1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "remoting/protocol/third_party_host_authenticator.h"
6
7#include "base/base64.h"
8#include "base/bind.h"
9#include "base/callback.h"
10#include "base/logging.h"
11#include "remoting/base/constants.h"
12#include "remoting/base/rsa_key_pair.h"
13#include "remoting/protocol/token_validator.h"
14#include "remoting/protocol/v2_authenticator.h"
15#include "third_party/webrtc/libjingle/xmllite/xmlelement.h"
16
17namespace remoting {
18namespace protocol {
19
20ThirdPartyHostAuthenticator::ThirdPartyHostAuthenticator(
21    const std::string& local_cert,
22    scoped_refptr<RsaKeyPair> key_pair,
23    scoped_ptr<TokenValidator> token_validator)
24    : ThirdPartyAuthenticatorBase(MESSAGE_READY),
25      local_cert_(local_cert),
26      key_pair_(key_pair),
27      token_validator_(token_validator.Pass()) {
28}
29
30ThirdPartyHostAuthenticator::~ThirdPartyHostAuthenticator() {
31}
32
33void ThirdPartyHostAuthenticator::ProcessTokenMessage(
34    const buzz::XmlElement* message,
35    const base::Closure& resume_callback) {
36  // Host has already sent the URL and expects a token from the client.
37  std::string token = message->TextNamed(kTokenTag);
38  if (token.empty()) {
39    LOG(ERROR) << "Third-party authentication protocol error: missing token.";
40    token_state_ = REJECTED;
41    rejection_reason_ = PROTOCOL_ERROR;
42    resume_callback.Run();
43    return;
44  }
45
46  token_state_ = PROCESSING_MESSAGE;
47
48  // This message also contains the client's first SPAKE message. Copy the
49  // message into the callback, so that OnThirdPartyTokenValidated can give it
50  // to the underlying SPAKE authenticator that will be created.
51  // |token_validator_| is owned, so Unretained() is safe here.
52  token_validator_->ValidateThirdPartyToken(token, base::Bind(
53          &ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated,
54          base::Unretained(this),
55          base::Owned(new buzz::XmlElement(*message)),
56          resume_callback));
57}
58
59void ThirdPartyHostAuthenticator::AddTokenElements(
60    buzz::XmlElement* message) {
61  DCHECK_EQ(token_state_, MESSAGE_READY);
62  DCHECK(token_validator_->token_url().is_valid());
63  DCHECK(!token_validator_->token_scope().empty());
64
65  buzz::XmlElement* token_url_tag = new buzz::XmlElement(
66      kTokenUrlTag);
67  token_url_tag->SetBodyText(token_validator_->token_url().spec());
68  message->AddElement(token_url_tag);
69  buzz::XmlElement* token_scope_tag = new buzz::XmlElement(
70      kTokenScopeTag);
71  token_scope_tag->SetBodyText(token_validator_->token_scope());
72  message->AddElement(token_scope_tag);
73  token_state_ = WAITING_MESSAGE;
74}
75
76void ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated(
77    const buzz::XmlElement* message,
78    const base::Closure& resume_callback,
79    const std::string& shared_secret) {
80  if (shared_secret.empty()) {
81    token_state_ = REJECTED;
82    rejection_reason_ = INVALID_CREDENTIALS;
83    resume_callback.Run();
84    return;
85  }
86
87  // The other side already started the SPAKE authentication.
88  token_state_ = ACCEPTED;
89  underlying_ = V2Authenticator::CreateForHost(
90      local_cert_, key_pair_, shared_secret, WAITING_MESSAGE);
91  underlying_->ProcessMessage(message, resume_callback);
92}
93
94}  // namespace protocol
95}  // namespace remoting
96