File: me2me_host_authenticator_factory.cc

package info (click to toggle)

chromium 138.0.7204.183-1

links: PTS, VCS
area: main
in suites: trixie
size: 6,071,908 kB
sloc: cpp: 34,937,088; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,953; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,806; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36

file content (78 lines) | stat: -rw-r--r-- 2,967 bytes

parent folder | download | duplicates (6)

// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "remoting/protocol/me2me_host_authenticator_factory.h"

#include <memory>
#include <utility>

#include "base/base64.h"
#include "base/functional/bind.h"
#include "base/memory/ptr_util.h"
#include "base/strings/string_split.h"
#include "base/strings/string_util.h"
#include "base/strings/stringprintf.h"
#include "remoting/base/rsa_key_pair.h"
#include "remoting/protocol/channel_authenticator.h"
#include "remoting/protocol/host_authentication_config.h"
#include "remoting/protocol/negotiating_host_authenticator.h"
#include "remoting/protocol/rejecting_authenticator.h"
#include "remoting/signaling/signaling_address.h"
#include "remoting/signaling/signaling_id_util.h"
#include "third_party/libjingle_xmpp/xmllite/xmlelement.h"

namespace remoting::protocol {

namespace {
using Authenticator::RejectionReason::INVALID_ACCOUNT_ID;
using Authenticator::RejectionReason::INVALID_CREDENTIALS;
}  // namespace

Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory(
    CheckAccessPermissionCallback check_access_permission_callback,
    std::unique_ptr<HostAuthenticationConfig> config)
    : check_access_permission_callback_(check_access_permission_callback),
      config_(std::move(config)) {}

Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() = default;

std::unique_ptr<Authenticator>
Me2MeHostAuthenticatorFactory::CreateAuthenticator(
    const std::string& original_local_jid,
    const std::string& original_remote_jid) {
  std::string local_jid = NormalizeSignalingId(original_local_jid);
  std::string remote_jid = NormalizeSignalingId(original_remote_jid);

  // Verify that the client's jid is an ASCII string.
  auto parts = base::SplitStringOnce(remote_jid, '/');
  if (!base::IsStringASCII(remote_jid) || !parts) {
    return std::make_unique<RejectingAuthenticator>(
        INVALID_CREDENTIALS,
        base::StringPrintf(
            "Rejecting incoming connection from %s: Invalid signaling id.",
            remote_jid));
  }

  auto [email_address, _] = *parts;
  if (!check_access_permission_callback_.Run(email_address)) {
    return std::make_unique<RejectingAuthenticator>(
        INVALID_CREDENTIALS,
        base::StringPrintf("Permission check failed for email %s.",
                           email_address));
  }

  if (!config_->local_cert.empty() && config_->key_pair.get()) {
    std::string normalized_local_jid = NormalizeSignalingId(local_jid);
    std::string normalized_remote_jid = NormalizeSignalingId(remote_jid);

    return std::make_unique<NegotiatingHostAuthenticator>(
        normalized_local_jid, normalized_remote_jid,
        std::make_unique<HostAuthenticationConfig>(*config_));
  }

  return std::make_unique<RejectingAuthenticator>(
      INVALID_CREDENTIALS, "Invalid HostAuthenticationConfig.");
}

}  // namespace remoting::protocol