Move SSL layer initialization into ChannelAuthenticator implementations.

remoting/protocol/simple_host_channel_authenticator.h

+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef REMOTING_PROTOCOL_SIMPLE_HOST_CHANNEL_AUTHENTICATOR_H_
+#define REMOTING_PROTOCOL_SIMPLE_HOST_CHANNEL_AUTHENTICATOR_H_
+
+#include "remoting/protocol/channel_authenticator.h"
+
+#include "base/memory/scoped_ptr.h"
+#include "net/base/completion_callback.h"
+
+namespace crypto {
+class RSAPrivateKey;
+}  // namespace crypto
+
+namespace net {
+class GrowableIOBuffer;
+class SSLServerSocket;
+class SSLSocket;
+}  // namespace net
+
+namespace remoting {
+namespace protocol {
+
+class SimpleHostChannelAuthenticator : public ChannelAuthenticator {

[Wez, 2011/11/22 22:29:48]

See previous comment about the naming of this.

+ public:
+  // Caller retains ownership of |local_private_key|.
+  SimpleHostChannelAuthenticator(const std::string& local_cert,
+                                 crypto::RSAPrivateKey* local_private_key,

[Wez, 2011/11/22 22:29:48]

Can this parameter be const&?

[Sergey Ulanov, 2011/11/23 01:23:42]

Currently net::CreateSSLServerSocket() expects non-const pointer and we would
have to copy the key which currently is not very easy to do :(

+                                 const std::string& shared_secret);
+  virtual ~SimpleHostChannelAuthenticator();
+
+  // ChannelAuthenticator implementation.

[Wez, 2011/11/22 22:29:48]

nit: implementation -> interface?

[Sergey Ulanov, 2011/11/23 01:23:42]

Done.

+  virtual void SecureAndAuthenticate(
+      net::StreamSocket* socket, const DoneCallback& done_callback) OVERRIDE;
+
+ private:
+  void OnConnected(int result);
+  void DoAuthRead();
+  void OnAuthBytesRead(int result);
+  bool HandleAuthBytesRead(int result);
+  bool VerifyAuthBytes(const std::string& received_auth_bytes);
+
+  std::string local_cert_;
+  crypto::RSAPrivateKey* local_private_key_;
+  std::string shared_secret_;
+  std::string auth_bytes_;

[Wez, 2011/11/22 22:29:48]

Why store |auth_bytes_|, rather than deriving it from |shared_secret| and the
SSL keying material when verifying?

[Sergey Ulanov, 2011/11/23 01:23:42]

Done.

+  scoped_ptr<net::SSLServerSocket> socket_;
+  DoneCallback done_callback_;
+
+  scoped_refptr<net::GrowableIOBuffer> auth_read_buf_;
+
+  net::OldCompletionCallbackImpl<SimpleHostChannelAuthenticator>
+      connect_callback_;
+  net::OldCompletionCallbackImpl<SimpleHostChannelAuthenticator>
+      auth_read_callback_;
+
+  DISALLOW_COPY_AND_ASSIGN(SimpleHostChannelAuthenticator);
+};
+
+}  // namespace protocol
+}  // namespace remoting
+
+#endif  // REMOTING_PROTOCOL_SIMPLE_HOST_CHANNEL_AUTHENTICATOR_H_