| Index: remoting/protocol/negotiating_host_authenticator.cc
|
| diff --git a/remoting/protocol/negotiating_host_authenticator.cc b/remoting/protocol/negotiating_host_authenticator.cc
|
| index 8bcad2afcb4ac86f08ce5495d45d7f8e5cbe78b4..57277effcc92b67ccdeb553f94987bbe8eb80daa 100644
|
| --- a/remoting/protocol/negotiating_host_authenticator.cc
|
| +++ b/remoting/protocol/negotiating_host_authenticator.cc
|
| @@ -28,23 +28,33 @@ NegotiatingHostAuthenticator::NegotiatingHostAuthenticator(
|
| scoped_refptr<RsaKeyPair> key_pair)
|
| : NegotiatingAuthenticatorBase(WAITING_MESSAGE),
|
| local_cert_(local_cert),
|
| - local_key_pair_(key_pair) {
|
| + local_key_pair_(key_pair) {}
|
| +
|
| +// static
|
| +scoped_ptr<Authenticator> NegotiatingHostAuthenticator::CreateForIt2Me(
|
| + const std::string& local_cert,
|
| + scoped_refptr<RsaKeyPair> key_pair,
|
| + const std::string& access_code) {
|
| + scoped_ptr<NegotiatingHostAuthenticator> result(
|
| + new NegotiatingHostAuthenticator(local_cert, key_pair));
|
| + result->shared_secret_hash_ = access_code;
|
| + result->AddMethod(AuthenticationMethod::SPAKE2_SHARED_SECRET_PLAIN);
|
| + return std::move(result);
|
| }
|
|
|
| // static
|
| -scoped_ptr<Authenticator> NegotiatingHostAuthenticator::CreateWithSharedSecret(
|
| +scoped_ptr<Authenticator> NegotiatingHostAuthenticator::CreateWithPin(
|
| const std::string& local_cert,
|
| scoped_refptr<RsaKeyPair> key_pair,
|
| - const std::string& shared_secret_hash,
|
| - AuthenticationMethod::HashFunction hash_function,
|
| + const std::string& pin_hash,
|
| scoped_refptr<PairingRegistry> pairing_registry) {
|
| scoped_ptr<NegotiatingHostAuthenticator> result(
|
| new NegotiatingHostAuthenticator(local_cert, key_pair));
|
| - result->shared_secret_hash_ = shared_secret_hash;
|
| + result->shared_secret_hash_ = pin_hash;
|
| result->pairing_registry_ = pairing_registry;
|
| - result->AddMethod(AuthenticationMethod::Spake2(hash_function));
|
| + result->AddMethod(AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC);
|
| if (pairing_registry.get()) {
|
| - result->AddMethod(AuthenticationMethod::Spake2Pair());
|
| + result->AddMethod(AuthenticationMethod::SPAKE2_PAIR);
|
| }
|
| return std::move(result);
|
| }
|
| @@ -58,7 +68,7 @@ NegotiatingHostAuthenticator::CreateWithThirdPartyAuth(
|
| scoped_ptr<NegotiatingHostAuthenticator> result(
|
| new NegotiatingHostAuthenticator(local_cert, key_pair));
|
| result->token_validator_ = std::move(token_validator);
|
| - result->AddMethod(AuthenticationMethod::ThirdParty());
|
| + result->AddMethod(AuthenticationMethod::THIRD_PARTY);
|
| return std::move(result);
|
| }
|
|
|
| @@ -71,10 +81,11 @@ void NegotiatingHostAuthenticator::ProcessMessage(
|
| DCHECK_EQ(state(), WAITING_MESSAGE);
|
|
|
| std::string method_attr = message->Attr(kMethodAttributeQName);
|
| - AuthenticationMethod method = AuthenticationMethod::FromString(method_attr);
|
| + AuthenticationMethod method = ParseAuthenticationMethodString(method_attr);
|
|
|
| // If the host has already chosen a method, it can't be changed by the client.
|
| - if (current_method_.is_valid() && method != current_method_) {
|
| + if (current_method_ != AuthenticationMethod::INVALID &&
|
| + method != current_method_) {
|
| state_ = REJECTED;
|
| rejection_reason_ = PROTOCOL_ERROR;
|
| resume_callback.Run();
|
| @@ -84,9 +95,9 @@ void NegotiatingHostAuthenticator::ProcessMessage(
|
| // If the client did not specify a preferred auth method, or specified an
|
| // unknown or unsupported method, then select the first known method from
|
| // the supported-methods attribute.
