Google Git
Sign in
chromium / chromium / src / 96b18a768bbee567600cbe1868d2a66c6fa006f5 / . / remoting / host / third_party_auth_config.cc
blob: e57b89412febdb51d8de25b2a844501acb56ac53 [file] [log] [blame]
Avi Drissmand6cdf9b2022-09-15 19:52:53[diff] [blame]1// Copyright 2015 The Chromium Authors
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "remoting/host/third_party_auth_config.h"
6
7#include "base/logging.h"
8#include "base/values.h"
Sorin Jianu2464bfb2022-07-19 01:45:43[diff] [blame]9#include "build/build_config.h"
brettw39d6ba42016-08-24 16:56:38[diff] [blame]10#include "components/policy/policy_constants.h"
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]11
12namespace remoting {
13
14namespace {
15
16bool ParseUrlPolicy(const std::string& str, GURL* out) {
17 if (str.empty()) {
18 *out = GURL();
19 return true;
20 }
21
22 GURL gurl(str);
23 if (!gurl.is_valid()) {
24 LOG(ERROR) << "Not a valid URL: " << str;
25 return false;
26 }
27// We validate https-vs-http only on Release builds to help with manual testing.
28#if defined(NDEBUG)
lgarron92725552015-05-12 02:03:15[diff] [blame]29 if (!gurl.SchemeIsCryptographic()) {
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]30 LOG(ERROR) << "Not a secure URL: " << str;
31 return false;
32 }
33#endif
34
35 *out = gurl;
36 return true;
37}
38
39} // namespace
40
41bool ThirdPartyAuthConfig::ParseStrings(
42 const std::string& token_url,
43 const std::string& token_validation_url,
44 const std::string& token_validation_cert_issuer,
45 ThirdPartyAuthConfig* result) {
46 ThirdPartyAuthConfig tmp;
47
48 // Extract raw values for the 3 individual fields.
49 bool urls_valid = true;
50 urls_valid &= ParseUrlPolicy(token_url, &tmp.token_url);
51 urls_valid &= ParseUrlPolicy(token_validation_url, &tmp.token_validation_url);
52 if (!urls_valid) {
53 return false;
54 }
55 tmp.token_validation_cert_issuer = token_validation_cert_issuer;
56
57 // Validate inter-dependencies between the 3 fields.
58 if (tmp.token_url.is_empty() ^ tmp.token_validation_url.is_empty()) {
59 LOG(ERROR) << "TokenUrl and TokenValidationUrl "
60 << "have to be specified together.";
61 return false;
62 }
63 if (!tmp.token_validation_cert_issuer.empty() && tmp.token_url.is_empty()) {
64 LOG(ERROR) << "TokenValidationCertificateIssuer cannot be used "
65 << "without TokenUrl and TokenValidationUrl.";
66 return false;
67 }
68
69 *result = tmp;
70 return true;
71}
72
73namespace {
74
Yann Dago44d6cc322022-07-13 17:46:25[diff] [blame]75#if !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_CHROMEOS) && !BUILDFLAG(IS_IOS)
Morten Stenshorne4654b9c2022-08-31 14:12:50[diff] [blame]76void ExtractHelper(const base::Value::Dict& policy_dict,
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]77 const std::string& policy_name,
78 bool* policy_present,
79 std::string* policy_value) {
Michael Ershov8577c242022-01-13 18:16:03[diff] [blame]80 DCHECK(policy_value);
Morten Stenshorne4654b9c2022-08-31 14:12:50[diff] [blame]81 if (const std::string* value = policy_dict.FindString(policy_name)) {
Michael Ershov8577c242022-01-13 18:16:03[diff] [blame]82 *policy_value = *value;
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]83 *policy_present = true;
84 } else {
85 policy_value->clear();
86 }
87}
Yann Dago44d6cc322022-07-13 17:46:25[diff] [blame]88#endif
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]89
90} // namespace
91
92bool ThirdPartyAuthConfig::ExtractStrings(
Morten Stenshorne4654b9c2022-08-31 14:12:50[diff] [blame]93 const base::Value::Dict& policy_dict,
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]94 std::string* token_url,
95 std::string* token_validation_url,
96 std::string* token_validation_cert_issuer) {
97 bool policies_present = false;
Yann Dago44d6cc322022-07-13 17:46:25[diff] [blame]98#if !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_CHROMEOS) && !BUILDFLAG(IS_IOS)
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]99 ExtractHelper(policy_dict, policy::key::kRemoteAccessHostTokenUrl,
100 &policies_present, token_url);
101 ExtractHelper(policy_dict, policy::key::kRemoteAccessHostTokenValidationUrl,
102 &policies_present, token_validation_url);
103 ExtractHelper(policy_dict,
104 policy::key::kRemoteAccessHostTokenValidationCertificateIssuer,
105 &policies_present, token_validation_cert_issuer);
Yann Dago44d6cc322022-07-13 17:46:25[diff] [blame]106#endif
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]107 return policies_present;
108}
109
110ThirdPartyAuthConfig::ParseStatus ThirdPartyAuthConfig::Parse(
Morten Stenshorne4654b9c2022-08-31 14:12:50[diff] [blame]111 const base::Value::Dict& policy_dict,
lukasza0d40d8a2015-03-03 18:36:28[diff] [blame]112 ThirdPartyAuthConfig* result) {
113 // Extract 3 individial policy values.
114 std::string token_url;
115 std::string token_validation_url;
116 std::string token_validation_cert_issuer;
117 if (!ThirdPartyAuthConfig::ExtractStrings(policy_dict, &token_url,
118 &token_validation_url,
119 &token_validation_cert_issuer)) {
120 return NoPolicy;
121 }
122
123 // Parse the policy value.
124 if (!ThirdPartyAuthConfig::ParseStrings(token_url, token_validation_url,
125 token_validation_cert_issuer,
126 result)) {
127 return InvalidPolicy;
128 }
129
130 return ParsingSuccess;
131}
132
133std::ostream& operator<<(std::ostream& os, const ThirdPartyAuthConfig& cfg) {
134 if (cfg.is_null()) {
135 os << "<no 3rd party auth config specified>";
136 } else {
137 os << "TokenUrl = <" << cfg.token_url << ">, ";
138 os << "TokenValidationUrl = <" << cfg.token_validation_url << ">, ";
139 os << "TokenValidationCertificateIssuer = <"
140 << cfg.token_validation_cert_issuer << ">";
141 }
142 return os;
143}
144
145} // namespace remoting