Add implementation for current IT2Me auth.

remoting/protocol/simple_host_authenticator.cc

+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "remoting/protocol/simple_host_authenticator.h"
+
+#include "base/base64.h"
+#include "base/logging.h"
+#include "crypto/rsa_private_key.h"
+#include "remoting/base/constants.h"
+#include "remoting/protocol/auth_util.h"
+#include "remoting/protocol/simple_host_channel_authenticator.h"
+#include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
+
+using buzz::QName;
+using buzz::XmlElement;
+
+namespace remoting {
+namespace protocol {
+
+namespace {
+const char kAuthenticationTag[] = "authentication";
+const char kAuthTokenTag[] = "auth-token";
+const char kCertificateTag[] = "certificate";
+}  // namespace
+
+SimpleHostAuthenticator::SimpleHostAuthenticator(
+    const std::string& local_cert,
+    crypto::RSAPrivateKey* local_private_key,
+    const std::string& shared_secret,
+    const std::string& remote_jid)
+    : local_cert_(local_cert),
+      local_private_key_(local_private_key),
+      shared_secret_(shared_secret),
+      remote_jid_(remote_jid),
+      state_(WAITING_MESSAGE) {
+}
+
+SimpleHostAuthenticator::~SimpleHostAuthenticator() {
+}
+
+Authenticator::State SimpleHostAuthenticator::state() const {
+  return state_;
+}
+
+void SimpleHostAuthenticator::ProcessMessage(const XmlElement* message) {
+  DCHECK_EQ(state_, WAITING_MESSAGE);
+
+  std::string auth_token =
+      message->TextNamed(buzz::QName(kChromotingXmlNamespace, kAuthTokenTag));
+
+  if (!protocol::VerifySupportAuthToken(
+          remote_jid_, shared_secret_, auth_token)) {
+    state_ = REJECTED;
+  } else {
+    state_ = MESSAGE_READY;
+  }
+}
+
+XmlElement* SimpleHostAuthenticator::GetNextMessage() {
+  DCHECK_EQ(state_, MESSAGE_READY);
+
+  XmlElement* message = new XmlElement(
+      QName(kChromotingXmlNamespace, kAuthenticationTag));

[Wez, 2011/11/22 22:58:05]

nit: Create |message| lower down, where it's actually used?

[Sergey Ulanov, 2011/11/23 02:02:25]

We create XML tree here, and I think it's easier to read when it is created
starting from the root.

+
+  buzz::XmlElement* certificate_tag = new XmlElement(
+      buzz::QName(kChromotingXmlNamespace, kCertificateTag));
+  std::string base64_cert;
+  if (!base::Base64Encode(local_cert_, &base64_cert)) {
+    LOG(DFATAL) << "Cannot perform base64 encode on certificate";
+  }
+  certificate_tag->SetBodyText(base64_cert);
+  message->AddElement(certificate_tag);
+
+  state_ = ACCEPTED;
+  return message;
+}
+
+ChannelAuthenticator*
+SimpleHostAuthenticator::CreateChannelAuthenticator() const {
+  DCHECK_EQ(state_, ACCEPTED);
+  return new SimpleHostChannelAuthenticator(
+      local_cert_, local_private_key_, shared_secret_);
+};
+
+SimpleHostAuthenticatorFactory::SimpleHostAuthenticatorFactory(
+    const std::string& local_cert,
+    crypto::RSAPrivateKey* local_private_key,
+    const std::string& shared_secret)
+    : local_cert_(local_cert),
+      shared_secret_(shared_secret) {
+  DCHECK(local_private_key);
+
+  // TODO(hclam): Need a better way to clone a key.

[Wez, 2011/11/22 22:58:05]

nit: We should just create a bug for that, reference it here, and fix it!

[Sergey Ulanov, 2011/11/23 02:02:25]

Opened crbug.com/105220

+  std::vector<uint8> key_bytes;
+  CHECK(local_private_key->ExportPrivateKey(&key_bytes));
+  local_private_key_.reset(
+      crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_bytes));
+  CHECK(local_private_key_.get());
+}
+
+SimpleHostAuthenticatorFactory::~SimpleHostAuthenticatorFactory() {
+}
+
+Authenticator* SimpleHostAuthenticatorFactory::CreateAuthenticator(
+    const std::string& remote_jid,
+    const buzz::XmlElement* first_message) {
+  return new SimpleHostAuthenticator(local_cert_, local_private_key_.get(),
+                                     shared_secret_, remote_jid);
+}
+
+}  // namespace remoting
+}  // namespace protocol