Chromium Code Reviews Chromium Code Reviews
Issue 1770923002:
Remove dependency on V2Authenticator from ThirdParty and pairing authenticators. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/protocol/pairing_authenticator_base.h" | 5 #include "remoting/protocol/pairing_authenticator_base.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "remoting/base/constants.h" | 10 #include "remoting/base/constants.h" |
| 11 #include "remoting/protocol/channel_authenticator.h" | 11 #include "remoting/protocol/channel_authenticator.h" |
| 12 | 12 |
| 13 namespace remoting { | 13 namespace remoting { |
| 14 namespace protocol { | 14 namespace protocol { |
| 15 | 15 |
| 16 const buzz::StaticQName PairingAuthenticatorBase::kPairingInfoTag = | 16 const buzz::StaticQName PairingAuthenticatorBase::kPairingInfoTag = |
| 17 { kChromotingXmlNamespace, "pairing-info" }; | 17 { kChromotingXmlNamespace, "pairing-info" }; |
| 18 const buzz::StaticQName PairingAuthenticatorBase::kClientIdAttribute = | 18 const buzz::StaticQName PairingAuthenticatorBase::kClientIdAttribute = |
| 19 { "", "client-id" }; | 19 { "", "client-id" }; |
| 20 | 20 |
| 21 namespace { | 21 namespace { |
| 22 const buzz::StaticQName kPairingFailedTag = | 22 const buzz::StaticQName kPairingFailedTag = |
| 23 { kChromotingXmlNamespace, "pairing-failed" }; | 23 { kChromotingXmlNamespace, "pairing-failed" }; |
| 24 const buzz::StaticQName kPairingErrorAttribute = { "", "error" }; | 24 const buzz::StaticQName kPairingErrorAttribute = { "", "error" }; |
| 25 } // namespace | 25 } // namespace |
| 26 | 26 |
| 27 PairingAuthenticatorBase::PairingAuthenticatorBase() | 27 PairingAuthenticatorBase::PairingAuthenticatorBase() : weak_factory_(this) {} |
| 28 : using_paired_secret_(false), | 28 PairingAuthenticatorBase::~PairingAuthenticatorBase() {} |
| 29 waiting_for_authenticator_(false), | |
| 30 weak_factory_(this) { | |
| 31 } | |
| 32 | |
| 33 PairingAuthenticatorBase::~PairingAuthenticatorBase() { | |
| 34 } | |
| 35 | 29 |
| 36 Authenticator::State PairingAuthenticatorBase::state() const { | 30 Authenticator::State PairingAuthenticatorBase::state() const { |
| 37 if (waiting_for_authenticator_) { | 31 return spake2_authenticator_->state(); |
|
Jamie
2016/03/07 21:40:18
Either DCHECK that the authenticator is not null,
Sergey Ulanov
2016/03/07 22:45:05
Done.
| |
| 38 return PROCESSING_MESSAGE; | |
| 39 } | |
| 40 return v2_authenticator_->state(); | |
| 41 } | 32 } |
| 42 | 33 |
| 43 bool PairingAuthenticatorBase::started() const { | 34 bool PairingAuthenticatorBase::started() const { |
| 44 if (!v2_authenticator_) { | 35 if (!spake2_authenticator_) { |
| 45 return false; | 36 return false; |
| 46 } | 37 } |
| 47 return v2_authenticator_->started(); | 38 return spake2_authenticator_->started(); |
| 48 } | 39 } |
| 49 | 40 |
| 50 Authenticator::RejectionReason | 41 Authenticator::RejectionReason |
| 51 PairingAuthenticatorBase::rejection_reason() const { | 42 PairingAuthenticatorBase::rejection_reason() const { |
| 52 if (!v2_authenticator_) { | 43 if (!spake2_authenticator_) { |
| 53 return PROTOCOL_ERROR; | 44 return PROTOCOL_ERROR; |
| 54 } | 45 } |
| 55 return v2_authenticator_->rejection_reason(); | 46 return spake2_authenticator_->rejection_reason(); |
| 56 } | 47 } |
| 57 | 48 |
| 58 void PairingAuthenticatorBase::ProcessMessage( | 49 void PairingAuthenticatorBase::ProcessMessage( |
| 59 const buzz::XmlElement* message, | 50 const buzz::XmlElement* message, |
| 60 const base::Closure& resume_callback) { | 51 const base::Closure& resume_callback) { |
| 61 DCHECK_EQ(state(), WAITING_MESSAGE); | 52 DCHECK_EQ(state(), WAITING_MESSAGE); |
| 62 | 53 |
| 63 // The client authenticator creates the underlying authenticator in the ctor | 54 // The client authenticator creates the underlying authenticator in the ctor |
