Chromium Code Reviews Chromium Code Reviews
Issue 14793021:
PairingAuthenticator implementation and plumbing. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: remoting/protocol/pairing_authenticator_base.cc |
| diff --git a/remoting/protocol/pairing_authenticator_base.cc b/remoting/protocol/pairing_authenticator_base.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..e6dae3b5799068e39efa38837df1d38923dbe2ac |
| --- /dev/null |
| +++ b/remoting/protocol/pairing_authenticator_base.cc |
| @@ -0,0 +1,159 @@ |
| +// Copyright 2013 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "remoting/protocol/pairing_authenticator_base.h" |
| + |
| +#include "base/bind.h" |
| +#include "remoting/base/constants.h" |
| +#include "remoting/protocol/channel_authenticator.h" |
| + |
| +namespace remoting { |
| +namespace protocol { |
| + |
| +const buzz::StaticQName PairingAuthenticatorBase::kPairingInfoTag = |
| + { kChromotingXmlNamespace, "pairing-info" }; |
| +const buzz::StaticQName PairingAuthenticatorBase::kClientIdAttribute = |
| + { "", "client-id" }; |
| + |
| +namespace { |
| +const buzz::StaticQName kPairingFailedTag = |
| + { kChromotingXmlNamespace, "pairing-failed" }; |
| +const buzz::StaticQName kPairingErrorAttribute = { "", "error" }; |
| +} // namespace |
| + |
|
Wez
2013/05/22 00:51:45
nit: Remove the extra blank line.
Jamie
2013/05/22 01:16:46
Done.
|
| + |
| +PairingAuthenticatorBase::PairingAuthenticatorBase() |
| + : using_paired_secret_(false), |
| + waiting_for_authenticator_(false), |
| + weak_factory_(this) { |
| +} |
| + |
| +Authenticator::State PairingAuthenticatorBase::state() const { |
| + if (waiting_for_authenticator_) { |
| + return PROCESSING_MESSAGE; |
| + } |
| + return v2_authenticator_->state(); |
| +} |
| + |
| +Authenticator::RejectionReason |
| +PairingAuthenticatorBase::rejection_reason() const { |
| + if (!v2_authenticator_) { |
| + return PROTOCOL_ERROR; |
| + } |
| + return v2_authenticator_->rejection_reason(); |
| +} |
| + |
| +void PairingAuthenticatorBase::ProcessMessage( |
| + const buzz::XmlElement* message, |
| + const base::Closure& resume_callback) { |
| + DCHECK_EQ(state(), WAITING_MESSAGE); |
| + |
| + // The client authenticator creates the underlying authenticator in the ctor |
| + // and the host creates it in response to the first message before deferring |
| + // to this class to process it. Either way, it should exist here. |
| + DCHECK(v2_authenticator_); |
| + |
| + // If pairing failed, and we haven't already done so, try again with the PIN. |
| + if (using_paired_secret_ && HasErrorMessage(message)) { |
| + using_paired_secret_ = false; |
| + waiting_for_authenticator_ = true; |
| + v2_authenticator_.reset(); |
| + SetAuthenticatorCallback set_authenticator = base::Bind( |
| + &PairingAuthenticatorBase::SetAuthenticatorAndProcessMessage, |
| + weak_factory_.GetWeakPtr(), base::Owned(new buzz::XmlElement(*message)), |
| + resume_callback); |
| + CreateV2AuthenticatorWithPIN(WAITING_MESSAGE, set_authenticator); |
| + return; |
| + } |
| + |
| + // Pass the message to the underlying authenticator for processing, but |
| + // check for a failed SPAKE exchange if we're using the paired secret. In |
| + // this case the pairing protocol can continue by communicating the error |
| + // to the peer and retrying with the PIN. |
| + v2_authenticator_->ProcessMessage( |
| + message, |
| + base::Bind(&PairingAuthenticatorBase::CheckForFailedSpakeExchange, |
