1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "remoting/protocol/third_party_host_authenticator.h"
6
7#include "base/base64.h"
8#include "base/bind.h"
9#include "base/callback.h"
10#include "base/logging.h"
11#include "remoting/base/constants.h"
12#include "remoting/base/rsa_key_pair.h"
13#include "remoting/protocol/v2_authenticator.h"
14#include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
15
16namespace remoting {
17namespace protocol {
18
19ThirdPartyHostAuthenticator::ThirdPartyHostAuthenticator(
20    const std::string& local_cert,
21    scoped_refptr<RsaKeyPair> key_pair,
22    scoped_ptr<TokenValidator> token_validator)
23    : ThirdPartyAuthenticatorBase(MESSAGE_READY),
24      local_cert_(local_cert),
25      key_pair_(key_pair),
26      token_validator_(token_validator.Pass()) {
27}
28
29ThirdPartyHostAuthenticator::~ThirdPartyHostAuthenticator() {
30}
31
32void ThirdPartyHostAuthenticator::ProcessTokenMessage(
33    const buzz::XmlElement* message,
34    const base::Closure& resume_callback) {
35  // Host has already sent the URL and expects a token from the client.
36  std::string token = message->TextNamed(kTokenTag);
37  if (token.empty()) {
38    LOG(ERROR) << "Third-party authentication protocol error: missing token.";
39    token_state_ = REJECTED;
40    rejection_reason_ = PROTOCOL_ERROR;
41    resume_callback.Run();
42    return;
43  }
44
45  token_state_ = PROCESSING_MESSAGE;
46
47  // This message also contains the client's first SPAKE message. Copy the
48  // message into the callback, so that OnThirdPartyTokenValidated can give it
49  // to the underlying SPAKE authenticator that will be created.
50  // |token_validator_| is owned, so Unretained() is safe here.
51  token_validator_->ValidateThirdPartyToken(token, base::Bind(
52          &ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated,
53          base::Unretained(this),
54          base::Owned(new buzz::XmlElement(*message)),
55          resume_callback));
56}
57
58void ThirdPartyHostAuthenticator::AddTokenElements(
59    buzz::XmlElement* message) {
60  DCHECK_EQ(token_state_, MESSAGE_READY);
61  DCHECK(token_validator_->token_url().is_valid());
62  DCHECK(!token_validator_->token_scope().empty());
63
64  buzz::XmlElement* token_url_tag = new buzz::XmlElement(
65      kTokenUrlTag);
66  token_url_tag->SetBodyText(token_validator_->token_url().spec());
67  message->AddElement(token_url_tag);
68  buzz::XmlElement* token_scope_tag = new buzz::XmlElement(
69      kTokenScopeTag);
70  token_scope_tag->SetBodyText(token_validator_->token_scope());
71  message->AddElement(token_scope_tag);
72  token_state_ = WAITING_MESSAGE;
73}
74
75void ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated(
76    const buzz::XmlElement* message,
77    const base::Closure& resume_callback,
78    const std::string& shared_secret) {
79  if (shared_secret.empty()) {
80    token_state_ = REJECTED;
81    rejection_reason_ = INVALID_CREDENTIALS;
82    resume_callback.Run();
83    return;
84  }
85
86  // The other side already started the SPAKE authentication.
87  token_state_ = ACCEPTED;
88  underlying_ = V2Authenticator::CreateForHost(
89      local_cert_, key_pair_, shared_secret, WAITING_MESSAGE);
90  underlying_->ProcessMessage(message, resume_callback);
91}
92
93}  // namespace protocol
94}  // namespace remoting
95