| 64 // and the host creates it in response to the first message before deferring | 55 // and the host creates it in response to the first message before deferring |
| 65 // to this class to process it. Either way, it should exist here. | 56 // to this class to process it. Either way, it should exist here. |
| 66 DCHECK(v2_authenticator_); | 57 DCHECK(spake2_authenticator_); |
| 67 | 58 |
| 68 // If pairing failed, and we haven't already done so, try again with the PIN. | 59 // If pairing failed, and we haven't already done so, try again with the PIN. |
| 69 if (using_paired_secret_ && HasErrorMessage(message)) { | 60 if (using_paired_secret_ && HasErrorMessage(message)) { |
| 70 using_paired_secret_ = false; | 61 using_paired_secret_ = false; |
| 71 waiting_for_authenticator_ = true; | 62 spake2_authenticator_.reset(); |
| 72 v2_authenticator_.reset(); | 63 CreateSpakeAuthenticatorWithPin( |
| 73 SetAuthenticatorCallback set_authenticator = base::Bind( | 64 WAITING_MESSAGE, base::Bind(&PairingAuthenticatorBase::ProcessMessage, |
| 74 &PairingAuthenticatorBase::SetAuthenticatorAndProcessMessage, | 65 weak_factory_.GetWeakPtr(), |
| 75 weak_factory_.GetWeakPtr(), base::Owned(new buzz::XmlElement(*message)), | 66 base::Owned(new buzz::XmlElement(*message)), |
| 76 resume_callback); | 67 resume_callback)); |
| 77 CreateV2AuthenticatorWithPIN(WAITING_MESSAGE, set_authenticator); | |
| 78 return; | 68 return; |
| 79 } | 69 } |
| 80 | 70 |
| 81 // Pass the message to the underlying authenticator for processing, but | 71 // Pass the message to the underlying authenticator for processing, but |
| 82 // check for a failed SPAKE exchange if we're using the paired secret. In | 72 // check for a failed SPAKE exchange if we're using the paired secret. In |
| 83 // this case the pairing protocol can continue by communicating the error | 73 // this case the pairing protocol can continue by communicating the error |
| 84 // to the peer and retrying with the PIN. | 74 // to the peer and retrying with the PIN. |
| 85 v2_authenticator_->ProcessMessage( | 75 spake2_authenticator_->ProcessMessage( |
| 86 message, | 76 message, |
| 87 base::Bind(&PairingAuthenticatorBase::CheckForFailedSpakeExchange, | 77 base::Bind(&PairingAuthenticatorBase::CheckForFailedSpakeExchange, |
| 88 weak_factory_.GetWeakPtr(), resume_callback)); | 78 weak_factory_.GetWeakPtr(), resume_callback)); |
| 89 } | 79 } |
| 90 | 80 |
| 91 scoped_ptr<buzz::XmlElement> PairingAuthenticatorBase::GetNextMessage() { | 81 scoped_ptr<buzz::XmlElement> PairingAuthenticatorBase::GetNextMessage() { |
| 92 DCHECK_EQ(state(), MESSAGE_READY); | 82 DCHECK_EQ(state(), MESSAGE_READY); |
| 93 scoped_ptr<buzz::XmlElement> result = v2_authenticator_->GetNextMessage(); | 83 scoped_ptr<buzz::XmlElement> result = spake2_authenticator_->GetNextMessage(); |
| 94 AddPairingElements(result.get()); | 84 AddPairingElements(result.get()); |
| 95 MaybeAddErrorMessage(result.get()); | 85 MaybeAddErrorMessage(result.get()); |
| 96 return result; | 86 return result; |
| 97 } | 87 } |
| 98 | 88 |
| 99 const std::string& PairingAuthenticatorBase::GetAuthKey() const { | 89 const std::string& PairingAuthenticatorBase::GetAuthKey() const { |
| 100 return v2_authenticator_->GetAuthKey(); | 90 return spake2_authenticator_->GetAuthKey(); |
| 101 } | 91 } |
| 102 | 92 |
| 103 scoped_ptr<ChannelAuthenticator> | 93 scoped_ptr<ChannelAuthenticator> |
| 104 PairingAuthenticatorBase::CreateChannelAuthenticator() const { | 94 PairingAuthenticatorBase::CreateChannelAuthenticator() const { |
| 105 return v2_authenticator_->CreateChannelAuthenticator(); | 95 return spake2_authenticator_->CreateChannelAuthenticator(); |
| 106 } | 96 } |
| 107 | 97 |
| 108 void PairingAuthenticatorBase::MaybeAddErrorMessage(buzz::XmlElement* message) { | 98 void PairingAuthenticatorBase::MaybeAddErrorMessage(buzz::XmlElement* message) { |
| 109 if (!error_message_.empty()) { | 99 if (!error_message_.empty()) { |
