remoting/protocol/me2me_host_authenticator_factory.cc - platform/external/chromium_org - Git at Google

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "remoting/protocol/me2me_host_authenticator_factory.h"

 #include "base/base64.h"
 #include "base/strings/string_util.h"
 #include "remoting/base/rsa_key_pair.h"
 #include "remoting/protocol/channel_authenticator.h"
 #include "remoting/protocol/negotiating_host_authenticator.h"
 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h"

 namespace remoting {
 namespace protocol {

 namespace {

 // Authenticator that accepts one message and rejects connection after that.
 class RejectingAuthenticator : public Authenticator {
  public:
   RejectingAuthenticator()
       : state_(WAITING_MESSAGE) {
   }
   virtual ~RejectingAuthenticator() {
   }

   virtual State state() const OVERRIDE {
     return state_;
   }

   virtual RejectionReason rejection_reason() const OVERRIDE {
     DCHECK_EQ(state_, REJECTED);
     return INVALID_CREDENTIALS;
   }

   virtual void ProcessMessage(const buzz::XmlElement* message,
                               const base::Closure& resume_callback) OVERRIDE {
     DCHECK_EQ(state_, WAITING_MESSAGE);
     state_ = REJECTED;
     resume_callback.Run();
   }

   virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE {
     NOTREACHED();
     return scoped_ptr<buzz::XmlElement>();
   }

   virtual scoped_ptr<ChannelAuthenticator>
   CreateChannelAuthenticator() const OVERRIDE {
     NOTREACHED();
     return scoped_ptr<ChannelAuthenticator>();
   }

  protected:
   State state_;
 };

 }  // namespace

 // static
 scoped_ptr<AuthenticatorFactory>
 Me2MeHostAuthenticatorFactory::CreateWithSharedSecret(
     const std::string& host_owner,
     const std::string& local_cert,
     scoped_refptr<RsaKeyPair> key_pair,
     const SharedSecretHash& shared_secret_hash,
     scoped_refptr<PairingRegistry> pairing_registry) {
   scoped_ptr<Me2MeHostAuthenticatorFactory> result(
       new Me2MeHostAuthenticatorFactory());
   result->host_owner_ = host_owner;
   result->local_cert_ = local_cert;
   result->key_pair_ = key_pair;
   result->shared_secret_hash_ = shared_secret_hash;
   result->pairing_registry_ = pairing_registry;
   return scoped_ptr<AuthenticatorFactory>(result.Pass());
 }


 // static
 scoped_ptr<AuthenticatorFactory>
 Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth(
     const std::string& host_owner,
     const std::string& local_cert,
     scoped_refptr<RsaKeyPair> key_pair,
     scoped_ptr<ThirdPartyHostAuthenticator::TokenValidatorFactory>
         token_validator_factory) {
   scoped_ptr<Me2MeHostAuthenticatorFactory> result(
       new Me2MeHostAuthenticatorFactory());
   result->host_owner_ = host_owner;
   result->local_cert_ = local_cert;
   result->key_pair_ = key_pair;
   result->token_validator_factory_ = token_validator_factory.Pass();
   return scoped_ptr<AuthenticatorFactory>(result.Pass());
 }

 // static
 scoped_ptr<AuthenticatorFactory>
     Me2MeHostAuthenticatorFactory::CreateRejecting() {
   return scoped_ptr<AuthenticatorFactory>(new Me2MeHostAuthenticatorFactory());
 }

 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory() {
 }

 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() {
 }

 scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator(
     const std::string& local_jid,
     const std::string& remote_jid,
     const buzz::XmlElement* first_message) {

   // Verify that the client's jid is an ASCII string, and then check
   // that the client has the same bare jid as the host, i.e. client's
   // full JID starts with host's bare jid. Comparison is case
   // insensitive.
   if (!IsStringASCII(remote_jid) ||
       !StartsWithASCII(remote_jid, host_owner_ + '/', false)) {
     LOG(ERROR) << "Rejecting incoming connection from " << remote_jid;
     return scoped_ptr<Authenticator>(new RejectingAuthenticator());
   }

   if (!local_cert_.empty() && key_pair_.get()) {
     if (token_validator_factory_) {
       return NegotiatingHostAuthenticator::CreateWithThirdPartyAuth(
           local_cert_, key_pair_,
           token_validator_factory_->CreateTokenValidator(
               local_jid, remote_jid));
     }

     return NegotiatingHostAuthenticator::CreateWithSharedSecret(
         local_cert_, key_pair_, shared_secret_hash_.value,
         shared_secret_hash_.hash_function, pairing_registry_);
   }

   return scoped_ptr<Authenticator>(new RejectingAuthenticator());
 }

 }  // namespace protocol
 }  // namespace remoting
	// Copyright (c) 2012 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "remoting/protocol/me2me_host_authenticator_factory.h"

