PairingAuthenticator implementation and plumbing.

remoting/protocol/pairing_client_authenticator.cc

+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "remoting/protocol/pairing_client_authenticator.h"
+
+#include "base/bind.h"
+#include "base/logging.h"
+#include "remoting/base/constants.h"
+#include "remoting/base/rsa_key_pair.h"
+#include "remoting/protocol/authentication_method.h"
+#include "remoting/protocol/channel_authenticator.h"
+#include "remoting/protocol/v2_authenticator.h"
+#include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
+
+namespace remoting {
+namespace protocol {
+
+namespace {
+// These definitions must be kept in sync with pairing_host_authenticator.cc.

[Wez, 2013/05/18 20:08:36]

nit: Should we split out all the auth tags into a single auth_tags.[h|cc]?

[Jamie, 2013/05/21 01:24:34]

I've factored common code into a base class, which I think is a better place for
them than somewhere common (since they're specific to this protocol).

+const buzz::StaticQName kPairingInfoTag =
+    { kChromotingXmlNamespace, "pairing-info" };
+const buzz::StaticQName kClientIdAttribute =
+    { "", "client-id" };
+const buzz::StaticQName kPairingFailedTag =
+    { kChromotingXmlNamespace, "pairing-failed" };
+const buzz::StaticQName kPairingErrorAttribute =
+    { "", "error" };
+}  // namespace
+
+PairingClientAuthenticator::PairingClientAuthenticator(
+    const std::string& client_id,
+    const std::string& paired_secret,
+    const FetchSecretCallback& fetch_pin_callback,
+    const std::string& authentication_tag)
+    : pairing_state_(MESSAGE_READY),
+      client_id_(client_id),
+      paired_secret_(paired_secret),
+      fetch_pin_callback_(fetch_pin_callback),
+      authentication_tag_(authentication_tag),
+      weak_factory_(this) {
+}
+
+Authenticator::State PairingClientAuthenticator::state() const {
+  if (pairing_state_ == ACCEPTED || pairing_state_ == REJECTED) {
+    DCHECK(v2_authenticator_);

[Wez, 2013/05/18 20:08:36]

nit: Won't state() already segfault if |v2_authenticator_| is NULL?

[Jamie, 2013/05/21 01:24:34]

operator-> already DCHECKs, so I've removed most of these now.

+    return v2_authenticator_->state();
+  } else {
+    return pairing_state_;
+  }
+}
+
+Authenticator::RejectionReason
+PairingClientAuthenticator::rejection_reason() const {
+  DCHECK(v2_authenticator_);

[Wez, 2013/05/18 20:08:36]

nit: Same here.

+  return v2_authenticator_->rejection_reason();
+}
+
+void PairingClientAuthenticator::ProcessMessage(
+    const buzz::XmlElement* message,
+    const base::Closure& resume_callback) {
+  DCHECK_EQ(state(), WAITING_MESSAGE);
+
+  const buzz::XmlElement* pairing_failed_tag =
+      message->FirstNamed(kPairingFailedTag);
+
+  if (pairing_failed_tag && pairing_state_ != REJECTED) {
+    // If pairing failed, and we haven't already done so, prompt the
+    // user for the PIN and try again.
+    std::string error = pairing_failed_tag->Attr(kPairingErrorAttribute);
+    LOG(INFO) << "Pairing failed: " << error;
+    pairing_state_ = PROCESSING_MESSAGE;
+    SecretFetchedCallback callback = base::Bind(
+        &PairingClientAuthenticator::CreateV2AuthenticatorWithPIN,
+        weak_factory_.GetWeakPtr(), base::Owned(new buzz::XmlElement(*message)),
+        resume_callback);
+    fetch_pin_callback_.Run(callback);
+    return;
+

[Wez, 2013/05/18 20:08:36]

Either get rid of the else, or the return.

[Jamie, 2013/05/21 01:24:34]

Done (in the new base class).

+  } else {
+    // If it's not a pairing error message, create the V2 authenticator
+    // backed by the paired secret if it doesn't already exist, and let
+    // it process the message.
+    if (!v2_authenticator_) {
+      pairing_state_ = ACCEPTED;
+      v2_authenticator_ = V2Authenticator::CreateForClient(
+          paired_secret_, WAITING_MESSAGE);
+    }
+    v2_authenticator_->ProcessMessage(message, resume_callback);
+  }
+}
+
+scoped_ptr<buzz::XmlElement> PairingClientAuthenticator::GetNextMessage() {
+  DCHECK_EQ(state(), MESSAGE_READY);
+
+  // If the initial message has not yet been sent, return it now.
+  if (pairing_state_ == MESSAGE_READY) {
+    scoped_ptr<buzz::XmlElement> result = CreateEmptyAuthenticatorMessage();
+    buzz::XmlElement* pairing_tag = new buzz::XmlElement(kPairingInfoTag);
+    pairing_tag->AddAttr(kClientIdAttribute, client_id_);
+    result->AddElement(pairing_tag);
+    pairing_state_ = WAITING_MESSAGE;
+    return result.Pass();
+  }
+
+  // In all other cases, defer to the underlying authenticator.
+  DCHECK(v2_authenticator_);
+  return v2_authenticator_->GetNextMessage();
+}
+
+scoped_ptr<ChannelAuthenticator>
+PairingClientAuthenticator::CreateChannelAuthenticator() const {
+  return v2_authenticator_->CreateChannelAuthenticator();
+}
+
+void PairingClientAuthenticator::CreateV2AuthenticatorWithPIN(
+    const buzz::XmlElement* message,
+    const base::Closure& resume_callback,
+    const std::string& pin) {
+  pairing_state_ = REJECTED;
+  v2_authenticator_ = V2Authenticator::CreateForClient(
+      AuthenticationMethod::ApplyHashFunction(
+          AuthenticationMethod::HMAC_SHA256,
+          authentication_tag_, pin),
+      WAITING_MESSAGE);
+  ProcessMessage(message, resume_callback);
+}
+
+}  // namespace protocol
+}  // namespace remoting