OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_ | 5 #ifndef REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_ |
6 #define REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_ | 6 #define REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/callback.h" | 10 #include "base/callback.h" |
11 #include "base/memory/ref_counted.h" | 11 #include "base/memory/ref_counted.h" |
12 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
13 #include "base/threading/non_thread_safe.h" | 13 #include "base/threading/non_thread_safe.h" |
14 #include "remoting/protocol/channel_authenticator.h" | 14 #include "remoting/protocol/channel_authenticator.h" |
15 | 15 |
16 namespace crypto { | |
17 class RSAPrivateKey; | |
18 } // namespace crypto | |
19 | |
20 namespace net { | 16 namespace net { |
21 class CertVerifier; | 17 class CertVerifier; |
22 class DrainableIOBuffer; | 18 class DrainableIOBuffer; |
23 class GrowableIOBuffer; | 19 class GrowableIOBuffer; |
24 class SSLSocket; | 20 class SSLSocket; |
25 } // namespace net | 21 } // namespace net |
26 | 22 |
27 namespace remoting { | 23 namespace remoting { |
| 24 |
| 25 class RsaKeyPair; |
| 26 |
28 namespace protocol { | 27 namespace protocol { |
29 | 28 |
30 // SslHmacChannelAuthenticator implements ChannelAuthenticator that | 29 // SslHmacChannelAuthenticator implements ChannelAuthenticator that |
31 // secures channels using SSL and authenticates them with a shared | 30 // secures channels using SSL and authenticates them with a shared |
32 // secret HMAC. | 31 // secret HMAC. |
33 class SslHmacChannelAuthenticator : public ChannelAuthenticator, | 32 class SslHmacChannelAuthenticator : public ChannelAuthenticator, |
34 public base::NonThreadSafe { | 33 public base::NonThreadSafe { |
35 public: | 34 public: |
36 enum LegacyMode { | 35 enum LegacyMode { |
37 NONE, | 36 NONE, |
38 SEND_ONLY, | 37 SEND_ONLY, |
39 RECEIVE_ONLY, | 38 RECEIVE_ONLY, |
40 }; | 39 }; |
41 | 40 |
42 // CreateForClient() and CreateForHost() create an authenticator | 41 // CreateForClient() and CreateForHost() create an authenticator |
43 // instances for client and host. |auth_key| specifies shared key | 42 // instances for client and host. |auth_key| specifies shared key |
44 // known by both host and client. In case of V1Authenticator the | 43 // known by both host and client. In case of V1Authenticator the |
45 // |auth_key| is set to access code. For EKE-based authentication | 44 // |auth_key| is set to access code. For EKE-based authentication |
46 // |auth_key| is the key established using EKE over the signaling | 45 // |auth_key| is the key established using EKE over the signaling |
47 // channel. | 46 // channel. |
48 static scoped_ptr<SslHmacChannelAuthenticator> CreateForClient( | 47 static scoped_ptr<SslHmacChannelAuthenticator> CreateForClient( |
49 const std::string& remote_cert, | 48 const std::string& remote_cert, |
50 const std::string& auth_key); | 49 const std::string& auth_key); |
51 | 50 |
52 static scoped_ptr<SslHmacChannelAuthenticator> CreateForHost( | 51 static scoped_ptr<SslHmacChannelAuthenticator> CreateForHost( |
53 const std::string& local_cert, | 52 const std::string& local_cert, |
54 crypto::RSAPrivateKey* local_private_key, | 53 scoped_refptr<RsaKeyPair> key_pair, |
55 const std::string& auth_key); | 54 const std::string& auth_key); |
56 | 55 |
57 virtual ~SslHmacChannelAuthenticator(); | 56 virtual ~SslHmacChannelAuthenticator(); |
58 | 57 |
59 // ChannelAuthenticator interface. | 58 // ChannelAuthenticator interface. |
60 virtual void SecureAndAuthenticate( | 59 virtual void SecureAndAuthenticate( |
61 scoped_ptr<net::StreamSocket> socket, | 60 scoped_ptr<net::StreamSocket> socket, |
62 const DoneCallback& done_callback) OVERRIDE; | 61 const DoneCallback& done_callback) OVERRIDE; |
63 | 62 |
64 private: | 63 private: |
(...skipping 13 matching lines...) Expand all Loading... |
78 bool VerifyAuthBytes(const std::string& received_auth_bytes); | 77 bool VerifyAuthBytes(const std::string& received_auth_bytes); |
79 | 78 |
80 void CheckDone(bool* callback_called); | 79 void CheckDone(bool* callback_called); |
81 void NotifyError(int error); | 80 void NotifyError(int error); |
82 | 81 |
83 // The mutual secret used for authentication. | 82 // The mutual secret used for authentication. |
84 std::string auth_key_; | 83 std::string auth_key_; |
85 | 84 |
86 // Used in the SERVER mode only. | 85 // Used in the SERVER mode only. |
87 std::string local_cert_; | 86 std::string local_cert_; |
88 crypto::RSAPrivateKey* local_private_key_; | 87 scoped_refptr<RsaKeyPair> local_key_pair_; |
89 | 88 |
90 // Used in the CLIENT mode only. | 89 // Used in the CLIENT mode only. |
91 std::string remote_cert_; | 90 std::string remote_cert_; |
92 scoped_ptr<net::CertVerifier> cert_verifier_; | 91 scoped_ptr<net::CertVerifier> cert_verifier_; |
93 | 92 |
94 scoped_ptr<net::SSLSocket> socket_; | 93 scoped_ptr<net::SSLSocket> socket_; |
95 DoneCallback done_callback_; | 94 DoneCallback done_callback_; |
96 | 95 |
97 scoped_refptr<net::DrainableIOBuffer> auth_write_buf_; | 96 scoped_refptr<net::DrainableIOBuffer> auth_write_buf_; |
98 scoped_refptr<net::GrowableIOBuffer> auth_read_buf_; | 97 scoped_refptr<net::GrowableIOBuffer> auth_read_buf_; |
99 | 98 |
100 DISALLOW_COPY_AND_ASSIGN(SslHmacChannelAuthenticator); | 99 DISALLOW_COPY_AND_ASSIGN(SslHmacChannelAuthenticator); |
101 }; | 100 }; |
102 | 101 |
103 } // namespace protocol | 102 } // namespace protocol |
104 } // namespace remoting | 103 } // namespace remoting |
105 | 104 |
106 #endif // REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_ | 105 #endif // REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_ |
OLD | NEW |