#include "remoting/base/rsa_key_pair.h"
#include "remoting/protocol/channel_authenticator.h"
#include "remoting/protocol/negotiating_host_authenticator.h"
-#include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
+#include "remoting/protocol/token_validator.h"
+#include "third_party/webrtc/libjingle/xmllite/xmlelement.h"
namespace remoting {
namespace protocol {
return state_;
}
+ virtual bool started() const OVERRIDE {
+ return true;
+ }
+
virtual RejectionReason rejection_reason() const OVERRIDE {
DCHECK_EQ(state_, REJECTED);
return INVALID_CREDENTIALS;
// static
scoped_ptr<AuthenticatorFactory>
Me2MeHostAuthenticatorFactory::CreateWithSharedSecret(
+ bool use_service_account,
const std::string& host_owner,
const std::string& local_cert,
scoped_refptr<RsaKeyPair> key_pair,
scoped_refptr<PairingRegistry> pairing_registry) {
scoped_ptr<Me2MeHostAuthenticatorFactory> result(
new Me2MeHostAuthenticatorFactory());
+ result->use_service_account_ = use_service_account;
result->host_owner_ = host_owner;
result->local_cert_ = local_cert;
result->key_pair_ = key_pair;
// static
scoped_ptr<AuthenticatorFactory>
Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth(
+ bool use_service_account,
const std::string& host_owner,
const std::string& local_cert,
scoped_refptr<RsaKeyPair> key_pair,
- scoped_ptr<ThirdPartyHostAuthenticator::TokenValidatorFactory>
+ scoped_ptr<TokenValidatorFactory>
token_validator_factory) {
scoped_ptr<Me2MeHostAuthenticatorFactory> result(
new Me2MeHostAuthenticatorFactory());
+ result->use_service_account_ = use_service_account;
result->host_owner_ = host_owner;
result->local_cert_ = local_cert;
result->key_pair_ = key_pair;
const std::string& remote_jid,
const buzz::XmlElement* first_message) {
- // Verify that the client's jid is an ASCII string, and then check
- // that the client has the same bare jid as the host, i.e. client's
- // full JID starts with host's bare jid. Comparison is case
- // insensitive.
- if (!IsStringASCII(remote_jid) ||
- !StartsWithASCII(remote_jid, host_owner_ + '/', false)) {
+ std::string remote_jid_prefix;
+
+ if (!use_service_account_) {
+ // JID prefixes may not match the host owner email, for example, in cases
+ // where the host owner account does not have an email associated with it.
+ // In those cases, the only guarantee we have is that JIDs for the same
+ // account will have the same prefix.
+ size_t slash_pos = local_jid.find('/');
+ if (slash_pos == std::string::npos) {
+ LOG(DFATAL) << "Invalid local JID:" << local_jid;
+ return scoped_ptr<Authenticator>(new RejectingAuthenticator());
+ }
+ remote_jid_prefix = local_jid.substr(0, slash_pos);
+ } else {
+ // TODO(rmsousa): This only works for cases where the JID prefix matches
+ // the host owner email. Figure out a way to verify the JID in other cases.
+ remote_jid_prefix = host_owner_;
+ }
+
+ // Verify that the client's jid is an ASCII string, and then check that the
+ // client JID has the expected prefix. Comparison is case insensitive.
+ if (!base::IsStringASCII(remote_jid) ||
+ !StartsWithASCII(remote_jid, remote_jid_prefix + '/', false)) {
LOG(ERROR) << "Rejecting incoming connection from " << remote_jid;
return scoped_ptr<Authenticator>(new RejectingAuthenticator());
}