OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef REMOTING_PROTOCOL_PAIRING_CLIENT_AUTHENTICATOR_H_ | |
6 #define REMOTING_PROTOCOL_PAIRING_CLIENT_AUTHENTICATOR_H_ | |
7 | |
8 #include "base/memory/weak_ptr.h" | |
9 #include "remoting/protocol/authenticator.h" | |
10 | |
11 namespace remoting { | |
12 | |
13 class RsaKeyPair; | |
14 | |
15 namespace protocol { | |
16 | |
17 class Authenticator; | |
18 | |
19 typedef base::Callback<void(const std::string& secret)> SecretFetchedCallback; | |
20 typedef base::Callback<void( | |
21 const SecretFetchedCallback& secret_fetched_callback)> FetchSecretCallback; | |
22 | |
23 // PairingClientAuthenticator builds on top of V2Authenticator to add | |
24 // support for PIN-less authentication via device pairing: | |
25 // | |
26 // * If a client device is already paired, it includes a client id in | |
27 // the initial authentication message. | |
28 // * If the host recognizes the id, it looks up the corresponding | |
29 // shared secret and the rest of the protocol is host-initiated | |
30 // SPAKE with HMAC_SHA256. | |
31 // * If it does not recognize the id, it sends an error message to | |
32 // the client, which will prompt the user for a PIN to use for | |
33 // authentication instead. In this case, the rest of the procotol | |
34 // is client-initiated SPAKE with HMAC_SHA256. | |
35 // | |
36 // If a client device is not already paired, but supports pairing, it | |
37 // sends an empty initial authentication message. In this case, the | |
38 // authenticator behaves exactly like the V2Authenticator with | |
39 // HMAC_SHA256--only the protocol type differs, which the client uses | |
rmsousa
2013/05/16 00:46:25
nit: s/protocol type/method name/
Jamie
2013/05/16 19:30:16
Done.
| |
40 // to detect that pairing should be offered to the user. | |
41 class PairingClientAuthenticator : public Authenticator { | |
42 public: | |
43 PairingClientAuthenticator( | |
44 const std::string& client_id, | |
45 const std::string& shared_secret, | |
46 const FetchSecretCallback& fetch_secret_callback, | |
47 const std::string& authentication_tag); | |
48 virtual ~PairingClientAuthenticator() {} | |
49 | |
50 // Authenticator interface. | |
51 virtual State state() const OVERRIDE; | |
52 virtual RejectionReason rejection_reason() const OVERRIDE; | |
53 virtual void ProcessMessage(const buzz::XmlElement* message, | |
54 const base::Closure& resume_callback) OVERRIDE; | |
55 virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE; | |
56 virtual scoped_ptr<ChannelAuthenticator> | |
57 CreateChannelAuthenticator() const OVERRIDE; | |
58 | |
59 private: | |
60 void CreateV2AuthenticatorWithSecret(const base::Closure& resume_callback, | |
61 const std::string& secret); | |
62 | |
63 // |pairing_state_| indicates the progress of the initial pairing client | |
64 // id exchange. MESSAGE_READY, WAITING_MESSAGE and PROCESSING_MESSAGE map | |
65 // directly to the corresponding return value from the |state| method (the | |
66 // latter means that the user is being prompted for the PIN). ACCEPTED and | |
67 // REJECTED mean that the client id exchange is complete and succeeded or | |
68 // failed, respectively. Currently, no distinction is made between these | |
69 // two states--in either case the underlying v2 authenticator has been | |
70 // created and holds the state of the overall auth exchange. | |
71 State pairing_state_; | |
72 | |
73 std::string client_id_; | |
74 const std::string& shared_secret_; | |
75 FetchSecretCallback fetch_secret_callback_; | |
76 std::string authentication_tag_; | |
77 State initial_state_; | |
78 scoped_ptr<Authenticator> v2_authenticator_; | |
79 bool pairing_failed_; | |
80 base::WeakPtrFactory<PairingClientAuthenticator> weak_factory_; | |
81 | |
82 DISALLOW_COPY_AND_ASSIGN(PairingClientAuthenticator); | |
83 }; | |
84 | |
85 } // namespace protocol | |
86 } // namespace remoting | |
87 | |
88 #endif // REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_H_ | |
OLD | NEW |