| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef REMOTING_PROTOCOL_NEGOTIATING_AUTHENTICATOR_H_ | 5 #ifndef REMOTING_PROTOCOL_NEGOTIATING_AUTHENTICATOR_H_ |
| 6 #define REMOTING_PROTOCOL_NEGOTIATING_AUTHENTICATOR_H_ | 6 #define REMOTING_PROTOCOL_NEGOTIATING_AUTHENTICATOR_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
| 12 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
| 13 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
| 14 #include "remoting/protocol/authenticator.h" | 14 #include "remoting/protocol/authenticator.h" |
| 15 #include "remoting/protocol/authentication_method.h" | 15 #include "remoting/protocol/authentication_method.h" |
| 16 | 16 |
| 17 namespace remoting { | 17 namespace remoting { |
| 18 | 18 |
| 19 class RsaKeyPair; | 19 class RsaKeyPair; |
| 20 | 20 |
| 21 namespace protocol { | 21 namespace protocol { |
| 22 | 22 |
| 23 class PinFetcherFactory; |
| 24 |
| 25 // This class provides a meta-authenticator that allows clients and hosts that |
| 26 // support multiple authentication methods to negotiate a method to use. |
| 27 // |
| 28 // The typical flow is: |
| 29 // * Client sends a message to host with its supported methods. |
| 30 // (clients may also pick a method and send its first message here). |
| 31 // * Host picks a method and sends its first message (if any). |
| 32 // (if a supported method/message was sent by a client, it is processed). |
| 33 // * Client creates the authenticator selected by the host. If the method |
| 34 // starts with a message from the host, it is processed. |
| 35 // * Client and host exchange messages until the authentication is ACCEPTED or |
| 36 // REJECTED. |
| 37 // |
| 38 // The details: |
| 39 // * The underlying message processing may be asynchronous (i.e. require user |
| 40 // interaction based on the message contents), so it receives a callback to |
| 41 // resume processing when done. |
| 42 // * Creating an authenticator may also be asynchronous (i.e. require user |
| 43 // interaction to determine initial parameters, like PIN), so it also |
| 44 // receives a callback. If the authenticator has received a message to |
| 45 // process, the message processing code must also be on that callback. |
| 46 // * Some authentication methods may have a specific starting direction (e.g. |
| 47 // host always sends the first message), while others are versatile (e.g. |
| 48 // SPAKE, where either side can send the first message). So when an |
| 49 // authenticator is created, it is given a "preferred" (context-dependent) |
| 50 // initial state, but it may ignore it, and the negotiating authenticator |
| 51 // must deal with that, by sending a blank message if the method has none |
| 52 // to send, and ignoring such blank message on the receiving end. This |
| 53 // relies on the assumption that each method must either be versatile on |
| 54 // both ends, or name an explicit direction to start. |
| 55 // * The client may pick a method on its first message (assuming it doesn't |
| 56 // require user interaction to start), and the host may not support that |
| 57 // method, in which case it must discard that message and create an |
| 58 // authenticator for a mutually supported method. |
| 59 // * The host never sends its own supported methods back to the client, so once |
| 60 // the host picks a method from the client's list, it's final. |
| 61 // * Any change in this class must maintain compatibility between any version |
| 62 // mix of webapp, client plugin and host, for both Me2Me and IT2Me. |
| 23 class NegotiatingAuthenticator : public Authenticator { | 63 class NegotiatingAuthenticator : public Authenticator { |
| 24 public: | 64 public: |
| 25 virtual ~NegotiatingAuthenticator(); | 65 virtual ~NegotiatingAuthenticator(); |
| 26 | 66 |
| 27 static bool IsNegotiableMessage(const buzz::XmlElement* message); | |
| 28 | |
| 29 // Creates a client authenticator for the given methods. | 67 // Creates a client authenticator for the given methods. |
| 30 static scoped_ptr<Authenticator> CreateForClient( | 68 static scoped_ptr<Authenticator> CreateForClient( |
| 31 const std::string& authentication_tag, | 69 const std::string& authentication_tag, |
| 32 const std::string& shared_secret, | 70 const std::string& shared_secret, |
| 71 PinFetcherFactory* pin_fetcher_factory, |
| 33 const std::vector<AuthenticationMethod>& methods); | 72 const std::vector<AuthenticationMethod>& methods); |
| 34 | 73 |
| 35 // Creates a host authenticator, using a fixed shared secret/PIN hash. | 74 // Creates a host authenticator, using a fixed shared secret/PIN hash. |
