1269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org/* 2269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org * Copyright 2004 The WebRTC Project Authors. All rights reserved. 3269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org * 4269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org * Use of this source code is governed by a BSD-style license 5269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org * that can be found in the LICENSE file in the root of the source 6269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org * tree. An additional intellectual property rights grant can be found 7269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org * in the file PATENTS. All contributing project authors may 8269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org * be found in the AUTHORS file in the root of the source tree. 9269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org */ 10269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org 11269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org#include "webrtc/libjingle/xmpp/xmppauth.h" 12269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org 13269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org#include <algorithm> 14269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org 15269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org#include "webrtc/libjingle/xmpp/constants.h" 16269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org#include "webrtc/libjingle/xmpp/saslcookiemechanism.h" 17269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org#include "webrtc/libjingle/xmpp/saslplainmechanism.h" 18269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org 19269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.orgXmppAuth::XmppAuth() : done_(false) { 20269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org} 21269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org 22269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.orgXmppAuth::~XmppAuth() { 23269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org} 24269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org 25269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.orgvoid XmppAuth::StartPreXmppAuth(const buzz::Jid& jid, 26269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org const rtc::SocketAddress& server, 27269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org const rtc::CryptString& pass, 28269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org const std::string& auth_mechanism, 29269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org const std::string& auth_token) { 30269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org jid_ = jid; 31269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org passwd_ = pass; 32269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org auth_mechanism_ = auth_mechanism; 33269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org auth_token_ = auth_token; 34269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org done_ = true; 35269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org 36269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org SignalAuthDone(); 37269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org} 38269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org 39269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.orgstatic bool contains(const std::vector<std::string>& strings, 40269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org const std::string& string) { 41269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org return std::find(strings.begin(), strings.end(), string) != strings.end(); 42269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org} 43269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org 44269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.orgstd::string XmppAuth::ChooseBestSaslMechanism( 45269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org const std::vector<std::string>& mechanisms, 46269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org bool encrypted) { 47269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org // First try Oauth2. 48269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org if (GetAuthMechanism() == buzz::AUTH_MECHANISM_OAUTH2 && 49269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org contains(mechanisms, buzz::AUTH_MECHANISM_OAUTH2)) { 50269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org return buzz::AUTH_MECHANISM_OAUTH2; 51269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org } 52269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org 53269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org // A token is the weakest auth - 15s, service-limited, so prefer it. 54269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org if (GetAuthMechanism() == buzz::AUTH_MECHANISM_GOOGLE_TOKEN && 55269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org contains(mechanisms, buzz::AUTH_MECHANISM_GOOGLE_TOKEN)) { 56269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org return buzz::AUTH_MECHANISM_GOOGLE_TOKEN; 57269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org } 58269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org 59269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org // A cookie is the next weakest - 14 days. 60269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org if (GetAuthMechanism() == buzz::AUTH_MECHANISM_GOOGLE_COOKIE && 61269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org contains(mechanisms, buzz::AUTH_MECHANISM_GOOGLE_COOKIE)) { 62269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org return buzz::AUTH_MECHANISM_GOOGLE_COOKIE; 63269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org } 64269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org 65269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org // As a last resort, use plain authentication. 66269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org if (contains(mechanisms, buzz::AUTH_MECHANISM_PLAIN)) { 67269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org return buzz::AUTH_MECHANISM_PLAIN; 68269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org } 69269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org 70269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org // No good mechanism found 71269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org return ""; 72269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org} 73269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org 74269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.orgbuzz::SaslMechanism* XmppAuth::CreateSaslMechanism( 75269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org const std::string& mechanism) { 76269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org if (mechanism == buzz::AUTH_MECHANISM_OAUTH2) { 77269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org return new buzz::SaslCookieMechanism( 78269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org mechanism, jid_.Str(), auth_token_, "oauth2"); 79269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org } else if (mechanism == buzz::AUTH_MECHANISM_GOOGLE_TOKEN) { 80269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org return new buzz::SaslCookieMechanism(mechanism, jid_.Str(), auth_token_); 81269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org // } else if (mechanism == buzz::AUTH_MECHANISM_GOOGLE_COOKIE) { 82269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org // return new buzz::SaslCookieMechanism(mechanism, jid.Str(), sid_); 83269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org } else if (mechanism == buzz::AUTH_MECHANISM_PLAIN) { 84269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org return new buzz::SaslPlainMechanism(jid_, passwd_); 85269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org } else { 86269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org return NULL; 87269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org } 88269fb4bc90b79bebbb8311da0110ccd6803fd0a8henrike@webrtc.org} 89