Third Party authentication protocol.

remoting/protocol/third_party_client_authenticator.cc

Index: remoting/protocol/third_party_client_authenticator.cc
diff --git a/remoting/protocol/third_party_client_authenticator.cc b/remoting/protocol/third_party_client_authenticator.cc
new file mode 100644
index 0000000000000000000000000000000000000000..72e9971e8d3bf47fa57ac1c3d8fbe7f63951520b
--- /dev/null
+++ b/remoting/protocol/third_party_client_authenticator.cc
@@ -0,0 +1,86 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "remoting/protocol/third_party_client_authenticator.h"
+
+#include "base/base64.h"
+#include "base/bind.h"
+#include "base/callback.h"
+#include "base/logging.h"
+#include "remoting/base/constants.h"
+#include "remoting/base/rsa_key_pair.h"
+#include "remoting/protocol/channel_authenticator.h"
+#include "remoting/protocol/v2_authenticator.h"
+#include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
+
+namespace remoting {
+namespace protocol {
+
+ThirdPartyClientAuthenticator::ThirdPartyClientAuthenticator(
+    const std::string& host_public_key,
+    scoped_ptr<TokenFetcher> token_fetcher,
+    Authenticator::State initial_state)
+  : ThirdPartyAuthenticatorBase(initial_state),

[Sergey Ulanov, 2013/03/07 21:20:41]

nit: indent two more spaces.

[rmsousa, 2013/03/20 01:30:16]

Done.

+    host_public_key_(host_public_key),
+    token_fetcher_(token_fetcher.Pass()) {
+}
+
+ThirdPartyClientAuthenticator::~ThirdPartyClientAuthenticator() {
+}
+
+void ThirdPartyClientAuthenticator::ProcessMessageInternal(
+    const buzz::XmlElement* message,
+    const base::Closure& resume_callback) {
+  std::string token_url = message->TextNamed(kTokenUrlTag);
+  std::string token_scope = message->TextNamed(kTokenScopeTag);
+  if (!token_url.empty() && !token_scope.empty()) {
+    state_ = PROCESSING_MESSAGE;
+    // |token_fetcher_| is owned, so Unretained() is safe here.
+    token_fetcher_->FetchThirdPartyToken(
+        GURL(token_url), host_public_key_, token_scope, base::Bind(
+            &ThirdPartyClientAuthenticator::OnThirdPartyTokenFetched,
+            base::Unretained(this), resume_callback));
+    return;
+  }
+
+  LOG(WARNING) << "Missing token issue URL/verification URL/scope.";

[Sergey Ulanov, 2013/03/07 21:20:41]

better to log it as ERROR. Also suggest rewording as "Third-party authentication
protocol error: missing token verification URL or scope."

[rmsousa, 2013/03/20 01:30:16]

Done.

+  state_ = REJECTED;
+  rejection_reason_ = PROTOCOL_ERROR;
+  resume_callback.Run();
+  return;

[Sergey Ulanov, 2013/03/07 21:20:41]

nit: don't need return statement here.

[rmsousa, 2013/03/20 01:30:16]

Done.

+}
+
+void ThirdPartyClientAuthenticator::GetNextMessageInternal(
+    buzz::XmlElement* message) {
+  if (state_ == MESSAGE_READY) {

[Sergey Ulanov, 2013/03/07 21:20:41]

this should be a DCHECK.

[rmsousa, 2013/03/20 01:30:16]

Done.

+    if (!token_.empty()) {
+      buzz::XmlElement* token_tag = new buzz::XmlElement(kTokenTag);
+      token_tag->SetBodyText(token_);
+      message->AddElement(token_tag);
+      state_ = ACCEPTED;
+    } else {
+      // The client doesn't really have anything to send yet, it's just
+      // waiting for the host to send the token_url.
+      state_ = WAITING_MESSAGE;
+    }
+  }
+}
+
+void ThirdPartyClientAuthenticator::OnThirdPartyTokenFetched(
+    const base::Closure& resume_callback, const std::string& third_party_token,
+    const std::string& shared_secret) {
+  token_ = third_party_token;
+  if (!token_.empty() && !shared_secret.empty()) {
+    state_ = MESSAGE_READY;
+    underlying_ = V2Authenticator::CreateForClient(
+        shared_secret, MESSAGE_READY);
+  } else {
+    state_ = REJECTED;
+    rejection_reason_ = INVALID_CREDENTIALS;
+  }
+  resume_callback.Run();
+}
+
+}  // namespace protocol
+}  // namespace remoting