Host-side third party token validation

remoting/protocol/third_party_host_authenticator.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef REMOTING_PROTOCOL_THIRD_PARTY_HOST_AUTHENTICATOR_H_
 #define REMOTING_PROTOCOL_THIRD_PARTY_HOST_AUTHENTICATOR_H_
 
 #include <string>
 
 #include "base/callback.h"
@@ skipping 36 matching lines @@
         const TokenValidatedCallback& token_validated_callback) = 0;
 
     // URL sent to the client, to be used by its |TokenFetcher| to get a token.
     virtual const GURL& token_url() const = 0;
 
     // Space-separated list of connection attributes the host must send to the
     // client, and require the token received in response to match.
     virtual const std::string& token_scope() const = 0;
   };
 
+  class TokenValidatorFactory {
+   public:
+    virtual ~TokenValidatorFactory() {}
+
+   // Creates a TokenValidator. |local_jid| and |remote_jid| are used to create
+    // a token scope that is restricted to the current connection's JIDs.
+    virtual scoped_ptr<TokenValidator> CreateTokenValidator(
+        const GURL& token_url,
+        const GURL& token_validation_url,
+        scoped_refptr<RsaKeyPair> key_pair,

[Sergey Ulanov, 2013/03/28 22:34:54]

These three parameters are specific to url-based token validator, so they
shouldn't be part of the generic interface. Can you move them to
UrlFetcherTokenValidatorFactory constructor?

[rmsousa, 2013/03/28 23:12:49]

These can change during the lifetime of the host (policy/config update), so they
can't be owned by a global TokenValidatorFactory. If instead of having a global
one we create a TokenValidatorFactory when we create Me2MeAuthenticatorFactory
(see the previous patchset), we can't pass a naked reference to the factory to
NegotiatingAuthenticator, because there's no ownership between
Me2MeAuthenticatorFactory and NegotiatingAuthenticator, so we end up having to
refcount the TokenValidatorFactory.

Again this gets much simpelr if we declare that the host's protocol choice is
final - Me2MeAuthenticatorFactory can just give the NegotiatingAuthenticator a
TokenValidator instance.

[Sergey Ulanov, 2013/03/28 23:39:39]

For some policies we restart the host when they change. I think we should do it
for these authentication policies too. This is necessary because you need to
make sure that policies apply to all connected clients. If a client is connected
while token_url changes then it means that the client needs to be
reauthenticated using new URL. I don't think we want to support reauthentication
mid-session - it's easier to restart the host in that case.

[rmsousa, 2013/04/04 22:13:43]

Done.

+        const std::string& local_jid,
+        const std::string& remote_jid) = 0;
+  };
+
   // Creates a third-party host authenticator. |local_cert| and |key_pair| are
   // used by the underlying V2Authenticator to create the SSL channels.
   // |token_validator| contains the token parameters to be sent to the client
   // and is used to obtain the shared secret.
   ThirdPartyHostAuthenticator(const std::string& local_cert,
                               scoped_refptr<RsaKeyPair> key_pair,
                               scoped_ptr<TokenValidator> token_validator);
   virtual ~ThirdPartyHostAuthenticator();
 
  protected:
@@ skipping 10 matching lines @@
 
   std::string local_cert_;
   scoped_refptr<RsaKeyPair> key_pair_;
   scoped_ptr<TokenValidator> token_validator_;
 };
 
 }  // namespace protocol
 }  // namespace remoting
 
 #endif  // REMOTING_PROTOCOL_THIRD_PARTY_HOST_AUTHENTICATOR_H_