Third Party authentication protocol.

remoting/protocol/third_party_client_authenticator.h

Index: remoting/protocol/third_party_client_authenticator.h
diff --git a/remoting/protocol/third_party_client_authenticator.h b/remoting/protocol/third_party_client_authenticator.h
new file mode 100644
index 0000000000000000000000000000000000000000..2d7328d8f41c8305ab311689e6c378e1e4027fb9
--- /dev/null
+++ b/remoting/protocol/third_party_client_authenticator.h
@@ -0,0 +1,82 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef REMOTING_PROTOCOL_THIRD_PARTY_CLIENT_AUTHENTICATOR_H_
+#define REMOTING_PROTOCOL_THIRD_PARTY_CLIENT_AUTHENTICATOR_H_
+
+#include <string>
+
+#include "base/callback.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/memory/weak_ptr.h"
+#include "googleurl/src/gurl.h"

[Sergey Ulanov, 2013/03/20 07:24:12]

Can forward-declare GURL

[rmsousa, 2013/03/21 01:23:25]

Done.

+#include "remoting/protocol/third_party_authenticator_base.h"
+
+namespace remoting {
+namespace protocol {
+
+// Callback passed to |FetchTokenCallback|, and called once the client
+// authentication finishes. |token| is an opaque string that should be sent
+// directly to the host. |shared_secret| should be used by the client to
+// create a V2Authenticator. In case of failure, the callback is called with
+// an empty |token| and |shared_secret|.
+typedef base::Callback<void(
+    const std::string& token,
+    const std::string& shared_secret)> TokenFetchedCallback;
+
+// Fetches a third party token from |token_url|. |host_public_key| is sent
+// to the server so it can later authenticate the host. |scope| is a string
+// with a space-separated list of attributes for this connection (e.g.
+// "hostjid:abc@example.com/123 clientjid:def@example.org/456".
+// |token_fetched_callback| is called when the client authentication ends,
+// in the same thread |FetchTokenCallback| was originally called.
+typedef base::Callback<void(
+    const GURL& token_url,
+    const std::string& host_public_key,
+    const std::string& scope,
+    const TokenFetchedCallback& token_fetched_callback)> FetchTokenCallback;

[Sergey Ulanov, 2013/03/20 07:24:12]

The fetcher will be fetching information from remote server. We do want to be
able to cancel these requests when authenticator is destroyed (there might be a
possibility of DoS attack if we just keep those requests lingering). So in this
case it's better to have the interface (and maybe factory).

[rmsousa, 2013/03/21 01:23:25]

The way it works, it's not really cancellable in the js layer - we fire and
forget either a window.open() or a launchWebAuthFlow() (which also opens a new
window), and then it comes back with the token when it's done.

But yeah, it may be a good idea to leave the possibility open anyway.

+
+// Implements an authentication method that relies on a third party server for
+// authentication of both client and host.
+// When third party authentication is being used, the client must request both a
+// token and a shared secret from a third-party server (which may require the
+// user to authenticate themselves). The client then sends only the token to the
+// host. The host signs the token, then contacts the third-party server to
+// exchange the token for the shared secret. Once both client and host have the
+// shared secret, they use an underlying |V2Authenticator| (SPAKE2) to negotiate
+// an authentication key, which is used to establish the connection.
+class ThirdPartyClientAuthenticator : public ThirdPartyAuthenticatorBase {
+ public:
+  // Creates a third-party client authenticator, for the host with the given
+  // |host_public_key|.
+  ThirdPartyClientAuthenticator(const std::string& host_public_key,
+                                const FetchTokenCallback& fetch_token_callback);
+  virtual ~ThirdPartyClientAuthenticator();
+
+ protected:
+  // ThirdPartyAuthenticator implementation.
+  virtual void ProcessTokenMessage(
+      const buzz::XmlElement* message,
+      const base::Closure& resume_callback) OVERRIDE;
+  virtual void AddTokenElements(buzz::XmlElement* message) OVERRIDE;
+
+ private:
+  void OnThirdPartyTokenFetched(const base::Closure& resume_callback,
+                                const std::string& third_party_token,
+                                const std::string& shared_secret);
+
+  std::string host_public_key_;
+  std::string token_;
+  FetchTokenCallback fetch_token_callback_;
+
+  base::WeakPtrFactory<ThirdPartyClientAuthenticator> weak_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(ThirdPartyClientAuthenticator);
+};
+
+
+}  // namespace protocol
+}  // namespace remoting
+
+#endif  // REMOTING_PROTOCOL_THIRD_PARTY_CLIENT_AUTHENTICATOR_H_