OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef REMOTING_PROTOCOL_THIRD_PARTY_HOST_AUTHENTICATOR_H_ | 5 #ifndef REMOTING_PROTOCOL_THIRD_PARTY_HOST_AUTHENTICATOR_H_ |
6 #define REMOTING_PROTOCOL_THIRD_PARTY_HOST_AUTHENTICATOR_H_ | 6 #define REMOTING_PROTOCOL_THIRD_PARTY_HOST_AUTHENTICATOR_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/callback.h" | 10 #include "base/callback.h" |
11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
12 #include "remoting/protocol/third_party_authenticator_base.h" | 12 #include "remoting/protocol/third_party_authenticator_base.h" |
13 #include "url/gurl.h" | |
14 | 13 |
15 namespace remoting { | 14 namespace remoting { |
16 | 15 |
17 class RsaKeyPair; | 16 class RsaKeyPair; |
18 | 17 |
19 namespace protocol { | 18 namespace protocol { |
20 | 19 |
| 20 class TokenValidator; |
| 21 |
21 // Implements the host side of the third party authentication mechanism. | 22 // Implements the host side of the third party authentication mechanism. |
22 // The host authenticator sends the |token_url| and |scope| obtained from the | 23 // The host authenticator sends the |token_url| and |scope| obtained from the |
23 // |TokenValidator| to the client, and expects a |token| in response. | 24 // |TokenValidator| to the client, and expects a |token| in response. |
24 // Once that token is received, it calls |TokenValidator| asynchronously to | 25 // Once that token is received, it calls |TokenValidator| asynchronously to |
25 // validate it, and exchange it for a |shared_secret|. Once the |TokenValidator| | 26 // validate it, and exchange it for a |shared_secret|. Once the |TokenValidator| |
26 // returns, the host uses the |shared_secret| to create an underlying | 27 // returns, the host uses the |shared_secret| to create an underlying |
27 // |V2Authenticator|, which is used to establish the encrypted connection. | 28 // |V2Authenticator|, which is used to establish the encrypted connection. |
28 class ThirdPartyHostAuthenticator : public ThirdPartyAuthenticatorBase { | 29 class ThirdPartyHostAuthenticator : public ThirdPartyAuthenticatorBase { |
29 public: | 30 public: |
30 class TokenValidator { | |
31 public: | |
32 // Callback passed to |ValidateThirdPartyToken|, and called once the host | |
33 // authentication finishes. |shared_secret| should be used by the host to | |
34 // create a V2Authenticator. In case of failure, the callback is called with | |
35 // an empty |shared_secret|. | |
36 typedef base::Callback<void( | |
37 const std::string& shared_secret)> TokenValidatedCallback; | |
38 | |
39 virtual ~TokenValidator() {} | |
40 | |
41 // Validates |token| with the server and exchanges it for a |shared_secret|. | |
42 // |token_validated_callback| is called when the host authentication ends, | |
43 // in the same thread |ValidateThirdPartyToken| was originally called. | |
44 // The request is canceled if this object is destroyed. | |
45 virtual void ValidateThirdPartyToken( | |
46 const std::string& token, | |
47 const TokenValidatedCallback& token_validated_callback) = 0; | |
48 | |
49 // URL sent to the client, to be used by its |TokenFetcher| to get a token. | |
50 virtual const GURL& token_url() const = 0; | |
51 | |
52 // Space-separated list of connection attributes the host must send to the | |
53 // client, and require the token received in response to match. | |
54 virtual const std::string& token_scope() const = 0; | |
55 }; | |
56 | |
57 class TokenValidatorFactory { | |
58 public: | |
59 virtual ~TokenValidatorFactory() {} | |
60 | |
61 // Creates a TokenValidator. |local_jid| and |remote_jid| are used to create | |
62 // a token scope that is restricted to the current connection's JIDs. | |
63 virtual scoped_ptr<TokenValidator> CreateTokenValidator( | |
64 const std::string& local_jid, | |
65 const std::string& remote_jid) = 0; | |
66 }; | |
67 | |
68 // Creates a third-party host authenticator. |local_cert| and |key_pair| are | 31 // Creates a third-party host authenticator. |local_cert| and |key_pair| are |
69 // used by the underlying V2Authenticator to create the SSL channels. | 32 // used by the underlying V2Authenticator to create the SSL channels. |
70 // |token_validator| contains the token parameters to be sent to the client | 33 // |token_validator| contains the token parameters to be sent to the client |
71 // and is used to obtain the shared secret. | 34 // and is used to obtain the shared secret. |
72 ThirdPartyHostAuthenticator(const std::string& local_cert, | 35 ThirdPartyHostAuthenticator(const std::string& local_cert, |
73 scoped_refptr<RsaKeyPair> key_pair, | 36 scoped_refptr<RsaKeyPair> key_pair, |
74 scoped_ptr<TokenValidator> token_validator); | 37 scoped_ptr<TokenValidator> token_validator); |
75 virtual ~ThirdPartyHostAuthenticator(); | 38 virtual ~ThirdPartyHostAuthenticator(); |
76 | 39 |
77 protected: | 40 protected: |
(...skipping 12 matching lines...) Expand all Loading... |
90 scoped_refptr<RsaKeyPair> key_pair_; | 53 scoped_refptr<RsaKeyPair> key_pair_; |
91 scoped_ptr<TokenValidator> token_validator_; | 54 scoped_ptr<TokenValidator> token_validator_; |
92 | 55 |
93 DISALLOW_COPY_AND_ASSIGN(ThirdPartyHostAuthenticator); | 56 DISALLOW_COPY_AND_ASSIGN(ThirdPartyHostAuthenticator); |
94 }; | 57 }; |
95 | 58 |
96 } // namespace protocol | 59 } // namespace protocol |
97 } // namespace remoting | 60 } // namespace remoting |
98 | 61 |
99 #endif // REMOTING_PROTOCOL_THIRD_PARTY_HOST_AUTHENTICATOR_H_ | 62 #endif // REMOTING_PROTOCOL_THIRD_PARTY_HOST_AUTHENTICATOR_H_ |
OLD | NEW |