OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef REMOTING_PROTOCOL_PAIRING_CLIENT_AUTHENTICATOR_H_ | |
6 #define REMOTING_PROTOCOL_PAIRING_CLIENT_AUTHENTICATOR_H_ | |
7 | |
8 #include "base/memory/weak_ptr.h" | |
9 #include "remoting/protocol/authenticator.h" | |
10 | |
11 namespace remoting { | |
12 | |
13 class RsaKeyPair; | |
14 | |
15 namespace protocol { | |
16 | |
17 class Authenticator; | |
18 | |
19 typedef base::Callback<void(const std::string& secret)> SecretFetchedCallback; | |
20 typedef base::Callback<void( | |
21 const SecretFetchedCallback& secret_fetched_callback)> FetchSecretCallback; | |
22 | |
23 // PairingClientAuthenticator builds on top of V2Authenticator to add | |
24 // support for PIN-less authentication via device pairing: | |
25 // | |
26 // * If a client device is already paired, it includes a client id in | |
Wez
2013/05/18 20:08:36
nit: Suggest capitalizing 'Client Id', so that whe
Jamie
2013/05/21 01:24:34
Done.
| |
27 // the initial authentication message. | |
28 // * If the host recognizes the id, it looks up the corresponding | |
29 // paired secret and initiates a SPAKE with HMAC_SHA256. | |
30 // * If it does not recognize the id, it initiates a SPAKE exchange | |
31 // with HMAC_SHA256 using the PIN as the shared secret. The initial | |
32 // message of this exchange includes an an error message, which | |
33 // informs the client that the PIN-less connection failed and causes | |
34 // it to prompt the user for a PIN to use for authentication | |
35 // instead. | |
36 // | |
Wez
2013/05/18 20:08:36
nit: Lose the extra blank comment
Jamie
2013/05/21 01:24:34
Done.
| |
37 // | |
38 // If a client device is not already paired, but supports pairing, then | |
39 // the V2Authenticator is used instead of this class. Only the method name | |
40 // differs, which the client uses to determine that pairing should be offered | |
41 // to the user. | |
42 class PairingClientAuthenticator : public Authenticator { | |
43 public: | |
44 PairingClientAuthenticator( | |
45 const std::string& client_id, | |
46 const std::string& paired_secret, | |
47 const FetchSecretCallback& fetch_pin_callback, | |
48 const std::string& authentication_tag); | |
49 virtual ~PairingClientAuthenticator() {} | |
50 | |
51 // Authenticator interface. | |
52 virtual State state() const OVERRIDE; | |
53 virtual RejectionReason rejection_reason() const OVERRIDE; | |
54 virtual void ProcessMessage(const buzz::XmlElement* message, | |
55 const base::Closure& resume_callback) OVERRIDE; | |
56 virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE; | |
57 virtual scoped_ptr<ChannelAuthenticator> | |
58 CreateChannelAuthenticator() const OVERRIDE; | |
59 | |
60 private: | |
61 void CreateV2AuthenticatorWithPIN(const buzz::XmlElement* message, | |
62 const base::Closure& resume_callback, | |
63 const std::string& pin); | |
64 | |
65 // |pairing_state_| indicates the progress of the initial pairing client | |
66 // id exchange. MESSAGE_READY, WAITING_MESSAGE and PROCESSING_MESSAGE map | |
67 // directly to the corresponding return value from the |state| method (the | |
68 // latter means that the user is being prompted for the PIN). ACCEPTED and | |
69 // REJECTED mean that the client id exchange is complete and succeeded or | |
70 // failed, respectively. Currently, no distinction is made between these | |
71 // two states--in either case the underlying v2 authenticator has been | |
72 // created and holds the state of the overall auth exchange. | |
Wez
2013/05/18 20:08:36
This is a little confusing; are you saying that in
Jamie
2013/05/21 01:24:34
I've used a couple of booleans in the new implemen
| |
73 State pairing_state_; | |
74 | |
75 std::string client_id_; | |
Wez
2013/05/18 20:08:36
nit: Please add at least a block comment for these
Jamie
2013/05/21 01:24:34
Done.
| |
76 const std::string& paired_secret_; | |
77 FetchSecretCallback fetch_pin_callback_; | |
78 std::string authentication_tag_; | |
79 State initial_state_; | |
80 scoped_ptr<Authenticator> v2_authenticator_; | |
81 base::WeakPtrFactory<PairingClientAuthenticator> weak_factory_; | |
Wez
2013/05/18 20:08:36
nit: Suggest a blank line preceding |weak_factory_
Jamie
2013/05/21 01:24:34
Done.
| |
82 | |
83 DISALLOW_COPY_AND_ASSIGN(PairingClientAuthenticator); | |
84 }; | |
85 | |
86 } // namespace protocol | |
87 } // namespace remoting | |
88 | |
89 #endif // REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_H_ | |
OLD | NEW |