	#include "base/base64.h"
	#include "base/strings/string_util.h"
	#include "remoting/base/rsa_key_pair.h"
	#include "remoting/protocol/channel_authenticator.h"
	#include "remoting/protocol/negotiating_host_authenticator.h"
	#include "third_party/libjingle/source/talk/xmllite/xmlelement.h"

	namespace remoting {
	namespace protocol {

	namespace {

	// Authenticator that accepts one message and rejects connection after that.
	class RejectingAuthenticator : public Authenticator {
	public:
	RejectingAuthenticator()
	: state_(WAITING_MESSAGE) {
	}
	virtual ~RejectingAuthenticator() {
	}

	virtual State state() const OVERRIDE {
	return state_;
	}

	virtual RejectionReason rejection_reason() const OVERRIDE {
	DCHECK_EQ(state_, REJECTED);
	return INVALID_CREDENTIALS;
	}

	virtual void ProcessMessage(const buzz::XmlElement* message,
	const base::Closure& resume_callback) OVERRIDE {
	DCHECK_EQ(state_, WAITING_MESSAGE);
	state_ = REJECTED;
	resume_callback.Run();
	}

	virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE {
	NOTREACHED();
	return scoped_ptr<buzz::XmlElement>();
	}

	virtual scoped_ptr<ChannelAuthenticator>
	CreateChannelAuthenticator() const OVERRIDE {
	NOTREACHED();
	return scoped_ptr<ChannelAuthenticator>();
	}

	protected:
	State state_;
	};

	} // namespace

	// static
	scoped_ptr<AuthenticatorFactory>
	Me2MeHostAuthenticatorFactory::CreateWithSharedSecret(
	const std::string& host_owner,
	const std::string& local_cert,
	scoped_refptr<RsaKeyPair> key_pair,
	const SharedSecretHash& shared_secret_hash,
	scoped_refptr<PairingRegistry> pairing_registry) {
	scoped_ptr<Me2MeHostAuthenticatorFactory> result(
	new Me2MeHostAuthenticatorFactory());
	result->host_owner_ = host_owner;
	result->local_cert_ = local_cert;
	result->key_pair_ = key_pair;
	result->shared_secret_hash_ = shared_secret_hash;
	result->pairing_registry_ = pairing_registry;
	return scoped_ptr<AuthenticatorFactory>(result.Pass());
	}


	// static
	scoped_ptr<AuthenticatorFactory>
	Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth(
	const std::string& host_owner,
	const std::string& local_cert,
	scoped_refptr<RsaKeyPair> key_pair,
	scoped_ptr<ThirdPartyHostAuthenticator::TokenValidatorFactory>
	token_validator_factory) {
	scoped_ptr<Me2MeHostAuthenticatorFactory> result(
	new Me2MeHostAuthenticatorFactory());
	result->host_owner_ = host_owner;
	result->local_cert_ = local_cert;
	result->key_pair_ = key_pair;
	result->token_validator_factory_ = token_validator_factory.Pass();
	return scoped_ptr<AuthenticatorFactory>(result.Pass());
	}

	// static
	scoped_ptr<AuthenticatorFactory>
	Me2MeHostAuthenticatorFactory::CreateRejecting() {
	return scoped_ptr<AuthenticatorFactory>(new Me2MeHostAuthenticatorFactory());
	}

	Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory() {
	}

	Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() {
	}

	scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator(
	const std::string& local_jid,
	const std::string& remote_jid,
	const buzz::XmlElement* first_message) {

	// Verify that the client's jid is an ASCII string, and then check
	// that the client has the same bare jid as the host, i.e. client's
	// full JID starts with host's bare jid. Comparison is case
	// insensitive.
	if (!IsStringASCII(remote_jid) \|\|
	!StartsWithASCII(remote_jid, host_owner_ + '/', false)) {
	LOG(ERROR) << "Rejecting incoming connection from " << remote_jid;
	return scoped_ptr<Authenticator>(new RejectingAuthenticator());
	}

	if (!local_cert_.empty() && key_pair_.get()) {
	if (token_validator_factory_) {
	return NegotiatingHostAuthenticator::CreateWithThirdPartyAuth(
	local_cert_, key_pair_,
	token_validator_factory_->CreateTokenValidator(
	local_jid, remote_jid));
	}

	return NegotiatingHostAuthenticator::CreateWithSharedSecret(
	local_cert_, key_pair_, shared_secret_hash_.value,
	shared_secret_hash_.hash_function, pairing_registry_);
	}

	return scoped_ptr<Authenticator>(new RejectingAuthenticator());
	}

	} // namespace protocol
	} // namespace remoting