| + weak_factory_.GetWeakPtr(), resume_callback)); |
| +} |
| + |
| +scoped_ptr<buzz::XmlElement> PairingAuthenticatorBase::GetNextMessage() { |
| + DCHECK_EQ(state(), MESSAGE_READY); |
| + scoped_ptr<buzz::XmlElement> result = v2_authenticator_->GetNextMessage(); |
| + AddPairingElements(result.get()); |
| + MaybeAddErrorMessage(result.get()); |
| + return result.Pass(); |
| +} |
| + |
| +scoped_ptr<ChannelAuthenticator> |
| +PairingAuthenticatorBase::CreateChannelAuthenticator() const { |
| + return v2_authenticator_->CreateChannelAuthenticator(); |
| +} |
| + |
| +void PairingAuthenticatorBase::MaybeAddErrorMessage(buzz::XmlElement* message) { |
| + if (!error_message_.empty()) { |
| + buzz::XmlElement* pairing_failed_tag = |
| + new buzz::XmlElement(kPairingFailedTag); |
| + pairing_failed_tag->AddAttr(kPairingErrorAttribute, error_message_); |
| + message->AddElement(pairing_failed_tag); |
| + error_message_.clear(); |
| + } |
| +} |
| + |
| +bool PairingAuthenticatorBase::HasErrorMessage( |
| + const buzz::XmlElement* message) const { |
| + const buzz::XmlElement* pairing_failed_tag = |
| + message->FirstNamed(kPairingFailedTag); |
| + if (pairing_failed_tag) { |
| + // If pairing failed, and we haven't already done so, prompt the |
| + // user for the PIN and try again. |
|
Wez
2013/05/22 00:51:45
This comment doesn't describe the code that follow
Jamie
2013/05/22 01:16:46
It's a remnant from where this code used to live.
|
| + std::string error = pairing_failed_tag->Attr(kPairingErrorAttribute); |
| + LOG(INFO) << "Pairing failed: " << error; |
| + } |
| + return pairing_failed_tag != NULL; |
| +} |
| + |
| +void PairingAuthenticatorBase::CheckForFailedSpakeExchange( |
| + const base::Closure& resume_callback) { |
| + // If the SPAKE exchange failed due to invalid credentials, and those |
| + // credentials were the paired secret, then notify the peer that the |
| + // PIN-less connection failed and retry using the PIN. |
| + if (v2_authenticator_->state() == REJECTED && |
| + v2_authenticator_->rejection_reason() == INVALID_CREDENTIALS && |
| + using_paired_secret_) { |
| + using_paired_secret_ = false; |
| + error_message_ = "invalid-shared-secret"; |
| + v2_authenticator_.reset(); |
| + SetAuthenticatorCallback set_authenticator = base::Bind( |
| + &PairingAuthenticatorBase::SetAuthenticator, |
| + weak_factory_.GetWeakPtr(), resume_callback); |
| + CreateV2AuthenticatorWithPIN(MESSAGE_READY, set_authenticator); |
| + return; |
| + } |
| + |
| + resume_callback.Run(); |
| +} |
| + |
| +void PairingAuthenticatorBase::SetAuthenticator( |
| + const base::Closure& resume_callback, |
| + scoped_ptr<Authenticator> authenticator) { |
| + DCHECK(!v2_authenticator_); |
| + DCHECK(authenticator); |
| + waiting_for_authenticator_ = false; |
| + v2_authenticator_ = authenticator.Pass(); |
| + resume_callback.Run(); |
| +} |
| + |
| +void PairingAuthenticatorBase::SetAuthenticatorAndProcessMessage( |
|
Wez
2013/05/22 00:51:45
nit: Couldn't you fold this and SetAuthenticator t
Jamie
2013/05/22 01:16:46
Done.
|
| + const buzz::XmlElement* message, |
| + const base::Closure& resume_callback, |
| + scoped_ptr<Authenticator> authenticator) { |
| + DCHECK(!v2_authenticator_); |
| + DCHECK(authenticator); |
| + waiting_for_authenticator_ = false; |
| + v2_authenticator_ = authenticator.Pass(); |
| + ProcessMessage(message, resume_callback); |
| +} |
| + |
| +} // namespace protocol |
| +} // namespace remoting |
