Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(24)

Side by Side Diff: remoting/protocol/third_party_client_authenticator.h

Issue 12326090: Third Party authentication protocol. (Closed) Base URL: http://git.chromium.org/chromium/src.git@host_key_pair
Patch Set: Split authenticator into base, client, host Created 7 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef REMOTING_PROTOCOL_THIRD_PARTY_CLIENT_AUTHENTICATOR_H_
6 #define REMOTING_PROTOCOL_THIRD_PARTY_CLIENT_AUTHENTICATOR_H_
7
8 #include <string>
9
10 #include "base/callback.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "googleurl/src/gurl.h"
13 #include "remoting/protocol/third_party_authenticator_base.h"
14
15 namespace remoting {
16 namespace protocol {
17
18 // Implements an authentication method that relies on a third party server for
19 // authentication of both client and host.
20 // When third party authentication is being used, the client must request both a
21 // token and a shared secret from a third-party server (which may require the
22 // user to authenticate themselves). The client then sends only the token to the
23 // host. The host signs the token, then contacts the third-party server to
24 // exchange the token for the shared secret. Once both client and host have the
25 // shared secret, they use an underlying |V2Authenticator| (SPAKE2) to negotiate
26 // an authentication key, which is used to establish the connection.
27 class ThirdPartyClientAuthenticator : public ThirdPartyAuthenticatorBase {
28 public:
29 class TokenFetcher {
30 public:
31 // Callback passed to |FetchThirdPartyToken|, and called once the client
32 // authentication finishes. |token| is an opaque string that should be sent
33 // directly to the host. |shared_secret| should be used by the client to
34 // create a V2Authenticator. In case of failure, the callback is called with
35 // an empty |token| and |shared_secret|.
36 typedef base::Callback<void(
37 const std::string& token,
38 const std::string& shared_secret)> TokenFetchedCallback;
39
40 virtual ~TokenFetcher() {}
41
42 // Fetches a third party token from |token_url|. |host_public_key| is sent
43 // to the server so it can later authenticate the host. |scope| is a string
44 // with a space-separated list of attributes for this connection (e.g.
45 // "hostjid:abc@example.com/123 clientjid:def@example.org/456".
46 // |token_fetched_callback| is called when the client authentication ends,
47 // in the same thread |FetchThirdPartyToken| was originally called.
48 // The request is canceled if the TokenFetcher is destroyed.
49 virtual void FetchThirdPartyToken(
50 const GURL& token_url,
51 const std::string& host_public_key,
52 const std::string& scope,
53 const TokenFetchedCallback& token_fetched_callback) = 0;
54 };
55
56 // Creates a third-party client authenticator, for the host with the given
57 // |host_public_key|. |token_fetcher| must outlive this authenticator.
58 ThirdPartyClientAuthenticator(const std::string& host_public_key,
59 scoped_ptr<TokenFetcher> token_fetcher,
60 Authenticator::State initial_state);
61 virtual ~ThirdPartyClientAuthenticator();
62
63 protected:
64 // ThirdPartyAuthenticator implementation.
65 virtual void ProcessMessageInternal(
66 const buzz::XmlElement* message,
67 const base::Closure& resume_callback) OVERRIDE;
68 virtual void GetNextMessageInternal(buzz::XmlElement* message) OVERRIDE;
69
70 private:
71 void OnThirdPartyTokenFetched(const base::Closure& resume_callback,
72 const std::string& third_party_token,
73 const std::string& shared_secret);
74
75 std::string host_public_key_;
76 std::string token_;
77 scoped_ptr<TokenFetcher> token_fetcher_;
78 };
79
80
81 } // namespace protocol
82 } // namespace remoting
83
84 #endif // REMOTING_PROTOCOL_THIRD_PARTY_CLIENT_AUTHENTICATOR_H_
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698