PairingAuthenticator implementation and plumbing.

remoting/protocol/pairing_host_authenticator.cc

+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "remoting/protocol/pairing_host_authenticator.h"
+
+#include "base/bind.h"
+#include "base/logging.h"
+#include "remoting/base/constants.h"
+#include "remoting/base/rsa_key_pair.h"
+#include "remoting/protocol/channel_authenticator.h"
+#include "remoting/protocol/pairing_registry.h"
+#include "remoting/protocol/v2_authenticator.h"
+#include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
+
+namespace remoting {
+namespace protocol {
+
+namespace {
+// These definitions must be kept in sync with pairing_client_authenticator.cc.
+const buzz::StaticQName kPairingInfoTag =
+    { kChromotingXmlNamespace, "pairing-info" };
+const buzz::StaticQName kClientIdAttribute =
+    { "", "client-id" };
+const buzz::StaticQName kPairingFailedTag =
+    { kChromotingXmlNamespace, "pairing-failed" };
+const buzz::StaticQName kPairingErrorAttribute =
+    { "", "error" };
+}  // namespace
+
+PairingHostAuthenticator::PairingHostAuthenticator(
+    scoped_refptr<PairingRegistry> pairing_registry,
+    const std::string& local_cert,
+    scoped_refptr<RsaKeyPair> key_pair,
+    const std::string& pin)
+    : pairing_registry_(pairing_registry),
+      local_cert_(local_cert),
+      key_pair_(key_pair),
+      pin_(pin),
+      protocol_error_(false),
+      using_paired_secret_(false),
+      weak_factory_(this) {
+}
+
+Authenticator::State PairingHostAuthenticator::state() const {
+  if (protocol_error_) {
+    return REJECTED;
+  } else if (v2_authenticator_) {
+    return v2_authenticator_->state();
+  } else {
+    return WAITING_MESSAGE;
+  }
+}
+
+Authenticator::RejectionReason
+PairingHostAuthenticator::rejection_reason() const {
+  if (protocol_error_) {
+    return PROTOCOL_ERROR;
+  }
+  DCHECK(v2_authenticator_);

[Wez, 2013/05/18 20:08:36]

nit: rejection_reason() below will segfault if |v2_authenticator_| is NULL, so
you don't strictly need this DCHECK. Plus, since it's a debug-only check, if
there's a bug in the authenticator logic then a client can coax you into
segfaulting anyway - to be defensive you could check |v2_authenticator_| first,
then DCHECK(protocol_error_) but then return PROTOCOL_ERROR no matter what.

[Jamie, 2013/05/21 01:24:34]

Done (in the base class).

+  return v2_authenticator_->rejection_reason();
+}
+
+void PairingHostAuthenticator::ProcessMessage(
+    const buzz::XmlElement* message,
+    const base::Closure& resume_callback) {
+  DCHECK_EQ(state(), WAITING_MESSAGE);
+
+  // If there's already an underlying authenticator, defer to it, but check
+  // for a failed SPAKE exchange if we're using the paired secret. In this
+  // case the pairing protocol can continue after the client has prompted
+  // the user to enter the PIN.
+  if (v2_authenticator_) {
+    DCHECK_EQ(v2_authenticator_->state(), WAITING_MESSAGE);
+    v2_authenticator_->ProcessMessage(
+        message,
+        base::Bind(&PairingHostAuthenticator::CheckForFailedSpakeExchange,
+                   weak_factory_.GetWeakPtr(), resume_callback));
+    return;
+  }
+
+  // If there isn't already an underlying authenticator, then create one based
+  // on the contents of the first message: use the PIN if the client id is
+  // not recognized, or the corresponding paired secret if it is.
+  std::string client_id;
+  const buzz::XmlElement* pairing_tag = message->FirstNamed(kPairingInfoTag);
+  if (pairing_tag) {
+    client_id = pairing_tag->Attr(kClientIdAttribute);
+  }
+  if (client_id.empty()) {
+    LOG(ERROR) << "No client id specified.";
+    protocol_error_ = true;
+    resume_callback.Run();
+    return;
+  }
+
+  std::string paired_secret = pairing_registry_->GetSecret(client_id);
+
+  if (paired_secret.empty()) {
+    LOG(INFO) << "Unknown client id";
+    error_message_ = "unknown-client-id";
+    CreateV2AuthenticatorWithPIN();
+    resume_callback.Run();
+    return;
+  }
+
+  v2_authenticator_ = V2Authenticator::CreateForHost(
+      local_cert_, key_pair_, paired_secret, MESSAGE_READY);
+  using_paired_secret_ = true;
+
+  resume_callback.Run();
+}
+
+scoped_ptr<buzz::XmlElement> PairingHostAuthenticator::GetNextMessage() {
+  DCHECK_EQ(state(), MESSAGE_READY);
+
+  DCHECK(v2_authenticator_);

[Wez, 2013/05/18 20:08:36]

nit: See above - does the DCHECK add anything here?

[Jamie, 2013/05/21 01:24:34]

Done.

+  scoped_ptr<buzz::XmlElement> result = v2_authenticator_->GetNextMessage();
+
+  if (!error_message_.empty()) {
+    buzz::XmlElement* pairing_failed_tag =
+        new buzz::XmlElement(kPairingFailedTag);
+    pairing_failed_tag->AddAttr(kPairingErrorAttribute, error_message_);
+    result->AddElement(pairing_failed_tag);
+    error_message_.clear();
+  }
+
+  return result.Pass();
+}
+
+scoped_ptr<ChannelAuthenticator>
+PairingHostAuthenticator::CreateChannelAuthenticator() const {
+  DCHECK(v2_authenticator_);

[Wez, 2013/05/18 20:08:36]

nit: Ditto.

[Jamie, 2013/05/21 01:24:34]

Done.

+  return v2_authenticator_->CreateChannelAuthenticator();
+}
+
+void PairingHostAuthenticator::CreateV2AuthenticatorWithPIN() {
+  DCHECK(!v2_authenticator_);

[Wez, 2013/05/18 20:08:36]

nit: Here too

[Jamie, 2013/05/21 01:24:34]

Done.

+  v2_authenticator_ = V2Authenticator::CreateForHost(
+      local_cert_, key_pair_, pin_, MESSAGE_READY);
+  using_paired_secret_ = false;
+}
+
+void PairingHostAuthenticator::CheckForFailedSpakeExchange(
+    const base::Closure& resume_callback) {
+  DCHECK(v2_authenticator_);

[Wez, 2013/05/18 20:08:36]

nit: Ditto.

[Jamie, 2013/05/21 01:24:34]

Done.

+  State v2_state = v2_authenticator_->state();
+  // If the SPAKE exchange failed due to invalid credentials, and those

[Wez, 2013/05/18 20:08:36]

nit: Blank lines before this comment, and after the code block, please.

[Jamie, 2013/05/21 01:24:34]

Done (in the base class).

+  // credentials were the paired secret, then notify the client that the
+  // PIN-less connection failed, causing it to prompt the user for the PIN.
+  if (v2_state == REJECTED &&
+      v2_authenticator_->rejection_reason() == INVALID_CREDENTIALS &&
+      using_paired_secret_) {
+    error_message_ = "invalid-shared-secret";
+    v2_authenticator_.reset();
+    CreateV2AuthenticatorWithPIN();
+  }
+  resume_callback.Run();
+}
+
+}  // namespace protocol
+}  // namespace remoting