PairingAuthenticator implementation and plumbing.

remoting/protocol/pairing_client_authenticator.cc

Index: remoting/protocol/pairing_client_authenticator.cc
diff --git a/remoting/protocol/pairing_client_authenticator.cc b/remoting/protocol/pairing_client_authenticator.cc
new file mode 100644
index 0000000000000000000000000000000000000000..929e62822d5215a5a739b6bb3adea3c05e372aca
--- /dev/null
+++ b/remoting/protocol/pairing_client_authenticator.cc
@@ -0,0 +1,134 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "remoting/protocol/pairing_client_authenticator.h"
+
+#include "base/bind.h"
+#include "base/logging.h"
+#include "remoting/base/constants.h"
+#include "remoting/base/rsa_key_pair.h"
+#include "remoting/protocol/authentication_method.h"
+#include "remoting/protocol/channel_authenticator.h"
+#include "remoting/protocol/v2_authenticator.h"
+#include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
+
+namespace remoting {
+namespace protocol {
+
+namespace {
+// These definitions must be kept in sync with pairing_host_authenticator.cc.
+const buzz::StaticQName kPairingInfoTag =
+    { kChromotingXmlNamespace, "pairing-info" };
+const buzz::StaticQName kClientIdAttribute =
+    { "", "client-id" };
+const buzz::StaticQName kPairingFailedTag =
+    { kChromotingXmlNamespace, "pairing-failed" };
+const buzz::StaticQName kPairingErrorAttribute =
+    { "", "error" };
+}
+
+PairingClientAuthenticator::PairingClientAuthenticator(
+    const std::string& client_id,
+    const std::string& paired_secret,
+    const FetchSecretCallback& fetch_pin_callback,
+    const std::string& authentication_tag)
+    : pairing_state_(MESSAGE_READY),
+      client_id_(client_id),
+      paired_secret_(paired_secret),
+      fetch_pin_callback_(fetch_pin_callback),
+      authentication_tag_(authentication_tag),
+      pairing_failed_(false),
+      weak_factory_(this) {
+}
+
+Authenticator::State PairingClientAuthenticator::state() const {
+  if (pairing_state_ == ACCEPTED || pairing_state_ == REJECTED) {
+    DCHECK(v2_authenticator_);
+    return v2_authenticator_->state();
+  } else {
+    return pairing_state_;
+  }
+}
+
+Authenticator::RejectionReason
+PairingClientAuthenticator::rejection_reason() const {
+  DCHECK(v2_authenticator_);
+  return v2_authenticator_->rejection_reason();
+}
+
+void PairingClientAuthenticator::ProcessMessage(
+    const buzz::XmlElement* message,
+    const base::Closure& resume_callback) {
+  DCHECK_EQ(state(), WAITING_MESSAGE);
+
+  if (v2_authenticator_) {

[rmsousa, 2013/05/16 20:11:02]

This isn't really necessary, the else case below already handles this case. If
you want to keep this one for readability, you can remove the "if
(!v2_authenticator_)" below.

[Jamie, 2013/05/16 21:09:10]

I realized the same thing when I was implementing support for corrupt paired
secrets. It's gone now.

+    v2_authenticator_->ProcessMessage(message, resume_callback);
+    return;
+  }
+
+  const buzz::XmlElement* pairing_failed_tag =
+      message->FirstNamed(kPairingFailedTag);
+
+  if (pairing_failed_tag) {
+    // If pairing failed, prompt the user for the PIN and try again.
+    std::string error = pairing_failed_tag->Attr(kPairingErrorAttribute);
+    LOG(INFO) << "Pairing failed: " << error;
+    pairing_state_ = PROCESSING_MESSAGE;
+    SecretFetchedCallback callback = base::Bind(
+        &PairingClientAuthenticator::CreateV2AuthenticatorWithPIN,
+        weak_factory_.GetWeakPtr(), message, resume_callback);

[rmsousa, 2013/05/16 20:11:02]

Strange, I think passing a naked pointer here should have given you a compiler
warning/error.

In any case: message is owned by the caller, and is deleted as soon as this
method returns - by the time the callback comes in, that object is long gone.
You need to make a copy of it, owned by the callback: base::Owned(new
buzz::XmlElement(*message))

See
https://code.google.com/p/chromium/codesearch#chromium/src/remoting/protocol/...
for a very similar case.

[Jamie, 2013/05/16 21:09:10]

Done.

+    fetch_pin_callback_.Run(callback);
+    return;
+
+  } else {
+    // If it's not a pairing error message, create the V2 authenticator
+    // backed by the paired secret if it doesn't already exist, and let
+    // it process the message.
+    if (!v2_authenticator_) {
+      pairing_state_ = ACCEPTED;
+      v2_authenticator_ = V2Authenticator::CreateForClient(
+          paired_secret_, WAITING_MESSAGE);
+    }
+    v2_authenticator_->ProcessMessage(message, resume_callback);
+  }
+}
+
+scoped_ptr<buzz::XmlElement> PairingClientAuthenticator::GetNextMessage() {
+  DCHECK_EQ(state(), MESSAGE_READY);
+
+  // If the initial message has not yet been sent, return it now.
+  if (pairing_state_ == MESSAGE_READY) {
+    scoped_ptr<buzz::XmlElement> result = CreateEmptyAuthenticatorMessage();
+    buzz::XmlElement* pairing_tag = new buzz::XmlElement(kPairingInfoTag);
+    pairing_tag->AddAttr(kClientIdAttribute, client_id_);
+    result->AddElement(pairing_tag);
+    pairing_state_ = WAITING_MESSAGE;
+    return result.Pass();
+  }
+
+  // In all other cases, defer to the underlying authenticator.
+  DCHECK(v2_authenticator_);
+  return v2_authenticator_->GetNextMessage();
+}
+
+scoped_ptr<ChannelAuthenticator>
+PairingClientAuthenticator::CreateChannelAuthenticator() const {
+  return v2_authenticator_->CreateChannelAuthenticator();
+}
+
+void PairingClientAuthenticator::CreateV2AuthenticatorWithPIN(
+    const buzz::XmlElement* message,
+    const base::Closure& resume_callback,
+    const std::string& pin) {
+  pairing_state_ = REJECTED;
+  v2_authenticator_ = V2Authenticator::CreateForClient(
+      AuthenticationMethod::ApplyHashFunction(
+          AuthenticationMethod::HMAC_SHA256,
+          authentication_tag_, pin),
+      WAITING_MESSAGE);
+  ProcessMessage(message, resume_callback);
+}
+
+}  // namespace protocol
+}  // namespace remoting