1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "remoting/protocol/me2me_host_authenticator_factory.h"
7 #include "base/base64.h"
8 #include "base/string_util.h"
9 #include "crypto/rsa_private_key.h"
10 #include "remoting/protocol/channel_authenticator.h"
11 #include "remoting/protocol/negotiating_authenticator.h"
12 #include "remoting/protocol/v1_authenticator.h"
13 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
20 // Authenticator that accepts one message and rejects connection after that.
21 class RejectingAuthenticator
: public Authenticator
{
23 RejectingAuthenticator()
24 : state_(WAITING_MESSAGE
) {
26 virtual ~RejectingAuthenticator() {
29 virtual State
state() const OVERRIDE
{
33 virtual RejectionReason
rejection_reason() const OVERRIDE
{
34 DCHECK_EQ(state_
, REJECTED
);
35 return INVALID_CREDENTIALS
;
38 virtual void ProcessMessage(const buzz::XmlElement
* message
) OVERRIDE
{
39 DCHECK_EQ(state_
, WAITING_MESSAGE
);
43 virtual scoped_ptr
<buzz::XmlElement
> GetNextMessage() OVERRIDE
{
45 return scoped_ptr
<buzz::XmlElement
>(NULL
);
48 virtual scoped_ptr
<ChannelAuthenticator
>
49 CreateChannelAuthenticator() const OVERRIDE
{
51 return scoped_ptr
<ChannelAuthenticator
>(NULL
);
60 bool SharedSecretHash::Parse(const std::string
& as_string
) {
61 size_t separator
= as_string
.find(':');
62 if (separator
== std::string::npos
)
65 std::string function_name
= as_string
.substr(0, separator
);
66 if (function_name
== "plain") {
67 hash_function
= AuthenticationMethod::NONE
;
68 } else if (function_name
== "hmac") {
69 hash_function
= AuthenticationMethod::HMAC_SHA256
;
74 if (!base::Base64Decode(as_string
.substr(separator
+ 1), &value
)) {
81 Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory(
82 const std::string
& local_jid
,
83 const std::string
& local_cert
,
84 const crypto::RSAPrivateKey
& local_private_key
,
85 const SharedSecretHash
& shared_secret_hash
)
86 : local_cert_(local_cert
),
87 local_private_key_(local_private_key
.Copy()),
88 shared_secret_hash_(shared_secret_hash
) {
89 // Verify that |local_jid| is bare.
90 DCHECK_EQ(local_jid
.find('/'), std::string::npos
);
91 local_jid_prefix_
= local_jid
+ '/';
94 Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() {
97 scoped_ptr
<Authenticator
> Me2MeHostAuthenticatorFactory::CreateAuthenticator(
98 const std::string
& remote_jid
,
99 const buzz::XmlElement
* first_message
) {
100 // Verify that the client's jid is an ASCII string, and then check
101 // that the client has the same bare jid as the host, i.e. client's
102 // full JID starts with host's bare jid. Comparison is case
104 if (!IsStringASCII(remote_jid
) ||
105 !StartsWithASCII(remote_jid
, local_jid_prefix_
, false)) {
106 LOG(ERROR
) << "Rejecting incoming connection from " << remote_jid
;
107 return scoped_ptr
<Authenticator
>(new RejectingAuthenticator());
110 if (shared_secret_hash_
.hash_function
== AuthenticationMethod::NONE
&&
111 shared_secret_hash_
.value
.empty()) {
112 // PIN isn't set. Enable V1 authentication.
113 if (!NegotiatingAuthenticator::IsNegotiableMessage(first_message
)) {
114 return scoped_ptr
<Authenticator
>(
115 new V1HostAuthenticator(local_cert_
, *local_private_key_
,
120 return NegotiatingAuthenticator::CreateForHost(
121 local_cert_
, *local_private_key_
, shared_secret_hash_
.value
,
122 shared_secret_hash_
.hash_function
);
125 } // namespace protocol
126 } // namespace remoting
