[Chromoting] Make the Windows host controller ask the user to confirm host registration.

remoting/host/verify_config_window_win.cc

Index: remoting/host/verify_config_window_win.cc
diff --git a/remoting/host/verify_config_window_win.cc b/remoting/host/verify_config_window_win.cc
new file mode 100644
index 0000000000000000000000000000000000000000..49f82cf9d5b8c804e9962f6cbe457095d66ad45d
--- /dev/null
+++ b/remoting/host/verify_config_window_win.cc
@@ -0,0 +1,140 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "remoting/host/verify_config_window_win.h"
+
+#include <atlbase.h>
+#include <windows.h>
+
+#include "base/base64.h"
+#include "base/compiler_specific.h"
+#include "base/logging.h"
+#include "base/utf_string_conversions.h"
+#include "remoting/host/elevated_controller_resource.h"
+#include "remoting/protocol/authentication_method.h"
+// TODO(garykac): Lots of duplicated code in this file and
+// disconnect_window_win.cc. These global floating windows are temporary so
+// they should be deleted soon. If we need to expand this then we should
+// create a class with the shared code.

[Jamie, 2012/04/13 16:40:03]

Is this comment still true?

[simonmorris, 2012/04/13 16:48:03]

No: the aim is now to use ATL instead.

Done.

+
+namespace remoting {
+
+VerifyConfigWindowWin::VerifyConfigWindowWin(const std::string& email,
+    const std::string& host_id, const std::string& host_secret_hash)
+  : hwnd_(NULL),
+    email_(email),
+    host_id_(host_id),
+    host_secret_hash_(host_secret_hash) {
+}
+
+VerifyConfigWindowWin::~VerifyConfigWindowWin() {
+  EndDialog();
+}
+
+int VerifyConfigWindowWin::Run() {
+  // TODO(simonmorris): Provide a handle of a parent window for this dialog.
+  return DialogBoxParam(ATL::_AtlBaseModule.GetModuleInstance(),
+                        MAKEINTRESOURCE(IDD_VERIFY_CONFIG_DIALOG),
+                        NULL,
+                        (DLGPROC)DialogProc,
+                        (LPARAM)this);
+}
+
+BOOL CALLBACK VerifyConfigWindowWin::DialogProc(HWND hwnd, UINT msg,
+                                                WPARAM wParam, LPARAM lParam) {
+  VerifyConfigWindowWin* win = NULL;
+  if (msg == WM_INITDIALOG) {
+    win = reinterpret_cast<VerifyConfigWindowWin*>(lParam);
+    CHECK(win);
+    SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR)win);
+  } else {
+    LONG_PTR lp = GetWindowLongPtr(hwnd, DWLP_USER);
+    win = reinterpret_cast<VerifyConfigWindowWin*>(lp);
+  }
+  if (win == NULL)
+    return FALSE;
+  return win->OnDialogMessage(hwnd, msg, wParam, lParam);
+}
+
+BOOL VerifyConfigWindowWin::OnDialogMessage(HWND hwnd, UINT msg,
+                                            WPARAM wParam, LPARAM lParam) {
+  switch (msg) {
+    case WM_INITDIALOG:
+      hwnd_ = hwnd;
+      InitDialog();
+      return TRUE;
+    case WM_DESTROY:
+      ::EndDialog(hwnd, 0);
+    case WM_COMMAND:
+      switch (LOWORD(wParam)) {
+        case IDOK:
+          ::EndDialog(hwnd, VerifyHostSecretHash());
+          hwnd_ = NULL;
+          return TRUE;
+        case IDCANCEL:
+          ::EndDialog(hwnd, 0);
+          hwnd_ = NULL;
+          return TRUE;
+      }
+  }
+  return FALSE;
+}
+
+void VerifyConfigWindowWin::InitDialog() {
+  // TODO(simonmorris): Get these strings from the host, for l10n.

[Jamie, 2012/04/13 16:40:03]

We'll need to do something for l10n, but getting them from the host doesn't feel
right, since that doesn't need to be localized.

[simonmorris, 2012/04/13 16:48:03]

Done.

+  SetWindowText(hwnd_, L"Chrome Remote Desktop");
+
+  HWND hwndOk = GetDlgItem(hwnd_, IDOK);
+  CHECK(hwndOk);
+  SetWindowText(hwndOk, L"OK");
+
+  HWND hwndCancel = GetDlgItem(hwnd_, IDCANCEL);
+  CHECK(hwndCancel);
+  SetWindowText(hwndCancel, L"Cancel");
+
+  HWND hwndMessage = GetDlgItem(hwnd_, IDC_MESSAGE);
+  CHECK(hwndMessage);
+  SetWindowText(hwndMessage, L"To confirm that your Chrome Remote Desktop "
+      L"should be accessible by this account, please enter your PIN below.");
+
+  HWND hwndEmail = GetDlgItem(hwnd_, IDC_EMAIL);
+  CHECK(hwndEmail);
+  SetWindowText(hwndEmail, UTF8ToUTF16(email_).c_str());
+
+  HWND hwndPin = GetDlgItem(hwnd_, IDC_PIN);
+  CHECK(hwndPin);
+  SetFocus(hwndPin);
+}
+
+void VerifyConfigWindowWin::EndDialog() {
+  if (hwnd_) {
+    ::EndDialog(hwnd_, 0);
+    hwnd_ = NULL;
+  }
+}
+
+bool VerifyConfigWindowWin::VerifyHostSecretHash() {
+  const int kMaxPinLength = 256;
+  // TODO(simonmorris): Use ATL's string class, if it's more convenient.
+  scoped_array<WCHAR> pinWSTR(new WCHAR[kMaxPinLength]);
+  HWND hwndPin = GetDlgItem(hwnd_, IDC_PIN);
+  CHECK(hwndPin);
+  GetWindowText(hwndPin, pinWSTR.get(), kMaxPinLength);
+
+  // TODO(simonmorris): This code was copied from host_script_object.cc.
+  // Refactor to use PinIsValid(), from CL 10008092.
+  std::string pin(UTF16ToUTF8(pinWSTR.get()));
+  std::string hash = protocol::AuthenticationMethod::ApplyHashFunction(
+      protocol::AuthenticationMethod::HMAC_SHA256, host_id_, pin);
+  std::string hash_base64;
+  bool base64_result = base::Base64Encode(hash, &hash_base64);
+  if (!base64_result) {
+    LOG(FATAL) << "Base64Encode failed";

[Jamie, 2012/04/13 16:40:03]

I think a "return false" here would help readability, even if it's not strictly
necessary.

[simonmorris, 2012/04/13 16:48:03]

Done.

+  }
+  hash_base64 = "hmac:" + hash_base64;
+
+  return (hash_base64 == host_secret_hash_);
+}
+
+}  // namespace remoting