1 /*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11 #include "webrtc/libjingle/xmpp/xmppauth.h"
12
13 #include <algorithm>
14
15 #include "webrtc/libjingle/xmpp/constants.h"
16 #include "webrtc/libjingle/xmpp/saslcookiemechanism.h"
17 #include "webrtc/libjingle/xmpp/saslplainmechanism.h"
18
XmppAuth()19 XmppAuth::XmppAuth() : done_(false) {
20 }
21
~XmppAuth()22 XmppAuth::~XmppAuth() {
23 }
24
StartPreXmppAuth(const buzz::Jid & jid,const rtc::SocketAddress & server,const rtc::CryptString & pass,const std::string & auth_mechanism,const std::string & auth_token)25 void XmppAuth::StartPreXmppAuth(const buzz::Jid& jid,
26 const rtc::SocketAddress& server,
27 const rtc::CryptString& pass,
28 const std::string& auth_mechanism,
29 const std::string& auth_token) {
30 jid_ = jid;
31 passwd_ = pass;
32 auth_mechanism_ = auth_mechanism;
33 auth_token_ = auth_token;
34 done_ = true;
35
36 SignalAuthDone();
37 }
38
contains(const std::vector<std::string> & strings,const std::string & string)39 static bool contains(const std::vector<std::string>& strings,
40 const std::string& string) {
41 return std::find(strings.begin(), strings.end(), string) != strings.end();
42 }
43
ChooseBestSaslMechanism(const std::vector<std::string> & mechanisms,bool encrypted)44 std::string XmppAuth::ChooseBestSaslMechanism(
45 const std::vector<std::string>& mechanisms,
46 bool encrypted) {
47 // First try Oauth2.
48 if (GetAuthMechanism() == buzz::AUTH_MECHANISM_OAUTH2 &&
49 contains(mechanisms, buzz::AUTH_MECHANISM_OAUTH2)) {
50 return buzz::AUTH_MECHANISM_OAUTH2;
51 }
52
53 // A token is the weakest auth - 15s, service-limited, so prefer it.
54 if (GetAuthMechanism() == buzz::AUTH_MECHANISM_GOOGLE_TOKEN &&
55 contains(mechanisms, buzz::AUTH_MECHANISM_GOOGLE_TOKEN)) {
56 return buzz::AUTH_MECHANISM_GOOGLE_TOKEN;
57 }
58
59 // A cookie is the next weakest - 14 days.
60 if (GetAuthMechanism() == buzz::AUTH_MECHANISM_GOOGLE_COOKIE &&
61 contains(mechanisms, buzz::AUTH_MECHANISM_GOOGLE_COOKIE)) {
62 return buzz::AUTH_MECHANISM_GOOGLE_COOKIE;
63 }
64
65 // As a last resort, use plain authentication.
66 if (contains(mechanisms, buzz::AUTH_MECHANISM_PLAIN)) {
67 return buzz::AUTH_MECHANISM_PLAIN;
68 }
69
70 // No good mechanism found
71 return "";
72 }
73
CreateSaslMechanism(const std::string & mechanism)74 buzz::SaslMechanism* XmppAuth::CreateSaslMechanism(
75 const std::string& mechanism) {
76 if (mechanism == buzz::AUTH_MECHANISM_OAUTH2) {
77 return new buzz::SaslCookieMechanism(
78 mechanism, jid_.Str(), auth_token_, "oauth2");
79 } else if (mechanism == buzz::AUTH_MECHANISM_GOOGLE_TOKEN) {
80 return new buzz::SaslCookieMechanism(mechanism, jid_.Str(), auth_token_);
81 // } else if (mechanism == buzz::AUTH_MECHANISM_GOOGLE_COOKIE) {
82 // return new buzz::SaslCookieMechanism(mechanism, jid.Str(), sid_);
83 } else if (mechanism == buzz::AUTH_MECHANISM_PLAIN) {
84 return new buzz::SaslPlainMechanism(jid_, passwd_);
85 } else {
86 return NULL;
87 }
88 }
89