Index: remoting/protocol/pairing_client_authenticator.h |
diff --git a/remoting/protocol/pairing_client_authenticator.h b/remoting/protocol/pairing_client_authenticator.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..0712c43e82aaa42b0bdf609cf7236d7a768927af |
--- /dev/null |
+++ b/remoting/protocol/pairing_client_authenticator.h |
@@ -0,0 +1,88 @@ |
+// Copyright 2013 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#ifndef REMOTING_PROTOCOL_PAIRING_CLIENT_AUTHENTICATOR_H_ |
+#define REMOTING_PROTOCOL_PAIRING_CLIENT_AUTHENTICATOR_H_ |
+ |
+#include "base/memory/weak_ptr.h" |
+#include "remoting/protocol/authenticator.h" |
+ |
+namespace remoting { |
+ |
+class RsaKeyPair; |
+ |
+namespace protocol { |
+ |
+class Authenticator; |
+ |
+typedef base::Callback<void(const std::string& secret)> SecretFetchedCallback; |
+typedef base::Callback<void( |
+ const SecretFetchedCallback& secret_fetched_callback)> FetchSecretCallback; |
+ |
+// PairingClientAuthenticator builds on top of V2Authenticator to add |
+// support for PIN-less authentication via device pairing: |
+// |
+// * If a client device is already paired, it includes a client id in |
+// the initial authentication message. |
+// * If the host recognizes the id, it looks up the corresponding |
+// shared secret and the rest of the protocol is host-initiated |
+// SPAKE with HMAC_SHA256. |
+// * If it does not recognize the id, it sends an error message to |
+// the client, which will prompt the user for a PIN to use for |
+// authentication instead. In this case, the rest of the procotol |
+// is client-initiated SPAKE with HMAC_SHA256. |
+// |
+// If a client device is not already paired, but supports pairing, it |
+// sends an empty initial authentication message. In this case, the |
+// authenticator behaves exactly like the V2Authenticator with |
+// HMAC_SHA256--only the protocol type differs, which the client uses |
rmsousa
2013/05/16 00:46:25
nit: s/protocol type/method name/
Jamie
2013/05/16 19:30:16
Done.
|
+// to detect that pairing should be offered to the user. |
+class PairingClientAuthenticator : public Authenticator { |
+ public: |
+ PairingClientAuthenticator( |
+ const std::string& client_id, |
+ const std::string& shared_secret, |
+ const FetchSecretCallback& fetch_secret_callback, |
+ const std::string& authentication_tag); |
+ virtual ~PairingClientAuthenticator() {} |
+ |
+ // Authenticator interface. |
+ virtual State state() const OVERRIDE; |
+ virtual RejectionReason rejection_reason() const OVERRIDE; |
+ virtual void ProcessMessage(const buzz::XmlElement* message, |
+ const base::Closure& resume_callback) OVERRIDE; |
+ virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE; |
+ virtual scoped_ptr<ChannelAuthenticator> |
+ CreateChannelAuthenticator() const OVERRIDE; |
+ |
+ private: |
+ void CreateV2AuthenticatorWithSecret(const base::Closure& resume_callback, |
+ const std::string& secret); |
+ |
+ // |pairing_state_| indicates the progress of the initial pairing client |
+ // id exchange. MESSAGE_READY, WAITING_MESSAGE and PROCESSING_MESSAGE map |
+ // directly to the corresponding return value from the |state| method (the |
+ // latter means that the user is being prompted for the PIN). ACCEPTED and |
+ // REJECTED mean that the client id exchange is complete and succeeded or |
+ // failed, respectively. Currently, no distinction is made between these |
+ // two states--in either case the underlying v2 authenticator has been |
+ // created and holds the state of the overall auth exchange. |
+ State pairing_state_; |
+ |
+ std::string client_id_; |
+ const std::string& shared_secret_; |
+ FetchSecretCallback fetch_secret_callback_; |
+ std::string authentication_tag_; |
+ State initial_state_; |
+ scoped_ptr<Authenticator> v2_authenticator_; |
+ bool pairing_failed_; |
+ base::WeakPtrFactory<PairingClientAuthenticator> weak_factory_; |
+ |
+ DISALLOW_COPY_AND_ASSIGN(PairingClientAuthenticator); |
+}; |
+ |
+} // namespace protocol |
+} // namespace remoting |
+ |
+#endif // REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_H_ |