Multi-step authentication support in JingleSession.

remoting/protocol/jingle_session.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/protocol/jingle_session.h"
 
 #include "base/base64.h"
 #include "base/bind.h"
 #include "base/location.h"
 #include "base/message_loop_proxy.h"
@@ skipping 27 matching lines @@
       authenticator_(authenticator),
       state_(INITIALIZING),
       error_(OK),
       closing_(false),
       cricket_session_(cricket_session),
       config_set_(false),
       ALLOW_THIS_IN_INITIALIZER_LIST(task_factory_(this)) {
   jid_ = cricket_session_->remote_name();
   cricket_session_->SignalState.connect(this, &JingleSession::OnSessionState);
   cricket_session_->SignalError.connect(this, &JingleSession::OnSessionError);
+  cricket_session_->SignalInfoMessage.connect(
+      this, &JingleSession::OnSessionInfoMessage);
 }
 
 JingleSession::~JingleSession() {
   // Reset the callback so that it's not called from Close().
   state_change_callback_.Reset();
   Close();
   jingle_session_manager_->SessionDestroyed(this);
   DCHECK(channel_connectors_.empty());
 }
 
@@ skipping 179 matching lines @@
     BaseSession* session, BaseSession::Error error) {
   DCHECK(CalledOnValidThread());
   DCHECK_EQ(cricket_session_, session);
 
   if (error != cricket::Session::ERROR_NONE) {
     // TODO(sergeyu): Report different errors depending on |error|.
     CloseInternal(net::ERR_CONNECTION_ABORTED, CHANNEL_CONNECTION_ERROR);
   }
 }
 
+void JingleSession::OnSessionInfoMessage(cricket::Session* session,
+                                         const buzz::XmlElement* message) {
+  DCHECK_EQ(cricket_session_,session);
+
+  const buzz::XmlElement* auth_message =
+      Authenticator::FindAuthenticatorMessage(message);
+  if (auth_message) {
+    if (state_ != CONNECTED ||

[Wez, 2011/12/03 00:21:05]

It might be clearer to have AUTHENTICATING and CONNECTED states, rather than
CONNECTED and AUTHENTICATED?

[Sergey Ulanov, 2011/12/06 19:37:07]

I agree, but it is not related to this CL.

+        authenticator_->state() != Authenticator::WAITING_MESSAGE) {
+      LOG(WARNING) << "Received unexpected authenticator message "
+                   << auth_message->Str();
+      return;
+    }
+
+    authenticator_->ProcessMessage(auth_message);
+    ProcessAuthenticationStep();
+  }
+}
+
 void JingleSession::OnInitiate() {
   DCHECK(CalledOnValidThread());
   jid_ = cricket_session_->remote_name();
 
   if (cricket_session_->initiator()) {
     // Set state to CONNECTING if this is an outgoing message. We need
     // to post this task because channel creation works only after we
     // return from this method. This is because
     // JingleChannelConnector::Connect() needs to call
     // set_incoming_only() on P2PTransportChannel, but
@@ skipping 23 matching lines @@
 
   // Process authenticator message.
   const buzz::XmlElement* auth_message =
       content_description->authenticator_message();
   if (!auth_message) {
     DLOG(WARNING) << "Received session-accept without authentication message "
                   << auth_message->Str();
     return false;
   }
 
-  DCHECK(authenticator_->state() == Authenticator::WAITING_MESSAGE);
+  DCHECK_EQ(authenticator_->state(), Authenticator::WAITING_MESSAGE);
   authenticator_->ProcessMessage(auth_message);
-  // Support for more than two auth message is not implemented yet.
-  DCHECK(authenticator_->state() != Authenticator::WAITING_MESSAGE &&
-         authenticator_->state() != Authenticator::MESSAGE_READY);
 
-  if (authenticator_->state() != Authenticator::ACCEPTED) {
-    return false;
-  }
-
+  // Initialize session configuration.
   SessionConfig config;
   if (!content_description->config()->GetFinalConfig(&config)) {
     LOG(ERROR) << "Connection response does not specify configuration";
     return false;
   }
   if (!candidate_config()->IsSupported(config)) {
     LOG(ERROR) << "Connection response specifies an invalid configuration";
     return false;
   }
 
   set_config(config);
   return true;
 }
 
 void JingleSession::OnAccept() {
   DCHECK(CalledOnValidThread());
 
