PairingAuthenticator implementation and plumbing.

remoting/protocol/pairing_host_authenticator.h

Index: remoting/protocol/pairing_host_authenticator.h
diff --git a/remoting/protocol/pairing_host_authenticator.h b/remoting/protocol/pairing_host_authenticator.h
new file mode 100644
index 0000000000000000000000000000000000000000..d0638773f186444fb17863a5b835d3c07cd65b55
--- /dev/null
+++ b/remoting/protocol/pairing_host_authenticator.h
@@ -0,0 +1,63 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef REMOTING_PROTOCOL_PAIRING_HOST_AUTHENTICATOR_H_
+#define REMOTING_PROTOCOL_PAIRING_HOST_AUTHENTICATOR_H_
+
+#include "remoting/protocol/authenticator.h"
+
+namespace remoting {
+
+class RsaKeyPair;
+
+namespace protocol {
+
+class V2Authenticator;
+class PairingRegistry;
+
+// PairingAuthenticator builds on top of V2Authenticator to add support for
+// PIN-less authentication via device pairing. If a client device is already
+// paired, it includes a client id in the initial authentication message.
+// If the host recognizes the id, it looks up the corresponding shared secret
+// to authenticate the client. If it does not recognize the id, it sends an
+// error message to the client, which will prompt the user for a PIN to use
+// for authentication instead. In either case, the V2Authenticator is used

[rmsousa, 2013/05/15 01:25:16]

Please elaborate on how the V2Authenticator is used (i.e. which side sends the
first V2 message, and when, for either case).

Also, please describe how it works when the client does not have a client_id.

[rmsousa, 2013/05/15 01:25:16]

V2Authenticator with HMAC_SHA256 hashing.

[Jamie, 2013/05/15 23:41:08]

I've spelled out the protocol in more detail. LMKWYT.

[Jamie, 2013/05/15 23:41:08]

Done.

+// for authentication.
+class PairingHostAuthenticator : public Authenticator {
+ public:
+  PairingHostAuthenticator(
+      scoped_refptr<PairingRegistry> pairing_registry,
+      const std::string& local_cert,
+      scoped_refptr<RsaKeyPair> key_pair,
+      const std::string& shared_secret,
+      State initial_state);
+  virtual ~PairingHostAuthenticator() {}
+
+  // Authenticator interface.
+  virtual State state() const OVERRIDE;
+  virtual RejectionReason rejection_reason() const OVERRIDE;
+  virtual void ProcessMessage(const buzz::XmlElement* message,
+                              const base::Closure& resume_callback) OVERRIDE;
+  virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE;
+  virtual scoped_ptr<ChannelAuthenticator>
+      CreateChannelAuthenticator() const OVERRIDE;
+
+ private:
+  void CreateV2AuthenticatorWithPIN();
+
+  scoped_refptr<PairingRegistry> pairing_registry_;
+  std::string local_cert_;
+  scoped_refptr<RsaKeyPair> key_pair_;
+  const std::string& shared_secret_;
+  State initial_state_;
+  scoped_ptr<Authenticator> v2_authenticator_;
+  std::string error_message_;
+
+  DISALLOW_COPY_AND_ASSIGN(PairingHostAuthenticator);
+};
+
+}  // namespace protocol
+}  // namespace remoting
+
+#endif  // REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_H_