdPartyHostAuthenticator::ThirdPartyHostAuthenticator(
21 const std::string& local_cert,
22 scoped_refptr<RsaKeyPair> key_pair,
23 scoped_ptr<TokenValidator> token_validator)
24 : ThirdPartyAuthenticatorBase(MESSAGE_READY),
25 local_cert_(local_cert),
26 key_pair_(key_pair),
27 token_validator_(token_validator.Pass()) {
28 }
29
~ThirdPartyHostAuthenticator()30 ThirdPartyHostAuthenticator::~ThirdPartyHostAuthenticator() {
31 }
32
ProcessTokenMessage(const buzz::XmlElement * message,const base::Closure & resume_callback)33 void ThirdPartyHostAuthenticator::ProcessTokenMessage(
34 const buzz::XmlElement* message,
35 const base::Closure& resume_callback) {
36 // Host has already sent the URL and expects a token from the client.
37 std::string token = message->TextNamed(kTokenTag);
38 if (token.empty()) {
39 LOG(ERROR) << "Third-party authentication protocol error: missing token.";
40 token_state_ = REJECTED;
41 rejection_reason_ = PROTOCOL_ERROR;
42 resume_callback.Run();
43 return;
44 }
45
46 token_state_ = PROCESSING_MESSAGE;
47
48 // This message also contains the client's first SPAKE message. Copy the
49 // message into the callback, so that OnThirdPartyTokenValidated can give it
50 // to the underlying SPAKE authenticator that will be created.
51 // |token_validator_| is owned, so Unretained() is safe here.
52 token_validator_->ValidateThirdPartyToken(token, base::Bind(
53 &ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated,
54 base::Unretained(this),
55 base::Owned(new buzz::XmlElement(*message)),
56 resume_callback));
57 }
58
AddTokenElements(buzz::XmlElement * message)59 void ThirdPartyHostAuthenticator::AddTokenElements(
60 buzz::XmlElement* message) {
61 DCHECK_EQ(token_state_, MESSAGE_READY);
62 DCHECK(token_validator_->token_url().is_valid());
63 DCHECK(!token_validator_->token_scope().empty());
64
65 buzz::XmlElement* token_url_tag = new buzz::XmlElement(
66 kTokenUrlTag);
67 token_url_tag->SetBodyText(token_validator_->token_url().spec());
68 message->AddElement(token_url_tag);
69 buzz::XmlElement* token_scope_tag = new buzz::XmlElement(
70 kTokenScopeTag);
71 token_scope_tag->SetBodyText(token_validator_->token_scope());
72 message->AddElement(token_scope_tag);
73 token_state_ = WAITING_MESSAGE;
74 }
75
OnThirdPartyTokenValidated(const buzz::XmlElement * message,const base::Closure & resume_callback,const std::string & shared_secret)76 void ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated(
77 const buzz::XmlElement* message,
78 const base::Closure& resume_callback,
79 const std::string& shared_secret) {
80 if (shared_secret.empty()) {
81 token_state_ = REJECTED;
82 rejection_reason_ = INVALID_CREDENTIALS;
83 resume_callback.Run();
84 return;
85 }
86
87 // The other side already started the SPAKE authentication.
88 token_state_ = ACCEPTED;
89 underlying_ = V2Authenticator::CreateForHost(
90 local_cert_, key_pair_, shared_secret, WAITING_MESSAGE);
91 underlying_->ProcessMessage(message, resume_callback);
92 }
93
94 } // namespace protocol
95 } // namespace remoting
96