/* * libjingle * Copyright 2004--2005, Google Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "talk/xmpp/xmppauth.h" #include #include "talk/xmpp/constants.h" #include "talk/xmpp/saslcookiemechanism.h" #include "talk/xmpp/saslplainmechanism.h" XmppAuth::XmppAuth() : done_(false) { } XmppAuth::~XmppAuth() { } void XmppAuth::StartPreXmppAuth(const buzz::Jid& jid, const talk_base::SocketAddress& server, const talk_base::CryptString& pass, const std::string& auth_mechanism, const std::string& auth_token) { jid_ = jid; passwd_ = pass; auth_mechanism_ = auth_mechanism; auth_token_ = auth_token; done_ = true; SignalAuthDone(); } static bool contains(const std::vector& strings, const std::string& string) { return std::find(strings.begin(), strings.end(), string) != strings.end(); } std::string XmppAuth::ChooseBestSaslMechanism( const std::vector& mechanisms, bool encrypted) { // First try Oauth2. if (GetAuthMechanism() == buzz::AUTH_MECHANISM_OAUTH2 && contains(mechanisms, buzz::AUTH_MECHANISM_OAUTH2)) { return buzz::AUTH_MECHANISM_OAUTH2; } // A token is the weakest auth - 15s, service-limited, so prefer it. if (GetAuthMechanism() == buzz::AUTH_MECHANISM_GOOGLE_TOKEN && contains(mechanisms, buzz::AUTH_MECHANISM_GOOGLE_TOKEN)) { return buzz::AUTH_MECHANISM_GOOGLE_TOKEN; } // A cookie is the next weakest - 14 days. if (GetAuthMechanism() == buzz::AUTH_MECHANISM_GOOGLE_COOKIE && contains(mechanisms, buzz::AUTH_MECHANISM_GOOGLE_COOKIE)) { return buzz::AUTH_MECHANISM_GOOGLE_COOKIE; } // As a last resort, use plain authentication. if (contains(mechanisms, buzz::AUTH_MECHANISM_PLAIN)) { return buzz::AUTH_MECHANISM_PLAIN; } // No good mechanism found return ""; } buzz::SaslMechanism* XmppAuth::CreateSaslMechanism( const std::string& mechanism) { if (mechanism == buzz::AUTH_MECHANISM_OAUTH2) { return new buzz::SaslCookieMechanism( mechanism, jid_.Str(), auth_token_, "oauth2"); } else if (mechanism == buzz::AUTH_MECHANISM_GOOGLE_TOKEN) { return new buzz::SaslCookieMechanism(mechanism, jid_.Str(), auth_token_); // } else if (mechanism == buzz::AUTH_MECHANISM_GOOGLE_COOKIE) { // return new buzz::SaslCookieMechanism(mechanism, jid.Str(), sid_); } else if (mechanism == buzz::AUTH_MECHANISM_PLAIN) { return new buzz::SaslPlainMechanism(jid_, passwd_); } else { return NULL; } }