Use Authenticator interface in Session and SessionManager

remoting/protocol/pepper_session.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/protocol/pepper_session.h"
 
 #include "base/bind.h"
 #include "base/rand_util.h"
 #include "base/stl_util.h"
 #include "base/string_number_conversions.h"
 #include "remoting/base/constants.h"
 #include "remoting/jingle_glue/iq_sender.h"
+#include "remoting/protocol/authenticator.h"
 #include "remoting/protocol/content_description.h"
 #include "remoting/protocol/jingle_messages.h"
 #include "remoting/protocol/pepper_session_manager.h"
 #include "remoting/protocol/pepper_stream_channel.h"
 #include "remoting/protocol/v1_client_channel_authenticator.h"
 #include "third_party/libjingle/source/talk/p2p/base/candidate.h"
 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
 
 using buzz::XmlElement;
 
@@ skipping 26 matching lines @@
   state_change_callback_ = callback;
 }
 
 Session::Error PepperSession::error() {
   DCHECK(CalledOnValidThread());
   return error_;
 }
 
 void PepperSession::StartConnection(
     const std::string& peer_jid,
-    const std::string& peer_public_key,
-    const std::string& client_token,
+    Authenticator* authenticator,
     CandidateSessionConfig* config,
     const StateChangeCallback& state_change_callback) {
   DCHECK(CalledOnValidThread());
+  DCHECK(authenticator);
 
   peer_jid_ = peer_jid;
-  peer_public_key_ = peer_public_key;
-  initiator_token_ = client_token;
+  authenticator_.reset(authenticator);
   candidate_config_.reset(config);
   state_change_callback_ = state_change_callback;
 
   // Generate random session ID. There are usually not more than 1
   // concurrent session per host, so a random 64-bit integer provides
   // enough entropy. In the worst case connection will fail when two
   // clients generate the same session ID concurrently.
   session_id_ = base::Int64ToString(base::RandGenerator(kint64max));
 
   // Send session-initiate message.
   JingleMessage message(peer_jid_, JingleMessage::SESSION_INITIATE,
                         session_id_);
   message.from = session_manager_->local_jid_;
   message.description.reset(
-      new ContentDescription(candidate_config_->Clone(), initiator_token_, ""));
+      new ContentDescription(candidate_config_->Clone(),
+                             authenticator_->GetNextMessage()));

[Wez, 2011/11/25 06:54:11]

We should only call GetNextMessage() if the authenticator is in the right state,
I think?

[Sergey Ulanov, 2011/11/28 18:55:16]

Authenticators for outgoing connections are expected to be in MESSAGE_READY
state when they are created. I've added DCHECK for this.

   initiate_request_.reset(session_manager_->iq_sender()->SendIq(
       message.ToXml(),
       base::Bind(&PepperSession::OnSessionInitiateResponse,
                  base::Unretained(this))));
 
   SetState(CONNECTING);
 }
 
 void PepperSession::OnSessionInitiateResponse(
     const buzz::XmlElement* response) {
@@ skipping 12 matching lines @@
 void PepperSession::OnError(Error error) {
   error_ = error;
   CloseInternal(true);
 }
 
 void PepperSession::CreateStreamChannel(
       const std::string& name,
       const StreamChannelCallback& callback) {
   DCHECK(!channels_[name]);
 
-  PepperStreamChannel* channel = new PepperStreamChannel(this, name, callback);
+  ChannelAuthenticator* channel_authenticator =
+      authenticator_->CreateChannelAuthenticator();
+  PepperStreamChannel* channel = new PepperStreamChannel(
+      this, name, callback);
   channels_[name] = channel;
   channel->Connect(session_manager_->pp_instance_,
                    session_manager_->transport_config_,
-                   new V1ClientChannelAuthenticator(
-                       remote_cert_, shared_secret_));
+                   channel_authenticator);
 }
 
 void PepperSession::CreateDatagramChannel(
     const std::string& name,
     const DatagramChannelCallback& callback) {
   // TODO(sergeyu): Implement datagram channel support.
   NOTREACHED();
 }
 
 void PepperSession::CancelChannelCreation(const std::string& name) {
@@ skipping 18 matching lines @@
   DCHECK(CalledOnValidThread());
   return config_;
 }
 
 void PepperSession::set_config(const SessionConfig& config) {
   DCHECK(CalledOnValidThread());
   // set_config() should never be called on the client.
   NOTREACHED();
 }
 