   // If we initiated the session, store the candidate configuration that the
   // host responded with, to refer to later.
   if (cricket_session_->initiator()) {
     if (!InitializeConfigFromDescription(
             cricket_session_->remote_description())) {
       CloseInternal(net::ERR_CONNECTION_FAILED, INCOMPATIBLE_PROTOCOL);
       return;
     }
   }
 
   SetState(CONNECTED);
 
-  if (authenticator_->state() == Authenticator::ACCEPTED)
+  // Process authentication.
+  if (authenticator_->state() == Authenticator::ACCEPTED) {
     SetState(AUTHENTICATED);
+  } else {
+    ProcessAuthenticationStep();
+  }
 }
 
 void JingleSession::OnTerminate() {
   DCHECK(CalledOnValidThread());
   CloseInternal(net::ERR_CONNECTION_ABORTED, OK);
 }
 
 void JingleSession::AcceptConnection() {
   SetState(CONNECTING);
 
@@ skipping 34 matching lines @@
 
   authenticator_.reset(
       jingle_session_manager_->CreateAuthenticator(jid(), auth_message));
   if (!authenticator_.get()) {
     CloseInternal(net::ERR_CONNECTION_FAILED, INCOMPATIBLE_PROTOCOL);
     return;
   }
 
   DCHECK(authenticator_->state() == Authenticator::WAITING_MESSAGE);
   authenticator_->ProcessMessage(auth_message);
-  // Support for more than two auth message is not implemented yet.
-  DCHECK(authenticator_->state() != Authenticator::WAITING_MESSAGE);
   if (authenticator_->state() == Authenticator::REJECTED) {
     CloseInternal(net::ERR_CONNECTION_FAILED, AUTHENTICATION_FAILED);
     return;
   }
 
   // Connection must be configured by the AcceptConnection() callback.
   CandidateSessionConfig* candidate_config =
       CandidateSessionConfig::CreateFrom(config());
 
   buzz::XmlElement* auth_reply = NULL;
   if (authenticator_->state() == Authenticator::MESSAGE_READY)
     auth_reply = authenticator_->GetNextMessage();
-  DCHECK_EQ(authenticator_->state(), Authenticator::ACCEPTED);
+  DCHECK_NE(authenticator_->state(), Authenticator::MESSAGE_READY);
   cricket_session_->Accept(
       CreateSessionDescription(candidate_config, auth_reply));
 }
 
+void JingleSession::ProcessAuthenticationStep() {
+  DCHECK_EQ(state_, CONNECTED);
+
+  while (authenticator_->state() == Authenticator::MESSAGE_READY) {
+    buzz::XmlElement* auth_message = authenticator_->GetNextMessage();
+    cricket::XmlElements message;
+    message.push_back(auth_message);
+    cricket_session_->SendInfoMessage(message);
+  }
+
+  if (authenticator_->state() == Authenticator::ACCEPTED) {
+    SetState(AUTHENTICATED);
+  } else if (authenticator_->state() == Authenticator::REJECTED) {
+    CloseInternal(net::ERR_CONNECTION_ABORTED, AUTHENTICATION_FAILED);
+  }
+}
+
 void JingleSession::AddChannelConnector(
     const std::string& name, JingleChannelConnector* connector) {
   DCHECK(channel_connectors_.find(name) == channel_connectors_.end());
 
   const std::string& content_name = GetContentInfo()->name;
   cricket::TransportChannel* raw_channel =
       cricket_session_->CreateChannel(content_name, name);
 
   if (!jingle_session_manager_->allow_nat_traversal_ &&
       !cricket_session_->initiator()) {
@@ skipping 54 matching lines @@
     const buzz::XmlElement* authenticator_message) {
   cricket::SessionDescription* desc = new cricket::SessionDescription();
   desc->AddContent(
       ContentDescription::kChromotingContentName, kChromotingXmlNamespace,
       new ContentDescription(config, authenticator_message));
   return desc;
 }
 
 }  // namespace protocol
 }  // namespace remoting