Google Git
Sign in
chromium / chromium / src / 44d6cc3227936f400ac041d4b083bd527cc4bf1f / . / remoting / host / third_party_auth_config.cc
blob: 5c34de951ff19662db7da85d8187b48bce9ef5a0 [file] [log] [blame]
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]1// Copyright 2015 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "remoting/host/third_party_auth_config.h"
6
7#include "base/logging.h"
8#include "base/values.h"
brettw39d6ba42016-08-24 16:56:38[diff] [blame]9#include "components/policy/policy_constants.h"
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]10
11namespace remoting {
12
13namespace {
14
15bool ParseUrlPolicy(const std::string& str, GURL* out) {
16 if (str.empty()) {
17 *out = GURL();
18 return true;
19 }
20
21 GURL gurl(str);
22 if (!gurl.is_valid()) {
23 LOG(ERROR) << "Not a valid URL: " << str;
24 return false;
25 }
26// We validate https-vs-http only on Release builds to help with manual testing.
27#if defined(NDEBUG)
lgarron92725552015-05-12 02:03:15[diff] [blame]28 if (!gurl.SchemeIsCryptographic()) {
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]29 LOG(ERROR) << "Not a secure URL: " << str;
30 return false;
31 }
32#endif
33
34 *out = gurl;
35 return true;
36}
37
38} // namespace
39
40bool ThirdPartyAuthConfig::ParseStrings(
41 const std::string& token_url,
42 const std::string& token_validation_url,
43 const std::string& token_validation_cert_issuer,
44 ThirdPartyAuthConfig* result) {
45 ThirdPartyAuthConfig tmp;
46
47 // Extract raw values for the 3 individual fields.
48 bool urls_valid = true;
49 urls_valid &= ParseUrlPolicy(token_url, &tmp.token_url);
50 urls_valid &= ParseUrlPolicy(token_validation_url, &tmp.token_validation_url);
51 if (!urls_valid) {
52 return false;
53 }
54 tmp.token_validation_cert_issuer = token_validation_cert_issuer;
55
56 // Validate inter-dependencies between the 3 fields.
57 if (tmp.token_url.is_empty() ^ tmp.token_validation_url.is_empty()) {
58 LOG(ERROR) << "TokenUrl and TokenValidationUrl "
59 << "have to be specified together.";
60 return false;
61 }
62 if (!tmp.token_validation_cert_issuer.empty() && tmp.token_url.is_empty()) {
63 LOG(ERROR) << "TokenValidationCertificateIssuer cannot be used "
64 << "without TokenUrl and TokenValidationUrl.";
65 return false;
66 }
67
68 *result = tmp;
69 return true;
70}
71
72namespace {
73
Yann Dago44d6cc322022-07-13 17:46:25[diff] [blame^]74#if !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_CHROMEOS) && !BUILDFLAG(IS_IOS)
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]75void ExtractHelper(const base::DictionaryValue& policy_dict,
76 const std::string& policy_name,
77 bool* policy_present,
78 std::string* policy_value) {
Michael Ershov8577c242022-01-13 18:16:03[diff] [blame]79 DCHECK(policy_value);
80 if (const std::string* value = policy_dict.FindStringKey(policy_name)) {
81 *policy_value = *value;
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]82 *policy_present = true;
83 } else {
84 policy_value->clear();
85 }
86}
Yann Dago44d6cc322022-07-13 17:46:25[diff] [blame^]87#endif
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]88
89} // namespace
90
91bool ThirdPartyAuthConfig::ExtractStrings(
92 const base::DictionaryValue& policy_dict,
93 std::string* token_url,
94 std::string* token_validation_url,
95 std::string* token_validation_cert_issuer) {
96 bool policies_present = false;
Yann Dago44d6cc322022-07-13 17:46:25[diff] [blame^]97#if !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_CHROMEOS) && !BUILDFLAG(IS_IOS)
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]98 ExtractHelper(policy_dict, policy::key::kRemoteAccessHostTokenUrl,
99 &policies_present, token_url);
100 ExtractHelper(policy_dict, policy::key::kRemoteAccessHostTokenValidationUrl,
101 &policies_present, token_validation_url);
102 ExtractHelper(policy_dict,
103 policy::key::kRemoteAccessHostTokenValidationCertificateIssuer,
104 &policies_present, token_validation_cert_issuer);
Yann Dago44d6cc322022-07-13 17:46:25[diff] [blame^]105#endif
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]106 return policies_present;
107}
108
109ThirdPartyAuthConfig::ParseStatus ThirdPartyAuthConfig::Parse(
110 const base::DictionaryValue& policy_dict,
111 ThirdPartyAuthConfig* result) {
112 // Extract 3 individial policy values.
113 std::string token_url;
114 std::string token_validation_url;
115 std::string token_validation_cert_issuer;
116 if (!ThirdPartyAuthConfig::ExtractStrings(policy_dict, &token_url,
117 &token_validation_url,
118 &token_validation_cert_issuer)) {
119 return NoPolicy;
120 }
121
122 // Parse the policy value.
123 if (!ThirdPartyAuthConfig::ParseStrings(token_url, token_validation_url,
124 token_validation_cert_issuer,
125 result)) {
126 return InvalidPolicy;
127 }
128
129 return ParsingSuccess;
130}
131
132std::ostream& operator<<(std::ostream& os, const ThirdPartyAuthConfig& cfg) {
133 if (cfg.is_null()) {
134 os << "<no 3rd party auth config specified>";
135 } else {
136 os << "TokenUrl = <" << cfg.token_url << ">, ";
137 os << "TokenValidationUrl = <" << cfg.token_validation_url << ">, ";
138 os << "TokenValidationCertificateIssuer = <"
139 << cfg.token_validation_cert_issuer << ">";
140 }
141 return os;
142}
143
144} // namespace remoting