PairingAuthenticator implementation and plumbing.

remoting/protocol/pairing_authenticator_base.h

+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_BASE_H_
+#define REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_BASE_H_
+
+#include "base/memory/weak_ptr.h"
+#include "remoting/protocol/authenticator.h"
+#include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
+
+namespace remoting {
+namespace protocol {
+
+// The pairing authenticator builds on top of V2Authenticator to add
+// support for PIN-less authentication via device pairing:
+//
+// * If a client device is already paired, it includes a Client Id in
+//   the initial authentication message.

[rmsousa, 2013/05/21 23:17:07]

it includes a client id and the first SPAKE message for the client secret.

[Jamie, 2013/05/22 00:19:14]

Done.

+// * If the host recognizes the Client Id, it looks up the corresponding
+//   Paired Secret and initiates a SPAKE with HMAC_SHA256.

[rmsousa, 2013/05/21 23:17:07]

processes the incoming spake message.

[Jamie, 2013/05/22 00:19:14]

Done. I've also added a comment to describe the fallback behaviour if the SPAKE
exchange fails.

+// * If it does not recognize the Client Id, it initiates a SPAKE exchange
+//   with HMAC_SHA256 using the PIN as the shared secret. The initial
+//   message of this exchange includes an an error message, which
+//   informs the client that the PIN-less connection failed and causes
+//   it to prompt the user for a PIN to use for authentication
+//   instead.
+//
+// If a client device is not already paired, but supports pairing, then
+// the V2Authenticator is used instead of this class. Only the method name
+// differs, which the client uses to determine that pairing should be offered
+// to the user.

[rmsousa, 2013/05/21 23:17:07]

Nit: (see Negotiating{Client,Host}Authenticator::CreateAuthenticator)

[Jamie, 2013/05/22 00:19:14]

Done.

+class PairingAuthenticatorBase : public Authenticator {
+ public:
+  PairingAuthenticatorBase();
+  virtual ~PairingAuthenticatorBase() {}
+
+  // Authenticator interface.
+  virtual State state() const OVERRIDE;
+  virtual RejectionReason rejection_reason() const OVERRIDE;
+  virtual void ProcessMessage(const buzz::XmlElement* message,
+                              const base::Closure& resume_callback) OVERRIDE;
+  virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE;
+  virtual scoped_ptr<ChannelAuthenticator>
+      CreateChannelAuthenticator() const OVERRIDE;
+
+  typedef base::Callback<void(scoped_ptr<Authenticator> authenticator)>
+      SetAuthenticatorCallback;
+
+ protected:
+  // Create a V2 authenticator in the specified state, prompting the user for
+  // the PIN first if necessary.
+  virtual void CreateV2AuthenticatorWithPIN(
+      State initial_state,
+      const SetAuthenticatorCallback& callback) = 0;
+
+  // Create a V2 authenticator using either the paired secret or the PIN,
+  // depending on the contents of the initial message, |message|. Note that,
+  // since the client always initiates the pairing exchange, this method is
+  // only called on the host side. In particular, that means that it can be

[rmsousa, 2013/05/21 23:17:07]

So, should this be in PairingHostAuthentciator?

[Jamie, 2013/05/22 00:19:14]

Done.

+  // synchronous, since there is never a need to prompt the user for the PIN.
+  virtual scoped_ptr<Authenticator> CreateV2AuthenticatorFromInitialMessage(
+      const buzz::XmlElement* message) = 0;
+
+  // Amend a protocol message, for example to add client- or host-specific

[rmsousa, 2013/05/21 23:17:07]

Nit: Not sure I'd call it a "protocol message". Authenticator message?

[Jamie, 2013/05/22 00:19:14]

Done.

+  // elements to it.
+  virtual void AmendProtocolMessage(buzz::XmlElement* message) = 0;

[rmsousa, 2013/05/21 23:17:07]

Nit: I'd go with AddPairingElements, for consistency with AddTokenElements.

[Jamie, 2013/05/22 00:19:14]

Done.

+
+  // A non-fatal error message that derived classes should set in order to
+  // cause the peer to be notified that pairing has failed and that it should
+  // fall back on PIN authentication. This string need not be human-readable.
+  std::string error_message_;

[rmsousa, 2013/05/21 23:17:07]

Nit: define a few enum-like string constants for the error messages that have
meaning.

[Jamie, 2013/05/22 00:19:14]

I'm not sure there's any value in that, and I don't want to create the mistaken
impression that these error strings have any semantic meaning. I've updated the
comment on |error_message_| to make that explicit.

+
+  // The underlying V2 authenticator, created with either the PIN or the
+  // Paired Secret by the derived class.
+  scoped_ptr<Authenticator> v2_authenticator_;
+
+  // Derived classes must set this to True if the underlying authenticator is
+  // using the Paired Secret.
+  bool using_paired_secret_;
+
+  static const buzz::StaticQName kPairingInfoTag;
+  static const buzz::StaticQName kClientIdAttribute;
+
+ private:
+  void MaybeAddErrorMessage(buzz::XmlElement* message);
+  bool HasErrorMessage(const buzz::XmlElement* message) const;
+  void CheckForFailedSpakeExchange(const base::Closure& resume_callback);
+  void SetAuthenticator(const base::Closure& resume_callback,
+                        scoped_ptr<Authenticator> authenticator);
+  void SetAuthenticatorAndProcessMessage(
+      const buzz::XmlElement* message,
+      const base::Closure& resume_callback,
+      scoped_ptr<Authenticator> authenticator);
+
+  // Set to true if a PIN-based authenticator has been requested but has not
+  // yet been set.
+  bool waiting_for_authenticator_;
+
+  base::WeakPtrFactory<PairingAuthenticatorBase> weak_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(PairingAuthenticatorBase);
+};
+
+}  // namespace protocol
+}  // namespace remoting
+
+#endif  // REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_H_