1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "extensions/browser/api/cast_channel/cast_auth_util.h"
7 #include "base/logging.h"
8 #include "base/strings/string_number_conversions.h"
9 #include "base/strings/stringprintf.h"
10 #include "extensions/browser/api/cast_channel/cast_message_util.h"
11 #include "extensions/common/api/cast_channel/cast_channel.pb.h"
13 namespace extensions {
15 namespace cast_channel {
18 const char* const kParseErrorPrefix = "Failed to parse auth message: ";
20 // Extracts an embedded DeviceAuthMessage payload from an auth challenge reply
22 AuthResult ParseAuthMessage(const CastMessage& challenge_reply,
23 DeviceAuthMessage* auth_message) {
24 if (challenge_reply.payload_type() != CastMessage_PayloadType_BINARY) {
25 return AuthResult::CreateWithParseError(
26 "Wrong payload type in challenge reply",
27 AuthResult::ERROR_WRONG_PAYLOAD_TYPE);
29 if (!challenge_reply.has_payload_binary()) {
30 return AuthResult::CreateWithParseError(
31 "Payload type is binary but payload_binary field not set",
32 AuthResult::ERROR_NO_PAYLOAD);
34 if (!auth_message->ParseFromString(challenge_reply.payload_binary())) {
35 return AuthResult::CreateWithParseError(
36 "Cannot parse binary payload into DeviceAuthMessage",
37 AuthResult::ERROR_PAYLOAD_PARSING_FAILED);
40 VLOG(1) << "Auth message: " << AuthMessageToString(*auth_message);
42 if (auth_message->has_error()) {
43 return AuthResult::CreateWithParseError(
44 "Auth message error: " +
45 base::IntToString(auth_message->error().error_type()),
46 AuthResult::ERROR_MESSAGE_ERROR);
48 if (!auth_message->has_response()) {
49 return AuthResult::CreateWithParseError(
50 "Auth message has no response field", AuthResult::ERROR_NO_RESPONSE);
57 AuthResult::AuthResult() : error_type(ERROR_NONE), nss_error_code(0) {
60 AuthResult::~AuthResult() {
64 AuthResult AuthResult::CreateWithParseError(const std::string& error_message,
65 ErrorType error_type) {
66 return AuthResult(kParseErrorPrefix + error_message, error_type, 0);
70 AuthResult AuthResult::CreateWithNSSError(const std::string& error_message,
73 return AuthResult(error_message, error_type, nss_error_code);
76 AuthResult::AuthResult(const std::string& error_message,
79 : error_message(error_message),
80 error_type(error_type),
81 nss_error_code(nss_error_code) {
84 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,
85 const std::string& peer_cert) {
86 if (peer_cert.empty()) {
87 AuthResult result = AuthResult::CreateWithParseError(
88 "Peer cert was empty.", AuthResult::ERROR_PEER_CERT_EMPTY);
92 DeviceAuthMessage auth_message;
93 AuthResult result = ParseAuthMessage(challenge_reply, &auth_message);
94 if (!result.success()) {
98 const AuthResponse& response = auth_message.response();
99 result = VerifyCredentials(response, peer_cert);
100 if (!result.success()) {
107 } // namespace cast_channel
108 } // namespace core_api
109 } // namespace extensions