OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_BASE_H_ | |
6 #define REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_BASE_H_ | |
7 | |
8 #include "base/memory/weak_ptr.h" | |
9 #include "remoting/protocol/authenticator.h" | |
10 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h" | |
11 | |
12 namespace remoting { | |
13 namespace protocol { | |
14 | |
15 // The pairing authenticator builds on top of V2Authenticator to add | |
16 // support for PIN-less authentication via device pairing: | |
17 // | |
18 // * If a client device is already paired, it includes a Client Id in | |
19 // the initial authentication message. | |
rmsousa
2013/05/21 23:17:07
it includes a client id and the first SPAKE messag
Jamie
2013/05/22 00:19:14
Done.
| |
20 // * If the host recognizes the Client Id, it looks up the corresponding | |
21 // Paired Secret and initiates a SPAKE with HMAC_SHA256. | |
rmsousa
2013/05/21 23:17:07
processes the incoming spake message.
Jamie
2013/05/22 00:19:14
Done. I've also added a comment to describe the fa
| |
22 // * If it does not recognize the Client Id, it initiates a SPAKE exchange | |
23 // with HMAC_SHA256 using the PIN as the shared secret. The initial | |
24 // message of this exchange includes an an error message, which | |
25 // informs the client that the PIN-less connection failed and causes | |
26 // it to prompt the user for a PIN to use for authentication | |
27 // instead. | |
28 // | |
29 // If a client device is not already paired, but supports pairing, then | |
30 // the V2Authenticator is used instead of this class. Only the method name | |
31 // differs, which the client uses to determine that pairing should be offered | |
32 // to the user. | |
rmsousa
2013/05/21 23:17:07
Nit: (see Negotiating{Client,Host}Authenticator::C
Jamie
2013/05/22 00:19:14
Done.
| |
33 class PairingAuthenticatorBase : public Authenticator { | |
34 public: | |
35 PairingAuthenticatorBase(); | |
36 virtual ~PairingAuthenticatorBase() {} | |
37 | |
38 // Authenticator interface. | |
39 virtual State state() const OVERRIDE; | |
40 virtual RejectionReason rejection_reason() const OVERRIDE; | |
41 virtual void ProcessMessage(const buzz::XmlElement* message, | |
42 const base::Closure& resume_callback) OVERRIDE; | |
43 virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE; | |
44 virtual scoped_ptr<ChannelAuthenticator> | |
45 CreateChannelAuthenticator() const OVERRIDE; | |
46 | |
47 typedef base::Callback<void(scoped_ptr<Authenticator> authenticator)> | |
48 SetAuthenticatorCallback; | |
49 | |
50 protected: | |
51 // Create a V2 authenticator in the specified state, prompting the user for | |
52 // the PIN first if necessary. | |
53 virtual void CreateV2AuthenticatorWithPIN( | |
54 State initial_state, | |
55 const SetAuthenticatorCallback& callback) = 0; | |
56 | |
57 // Create a V2 authenticator using either the paired secret or the PIN, | |
58 // depending on the contents of the initial message, |message|. Note that, | |
59 // since the client always initiates the pairing exchange, this method is | |
60 // only called on the host side. In particular, that means that it can be | |
rmsousa
2013/05/21 23:17:07
So, should this be in PairingHostAuthentciator?
Jamie
2013/05/22 00:19:14
Done.
| |
61 // synchronous, since there is never a need to prompt the user for the PIN. | |
62 virtual scoped_ptr<Authenticator> CreateV2AuthenticatorFromInitialMessage( | |
63 const buzz::XmlElement* message) = 0; | |
64 | |
65 // Amend a protocol message, for example to add client- or host-specific | |
rmsousa
2013/05/21 23:17:07
Nit: Not sure I'd call it a "protocol message". Au
Jamie
2013/05/22 00:19:14
Done.
| |
66 // elements to it. | |
67 virtual void AmendProtocolMessage(buzz::XmlElement* message) = 0; | |
rmsousa
2013/05/21 23:17:07
Nit: I'd go with AddPairingElements, for consisten
Jamie
2013/05/22 00:19:14
Done.
| |
68 | |
69 // A non-fatal error message that derived classes should set in order to | |
70 // cause the peer to be notified that pairing has failed and that it should | |
71 // fall back on PIN authentication. This string need not be human-readable. | |
72 std::string error_message_; | |
rmsousa
2013/05/21 23:17:07
Nit: define a few enum-like string constants for t
Jamie
2013/05/22 00:19:14
I'm not sure there's any value in that, and I don'
| |
73 | |
74 // The underlying V2 authenticator, created with either the PIN or the | |
75 // Paired Secret by the derived class. | |
76 scoped_ptr<Authenticator> v2_authenticator_; | |
77 | |
78 // Derived classes must set this to True if the underlying authenticator is | |
79 // using the Paired Secret. | |
80 bool using_paired_secret_; | |
81 | |
82 static const buzz::StaticQName kPairingInfoTag; | |
83 static const buzz::StaticQName kClientIdAttribute; | |
84 | |
85 private: | |
86 void MaybeAddErrorMessage(buzz::XmlElement* message); | |
87 bool HasErrorMessage(const buzz::XmlElement* message) const; | |
88 void CheckForFailedSpakeExchange(const base::Closure& resume_callback); | |
89 void SetAuthenticator(const base::Closure& resume_callback, | |
90 scoped_ptr<Authenticator> authenticator); | |
91 void SetAuthenticatorAndProcessMessage( | |
92 const buzz::XmlElement* message, | |
93 const base::Closure& resume_callback, | |
94 scoped_ptr<Authenticator> authenticator); | |
95 | |
96 // Set to true if a PIN-based authenticator has been requested but has not | |
97 // yet been set. | |
98 bool waiting_for_authenticator_; | |
99 | |
100 base::WeakPtrFactory<PairingAuthenticatorBase> weak_factory_; | |
101 | |
102 DISALLOW_COPY_AND_ASSIGN(PairingAuthenticatorBase); | |
103 }; | |
104 | |
105 } // namespace protocol | |
106 } // namespace remoting | |
107 | |
108 #endif // REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_H_ | |
OLD | NEW |