| 36 static scoped_ptr<Authenticator> CreateForHost( | 75 static scoped_ptr<Authenticator> CreateForHost( |
| 37 const std::string& local_cert, | 76 const std::string& local_cert, |
| 38 scoped_refptr<RsaKeyPair> key_pair, | 77 scoped_refptr<RsaKeyPair> key_pair, |
| 39 const std::string& shared_secret_hash, | 78 const std::string& shared_secret_hash, |
| 40 AuthenticationMethod::HashFunction hash_function); | 79 AuthenticationMethod::HashFunction hash_function); |
| 41 | 80 |
| 42 // Authenticator interface. | 81 // Authenticator interface. |
| 43 virtual State state() const OVERRIDE; | 82 virtual State state() const OVERRIDE; |
| 44 virtual RejectionReason rejection_reason() const OVERRIDE; | 83 virtual RejectionReason rejection_reason() const OVERRIDE; |
| 45 virtual void ProcessMessage(const buzz::XmlElement* message, | 84 virtual void ProcessMessage(const buzz::XmlElement* message, |
| 46 const base::Closure& resume_callback) OVERRIDE; | 85 const base::Closure& resume_callback) OVERRIDE; |
| 47 virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE; | 86 virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE; |
| 48 virtual scoped_ptr<ChannelAuthenticator> | 87 virtual scoped_ptr<ChannelAuthenticator> |
| 49 CreateChannelAuthenticator() const OVERRIDE; | 88 CreateChannelAuthenticator() const OVERRIDE; |
| 50 | 89 |
| 51 private: | 90 private: |
| 52 NegotiatingAuthenticator(Authenticator::State initial_state); | 91 explicit NegotiatingAuthenticator(Authenticator::State initial_state); |
| 53 | 92 |
| 54 void AddMethod(const AuthenticationMethod& method); | 93 void AddMethod(const AuthenticationMethod& method); |
| 55 void CreateAuthenticator(State initial_state); | 94 |
| 95 // (Asynchronously) creates an authenticator. Authenticators that can be |
| 96 // started in either state will be created in |preferred_initial_state|. |
| 97 // |resume_callback| is called when the authenticator is ready. |
| 98 void CreateAuthenticator(Authenticator::State preferred_initial_state, |
| 99 const base::Closure& resume_callback); |
| 100 |
| 101 // Processes a message in the current authenticator. |message| and |
| 102 // |resume_callback| are passed to the underlying ProcessMessage call. |
| 103 void ProcessMessageInternal(const buzz::XmlElement* message, |
| 104 const base::Closure& resume_callback); |
| 105 |
| 106 // Updates |state_| to reflect the current underlying authenticator state. |
| 56 void UpdateState(const base::Closure& resume_callback); | 107 void UpdateState(const base::Closure& resume_callback); |
| 57 | 108 |
| 58 bool is_host_side() const; | 109 bool is_host_side() const; |
| 59 | 110 |
| 60 // Used only for host authenticators. | 111 // Used only for host authenticators. |
| 61 std::string local_cert_; | 112 std::string local_cert_; |
| 62 scoped_refptr<RsaKeyPair> local_key_pair_; | 113 scoped_refptr<RsaKeyPair> local_key_pair_; |
| 63 std::string shared_secret_hash_; | 114 std::string shared_secret_hash_; |
| 64 | 115 |
| 65 // Used only for client authenticators. | 116 // Used only for client authenticators. |
| 66 std::string authentication_tag_; | 117 std::string authentication_tag_; |
| 67 std::string shared_secret_; | 118 std::string shared_secret_; |
| 119 PinFetcherFactory* pin_fetcher_factory_; |
| 68 | 120 |
| 69 // Used for both host and client authenticators. | 121 // Used for both host and client authenticators. |
| 70 std::vector<AuthenticationMethod> methods_; | 122 std::vector<AuthenticationMethod> methods_; |
| 71 AuthenticationMethod current_method_; | 123 AuthenticationMethod current_method_; |
| 72 scoped_ptr<Authenticator> current_authenticator_; | 124 scoped_ptr<Authenticator> current_authenticator_; |
| 73 State state_; | 125 State state_; |
| 74 RejectionReason rejection_reason_; | 126 RejectionReason rejection_reason_; |
| 75 | 127 |
| 76 DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticator); | 128 DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticator); |
| 77 }; | 129 }; |
| 78 | 130 |
| 79 } // namespace protocol | 131 } // namespace protocol |
| 80 } // namespace remoting | 132 } // namespace remoting |
| 81 | 133 |
| 82 #endif // REMOTING_PROTOCOL_NEGOTIATING_AUTHENTICATOR_H_ | 134 #endif // REMOTING_PROTOCOL_NEGOTIATING_AUTHENTICATOR_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12518027:
Protocol / client plugin changes to support interactively asking for a PIN (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master