| 110 buzz::XmlElement* pairing_failed_tag = | 100 buzz::XmlElement* pairing_failed_tag = |
| 111 new buzz::XmlElement(kPairingFailedTag); | 101 new buzz::XmlElement(kPairingFailedTag); |
| 112 pairing_failed_tag->AddAttr(kPairingErrorAttribute, error_message_); | 102 pairing_failed_tag->AddAttr(kPairingErrorAttribute, error_message_); |
| 113 message->AddElement(pairing_failed_tag); | 103 message->AddElement(pairing_failed_tag); |
| 114 error_message_.clear(); | 104 error_message_.clear(); |
| 115 } | 105 } |
| 116 } | 106 } |
| 117 | 107 |
| 118 bool PairingAuthenticatorBase::HasErrorMessage( | 108 bool PairingAuthenticatorBase::HasErrorMessage( |
| 119 const buzz::XmlElement* message) const { | 109 const buzz::XmlElement* message) const { |
| 120 const buzz::XmlElement* pairing_failed_tag = | 110 const buzz::XmlElement* pairing_failed_tag = |
| 121 message->FirstNamed(kPairingFailedTag); | 111 message->FirstNamed(kPairingFailedTag); |
| 122 if (pairing_failed_tag) { | 112 if (pairing_failed_tag) { |
| 123 std::string error = pairing_failed_tag->Attr(kPairingErrorAttribute); | 113 std::string error = pairing_failed_tag->Attr(kPairingErrorAttribute); |
| 124 LOG(ERROR) << "Pairing failed: " << error; | 114 LOG(ERROR) << "Pairing failed: " << error; |
| 125 } | 115 } |
| 126 return pairing_failed_tag != nullptr; | 116 return pairing_failed_tag != nullptr; |
| 127 } | 117 } |
| 128 | 118 |
| 129 void PairingAuthenticatorBase::CheckForFailedSpakeExchange( | 119 void PairingAuthenticatorBase::CheckForFailedSpakeExchange( |
| 130 const base::Closure& resume_callback) { | 120 const base::Closure& resume_callback) { |
| 131 // If the SPAKE exchange failed due to invalid credentials, and those | 121 // If the SPAKE exchange failed due to invalid credentials, and those |
| 132 // credentials were the paired secret, then notify the peer that the | 122 // credentials were the paired secret, then notify the peer that the |
| 133 // PIN-less connection failed and retry using the PIN. | 123 // PIN-less connection failed and retry using the PIN. |
| 134 if (v2_authenticator_->state() == REJECTED && | 124 if (spake2_authenticator_->state() == REJECTED && |
| 135 v2_authenticator_->rejection_reason() == INVALID_CREDENTIALS && | 125 spake2_authenticator_->rejection_reason() == INVALID_CREDENTIALS && |
| 136 using_paired_secret_) { | 126 using_paired_secret_) { |
| 137 using_paired_secret_ = false; | 127 using_paired_secret_ = false; |
| 138 error_message_ = "invalid-shared-secret"; | 128 error_message_ = "invalid-shared-secret"; |
| 139 v2_authenticator_.reset(); | 129 spake2_authenticator_.reset(); |
| 140 buzz::XmlElement* no_message = nullptr; | 130 CreateSpakeAuthenticatorWithPin(MESSAGE_READY, resume_callback); |
| 141 SetAuthenticatorCallback set_authenticator = base::Bind( | |
| 142 &PairingAuthenticatorBase::SetAuthenticatorAndProcessMessage, | |
| 143 weak_factory_.GetWeakPtr(), no_message, resume_callback); | |
| 144 CreateV2AuthenticatorWithPIN(MESSAGE_READY, set_authenticator); | |
| 145 return; | 131 return; |
| 146 } | 132 } |
| 147 | 133 |
| 148 resume_callback.Run(); | 134 resume_callback.Run(); |
| 149 } | 135 } |
| 150 | 136 |
| 151 void PairingAuthenticatorBase::SetAuthenticatorAndProcessMessage( | |
| 152 const buzz::XmlElement* message, | |
| 153 const base::Closure& resume_callback, | |
| 154 scoped_ptr<Authenticator> authenticator) { | |
| 155 DCHECK(!v2_authenticator_); | |
| 156 DCHECK(authenticator); | |
| 157 waiting_for_authenticator_ = false; | |
| 158 v2_authenticator_ = std::move(authenticator); | |
| 159 if (message) { | |
| 160 ProcessMessage(message, resume_callback); | |
| 161 } else { | |
| 162 resume_callback.Run(); | |
| 163 } | |
| 164 } | |
| 165 | |
| 166 } // namespace protocol | 137 } // namespace protocol |
| 167 } // namespace remoting | 138 } // namespace remoting |
| OLD | NEW |