|
| - if (!method.is_valid() ||
|
| + if (method == AuthenticationMethod::INVALID ||
|
| std::find(methods_.begin(), methods_.end(), method) == methods_.end()) {
|
| - method = AuthenticationMethod::Invalid();
|
| + method = AuthenticationMethod::INVALID;
|
|
|
| std::string supported_methods_attr =
|
| message->Attr(kSupportedMethodsAttributeQName);
|
| @@ -105,17 +116,17 @@ void NegotiatingHostAuthenticator::ProcessMessage(
|
| std::string(1, kSupportedMethodsSeparator),
|
| base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL)) {
|
| AuthenticationMethod list_value =
|
| - AuthenticationMethod::FromString(method_str);
|
| - if (list_value.is_valid() &&
|
| - std::find(methods_.begin(),
|
| - methods_.end(), list_value) != methods_.end()) {
|
| + ParseAuthenticationMethodString(method_str);
|
| + if (list_value != AuthenticationMethod::INVALID &&
|
| + std::find(methods_.begin(), methods_.end(), list_value) !=
|
| + methods_.end()) {
|
| // Found common method.
|
| method = list_value;
|
| break;
|
| }
|
| }
|
|
|
| - if (!method.is_valid()) {
|
| + if (method == AuthenticationMethod::INVALID) {
|
| // Failed to find a common auth method.
|
| state_ = REJECTED;
|
| rejection_reason_ = PROTOCOL_ERROR;
|
| @@ -134,7 +145,7 @@ void NegotiatingHostAuthenticator::ProcessMessage(
|
|
|
| // If the client specified a supported method, and the host hasn't chosen a
|
| // method yet, use the client's preferred method and process the message.
|
| - if (!current_method_.is_valid()) {
|
| + if (current_method_ == AuthenticationMethod::INVALID) {
|
| current_method_ = method;
|
| state_ = PROCESSING_MESSAGE;
|
| // Copy the message since the authenticator may process it asynchronously.
|
| @@ -156,16 +167,16 @@ scoped_ptr<buzz::XmlElement> NegotiatingHostAuthenticator::GetNextMessage() {
|
| void NegotiatingHostAuthenticator::CreateAuthenticator(
|
| Authenticator::State preferred_initial_state,
|
| const base::Closure& resume_callback) {
|
| - DCHECK(current_method_.is_valid());
|
| + DCHECK(current_method_ != AuthenticationMethod::INVALID);
|
|
|
| - if (current_method_.type() == AuthenticationMethod::THIRD_PARTY) {
|
| + if (current_method_ == AuthenticationMethod::THIRD_PARTY) {
|
| // |ThirdPartyHostAuthenticator| takes ownership of |token_validator_|.
|
| // The authentication method negotiation logic should guarantee that only
|
| // one |ThirdPartyHostAuthenticator| will need to be created per session.
|
| DCHECK(token_validator_);
|
| current_authenticator_.reset(new ThirdPartyHostAuthenticator(
|
| local_cert_, local_key_pair_, std::move(token_validator_)));
|
| - } else if (current_method_ == AuthenticationMethod::Spake2Pair() &&
|
| + } else if (current_method_ == AuthenticationMethod::SPAKE2_PAIR &&
|
| preferred_initial_state == WAITING_MESSAGE) {
|
| // If the client requested Spake2Pair and sent an initial message, attempt
|
| // the paired connection protocol.
|
| @@ -178,8 +189,10 @@ void NegotiatingHostAuthenticator::CreateAuthenticator(
|
| // Spake2Pair so that the client knows that the host supports pairing and
|
| // that it can therefore present the option to the user when they enter
|
| // the PIN.
|
| - DCHECK(current_method_.type() == AuthenticationMethod::SPAKE2 ||
|
| - current_method_.type() == AuthenticationMethod::SPAKE2_PAIR);
|
| + DCHECK(current_method_ ==
|
| + AuthenticationMethod::SPAKE2_SHARED_SECRET_PLAIN ||
|
| + current_method_ == AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC ||
|
| + current_method_ == AuthenticationMethod::SPAKE2_PAIR);
|
| current_authenticator_ = V2Authenticator::CreateForHost(
|
| local_cert_, local_key_pair_, shared_secret_hash_,
|
| preferred_initial_state);
|
|
|
Chromium Code Reviews
Issue 1755273003:
Simplify AuthenticationMethod type and PIN hash handling. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master