OLD | NEW |
(Empty) | |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef REMOTING_PROTOCOL_THIRD_PARTY_CLIENT_AUTHENTICATOR_H_ |
| 6 #define REMOTING_PROTOCOL_THIRD_PARTY_CLIENT_AUTHENTICATOR_H_ |
| 7 |
| 8 #include <string> |
| 9 |
| 10 #include "base/callback.h" |
| 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "googleurl/src/gurl.h" |
| 13 #include "remoting/protocol/third_party_authenticator_base.h" |
| 14 |
| 15 namespace remoting { |
| 16 namespace protocol { |
| 17 |
| 18 // Implements an authentication method that relies on a third party server for |
| 19 // authentication of both client and host. |
| 20 // When third party authentication is being used, the client must request both a |
| 21 // token and a shared secret from a third-party server (which may require the |
| 22 // user to authenticate themselves). The client then sends only the token to the |
| 23 // host. The host signs the token, then contacts the third-party server to |
| 24 // exchange the token for the shared secret. Once both client and host have the |
| 25 // shared secret, they use an underlying |V2Authenticator| (SPAKE2) to negotiate |
| 26 // an authentication key, which is used to establish the connection. |
| 27 class ThirdPartyClientAuthenticator : public ThirdPartyAuthenticatorBase { |
| 28 public: |
| 29 class TokenFetcher { |
| 30 public: |
| 31 // Callback passed to |FetchThirdPartyToken|, and called once the client |
| 32 // authentication finishes. |token| is an opaque string that should be sent |
| 33 // directly to the host. |shared_secret| should be used by the client to |
| 34 // create a V2Authenticator. In case of failure, the callback is called with |
| 35 // an empty |token| and |shared_secret|. |
| 36 typedef base::Callback<void( |
| 37 const std::string& token, |
| 38 const std::string& shared_secret)> TokenFetchedCallback; |
| 39 |
| 40 virtual ~TokenFetcher() {} |
| 41 |
| 42 // Fetches a third party token from |token_url|. |host_public_key| is sent |
| 43 // to the server so it can later authenticate the host. |scope| is a string |
| 44 // with a space-separated list of attributes for this connection (e.g. |
| 45 // "hostjid:abc@example.com/123 clientjid:def@example.org/456". |
| 46 // |token_fetched_callback| is called when the client authentication ends, |
| 47 // in the same thread |FetchThirdPartyToken| was originally called. |
| 48 // The request is canceled if the TokenFetcher is destroyed. |
| 49 virtual void FetchThirdPartyToken( |
| 50 const GURL& token_url, |
| 51 const std::string& host_public_key, |
| 52 const std::string& scope, |
| 53 const TokenFetchedCallback& token_fetched_callback) = 0; |
| 54 }; |
| 55 |
| 56 // Creates a third-party client authenticator, for the host with the given |
| 57 // |host_public_key|. |token_fetcher| must outlive this authenticator. |
| 58 ThirdPartyClientAuthenticator(const std::string& host_public_key, |
| 59 scoped_ptr<TokenFetcher> token_fetcher, |
| 60 Authenticator::State initial_state); |
| 61 virtual ~ThirdPartyClientAuthenticator(); |
| 62 |
| 63 protected: |
| 64 // ThirdPartyAuthenticator implementation. |
| 65 virtual void ProcessMessageInternal( |
| 66 const buzz::XmlElement* message, |
| 67 const base::Closure& resume_callback) OVERRIDE; |
| 68 virtual void GetNextMessageInternal(buzz::XmlElement* message) OVERRIDE; |
| 69 |
| 70 private: |
| 71 void OnThirdPartyTokenFetched(const base::Closure& resume_callback, |
| 72 const std::string& third_party_token, |
| 73 const std::string& shared_secret); |
| 74 |
| 75 std::string host_public_key_; |
| 76 std::string token_; |
| 77 scoped_ptr<TokenFetcher> token_fetcher_; |
| 78 }; |
| 79 |
| 80 |
| 81 } // namespace protocol |
| 82 } // namespace remoting |
| 83 |
| 84 #endif // REMOTING_PROTOCOL_THIRD_PARTY_CLIENT_AUTHENTICATOR_H_ |
OLD | NEW |