1/* 2 * libjingle 3 * Copyright 2004--2005, Google Inc. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28#include "talk/xmpp/xmppauth.h" 29 30#include <algorithm> 31 32#include "talk/xmpp/constants.h" 33#include "talk/xmpp/saslcookiemechanism.h" 34#include "talk/xmpp/saslplainmechanism.h" 35 36XmppAuth::XmppAuth() : done_(false) { 37} 38 39XmppAuth::~XmppAuth() { 40} 41 42void XmppAuth::StartPreXmppAuth(const buzz::Jid& jid, 43 const rtc::SocketAddress& server, 44 const rtc::CryptString& pass, 45 const std::string& auth_mechanism, 46 const std::string& auth_token) { 47 jid_ = jid; 48 passwd_ = pass; 49 auth_mechanism_ = auth_mechanism; 50 auth_token_ = auth_token; 51 done_ = true; 52 53 SignalAuthDone(); 54} 55 56static bool contains(const std::vector<std::string>& strings, 57 const std::string& string) { 58 return std::find(strings.begin(), strings.end(), string) != strings.end(); 59} 60 61std::string XmppAuth::ChooseBestSaslMechanism( 62 const std::vector<std::string>& mechanisms, 63 bool encrypted) { 64 // First try Oauth2. 65 if (GetAuthMechanism() == buzz::AUTH_MECHANISM_OAUTH2 && 66 contains(mechanisms, buzz::AUTH_MECHANISM_OAUTH2)) { 67 return buzz::AUTH_MECHANISM_OAUTH2; 68 } 69 70 // A token is the weakest auth - 15s, service-limited, so prefer it. 71 if (GetAuthMechanism() == buzz::AUTH_MECHANISM_GOOGLE_TOKEN && 72 contains(mechanisms, buzz::AUTH_MECHANISM_GOOGLE_TOKEN)) { 73 return buzz::AUTH_MECHANISM_GOOGLE_TOKEN; 74 } 75 76 // A cookie is the next weakest - 14 days. 77 if (GetAuthMechanism() == buzz::AUTH_MECHANISM_GOOGLE_COOKIE && 78 contains(mechanisms, buzz::AUTH_MECHANISM_GOOGLE_COOKIE)) { 79 return buzz::AUTH_MECHANISM_GOOGLE_COOKIE; 80 } 81 82 // As a last resort, use plain authentication. 83 if (contains(mechanisms, buzz::AUTH_MECHANISM_PLAIN)) { 84 return buzz::AUTH_MECHANISM_PLAIN; 85 } 86 87 // No good mechanism found 88 return ""; 89} 90 91buzz::SaslMechanism* XmppAuth::CreateSaslMechanism( 92 const std::string& mechanism) { 93 if (mechanism == buzz::AUTH_MECHANISM_OAUTH2) { 94 return new buzz::SaslCookieMechanism( 95 mechanism, jid_.Str(), auth_token_, "oauth2"); 96 } else if (mechanism == buzz::AUTH_MECHANISM_GOOGLE_TOKEN) { 97 return new buzz::SaslCookieMechanism(mechanism, jid_.Str(), auth_token_); 98 // } else if (mechanism == buzz::AUTH_MECHANISM_GOOGLE_COOKIE) { 99 // return new buzz::SaslCookieMechanism(mechanism, jid.Str(), sid_); 100 } else if (mechanism == buzz::AUTH_MECHANISM_PLAIN) { 101 return new buzz::SaslPlainMechanism(jid_, passwd_); 102 } else { 103 return NULL; 104 } 105} 106