Index: remoting/protocol/token_validator.h |
diff --git a/remoting/protocol/token_validator.h b/remoting/protocol/token_validator.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..70540c77418af93ecb06edeced2d0b9aa3f58e58 |
--- /dev/null |
+++ b/remoting/protocol/token_validator.h |
@@ -0,0 +1,65 @@ |
+// Copyright 2014 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#ifndef REMOTING_PROTOCOL_TOKEN_VALIDATOR_H_ |
+#define REMOTING_PROTOCOL_TOKEN_VALIDATOR_H_ |
+ |
+#include <string> |
+ |
+#include "base/callback.h" |
+#include "base/memory/scoped_ptr.h" |
+#include "url/gurl.h" |
+ |
+namespace remoting { |
+ |
+class RsaKeyPair; |
+ |
+namespace protocol { |
+ |
+// The |TokenValidator| encapsulates the parameters to be sent to the client |
+// to obtain a token, and the method to validate that token and obtain the |
+// shared secret for the connection. |
+class TokenValidator { |
+ public: |
+ // Callback passed to |ValidateThirdPartyToken|, and called once the host |
+ // authentication finishes. |shared_secret| should be used by the host to |
+ // create a V2Authenticator. In case of failure, the callback is called with |
+ // an empty |shared_secret|. |
+ typedef base::Callback<void( |
+ const std::string& shared_secret)> TokenValidatedCallback; |
+ |
+ virtual ~TokenValidator() {} |
+ |
+ // Validates |token| with the server and exchanges it for a |shared_secret|. |
+ // |token_validated_callback| is called when the host authentication ends, |
+ // in the same thread |ValidateThirdPartyToken| was originally called. |
+ // The request is canceled if this object is destroyed. |
+ virtual void ValidateThirdPartyToken( |
+ const std::string& token, |
+ const TokenValidatedCallback& token_validated_callback) = 0; |
+ |
+ // URL sent to the client, to be used by its |TokenFetcher| to get a token. |
+ virtual const GURL& token_url() const = 0; |
+ |
+ // Space-separated list of connection attributes the host must send to the |
+ // client, and require the token received in response to match. |
+ virtual const std::string& token_scope() const = 0; |
+}; |
+ |
+// Factory for |TokenValidator|. |
+class TokenValidatorFactory { |
+ public: |
+ virtual ~TokenValidatorFactory() {} |
+ |
+ // Creates a TokenValidator. |local_jid| and |remote_jid| are used to create |
+ // a token scope that is restricted to the current connection's JIDs. |
+ virtual scoped_ptr<TokenValidator> CreateTokenValidator( |
+ const std::string& local_jid, |
+ const std::string& remote_jid) = 0; |
+}; |
+ |
+} // namespace protocol |
+} // namespace remoting |
+ |
+#endif // REMOTING_PROTOCOL_TOKEN_VALIDATOR_H_ |