-const std::string& PepperSession::initiator_token() {
-  DCHECK(CalledOnValidThread());
-  return initiator_token_;
-}
-
-void PepperSession::set_initiator_token(const std::string& initiator_token) {
-  DCHECK(CalledOnValidThread());
-  initiator_token_ = initiator_token;
-}
-
-const std::string& PepperSession::receiver_token() {
-  DCHECK(CalledOnValidThread());
-  return receiver_token_;
-}
-
-void PepperSession::set_receiver_token(const std::string& receiver_token) {
-  DCHECK(CalledOnValidThread());
-  // set_receiver_token() should not be called on the client side.
-  NOTREACHED();
-}
-
-void PepperSession::set_shared_secret(const std::string& secret) {
-  DCHECK(CalledOnValidThread());
-  shared_secret_ = secret;
-}
-
-const std::string& PepperSession::shared_secret() {
-  DCHECK(CalledOnValidThread());
-  return shared_secret_;
-}
-
 void PepperSession::Close() {
   DCHECK(CalledOnValidThread());
 
   if (state_ == CONNECTING || state_ == CONNECTED) {
     // Send session-terminate message.
     JingleMessage message(peer_jid_, JingleMessage::SESSION_TERMINATE,
                           session_id_);
     scoped_ptr<IqRequest> terminate_request(
         session_manager_->iq_sender()->SendIq(
             message.ToXml(), IqSender::ReplyCallback()));
@@ skipping 30 matching lines @@
   }
 }
 
 void PepperSession::OnAccept(const JingleMessage& message,
                              JingleMessageReply* reply) {
   if (state_ != CONNECTING) {
     *reply = JingleMessageReply(JingleMessageReply::UNEXPECTED_REQUEST);
     return;
   }
 
+  const buzz::XmlElement* auth_message =
+      message.description->authenticator_message();
+  if (!auth_message) {
+    DLOG(WARNING) << "Received session-accept without authentication message "
+                  << auth_message->Str();
+    OnError(INCOMPATIBLE_PROTOCOL);
+    return;
+  }
+
+  DCHECK(authenticator_->state() == Authenticator::WAITING_MESSAGE);
+  authenticator_->ProcessMessage(auth_message);
+  // Support for more than two auth message is not implemented yet.
+  DCHECK(authenticator_->state() != Authenticator::WAITING_MESSAGE &&
+         authenticator_->state() != Authenticator::MESSAGE_READY);
+
+  if (authenticator_->state() == Authenticator::REJECTED) {
+    OnError(AUTHENTICATION_FAILED);
+    return;
+  }
+
   if (!InitializeConfigFromDescription(message.description.get())) {
     OnError(INCOMPATIBLE_PROTOCOL);
     return;
   }
 
   SetState(CONNECTED);
 
    // In case there is transport information in the accept message.
   ProcessTransportInfo(message);
 }
@@ skipping 40 matching lines @@
     return;
   }
 
   LOG(WARNING) << "Received unexpected session-terminate message.";
 }
 
 bool PepperSession::InitializeConfigFromDescription(
     const ContentDescription* description) {
   DCHECK(description);
 
-  remote_cert_ = description->certificate();
-  if (remote_cert_.empty()) {
-    LOG(ERROR) << "session-accept does not specify certificate";
-    return false;
-  }
-
   if (!description->config()->GetFinalConfig(&config_)) {
     LOG(ERROR) << "session-accept does not specify configuration";
     return false;
   }
   if (!candidate_config()->IsSupported(config_)) {
     LOG(ERROR) << "session-accept specifies an invalid configuration";
     return false;
   }
 
   return true;
@@ skipping 62 matching lines @@
     DCHECK_NE(state_, FAILED);
 
     state_ = new_state;
     if (!state_change_callback_.is_null())
       state_change_callback_.Run(new_state);
   }
 }
 
 }  // namespace protocol
 }  // namespace remoting