Chromium Code Reviews Chromium Code Reviews
Issue 12326090:
Third Party authentication protocol. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@host_key_pair| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef REMOTING_PROTOCOL_NEGOTIATING_AUTHENTICATOR_H_ | 5 #ifndef REMOTING_PROTOCOL_NEGOTIATING_AUTHENTICATOR_H_ |
| 6 #define REMOTING_PROTOCOL_NEGOTIATING_AUTHENTICATOR_H_ | 6 #define REMOTING_PROTOCOL_NEGOTIATING_AUTHENTICATOR_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
| 12 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
| 13 #include "remoting/protocol/authenticator.h" | 13 #include "remoting/protocol/authenticator.h" |
| 14 #include "remoting/protocol/authentication_method.h" | 14 #include "remoting/protocol/authentication_method.h" |
| 15 #include "remoting/protocol/third_party_authenticator.h" | |
| 15 | 16 |
| 16 namespace remoting { | 17 namespace remoting { |
| 17 namespace protocol { | 18 namespace protocol { |
| 18 | 19 |
| 19 class KeyPair; | 20 class KeyPair; |
| 20 | 21 |
| 21 class NegotiatingAuthenticator : public Authenticator { | 22 class NegotiatingAuthenticator : public Authenticator { |
| 22 public: | 23 public: |
| 23 virtual ~NegotiatingAuthenticator(); | 24 virtual ~NegotiatingAuthenticator(); |
| 24 | 25 |
| 25 static bool IsNegotiableMessage(const buzz::XmlElement* message); | 26 static bool IsNegotiableMessage(const buzz::XmlElement* message); |
| 26 | 27 |
| 27 // Creates a client authenticator for the given methods. | 28 // Creates a client authenticator for the given methods. |
| 28 // |third_party_token_fetcher| must be non-null if a ThirdPartyAuth method is | 29 // |third_party_token_fetcher| must be non-null if a ThirdPartyAuth method is |
| 29 // requested, and must outlive this authenticator. | 30 // requested, and must outlive this authenticator. |
| 30 static scoped_ptr<Authenticator> CreateForClient( | 31 static scoped_ptr<Authenticator> CreateForClient( |
| 31 const std::string& authentication_tag, | 32 const std::string& authentication_tag, |
| 32 const std::string& shared_secret, | 33 const std::string& shared_secret, |
| 33 const std::vector<AuthenticationMethod>& methods); | 34 const std::string& host_public_key, |
| 35 const std::vector<AuthenticationMethod>& methods, | |
| 36 ThirdPartyAuthenticator::TokenFetcher* third_party_token_fetcher); | |
| 34 | 37 |
| 35 // Creates a host authenticator, using a fixed shared secret/PIN hash. | 38 // Creates a host authenticator, using a fixed shared secret/PIN hash. |
| 36 static scoped_ptr<Authenticator> CreateForHost( | 39 static scoped_ptr<Authenticator> CreateForHostSharedSecret( |
| 37 const std::string& local_cert, | 40 const std::string& local_cert, |
| 38 scoped_ptr<KeyPair> key_pair, | 41 scoped_ptr<KeyPair> key_pair, |
| 39 const std::string& shared_secret_hash, | 42 const std::string& shared_secret_hash, |
| 40 AuthenticationMethod::HashFunction hash_function); | 43 AuthenticationMethod::HashFunction hash_function); |
| 41 | 44 |
| 45 // Creates a host authenticator, using a third party authentication server | |
| 46 // to negotiate a shared secret. |third_party_token_validator_factory| must | |
| 47 // outlive this authenticator. | |
| 48 static scoped_ptr<Authenticator> CreateForHostThirdPartyAuth( | |
| 49 const std::string& local_cert, | |
| 50 scoped_ptr<KeyPair> key_pair, | |
| 51 const std::string& third_party_token_url, | |
|
Sergey Ulanov
2013/02/26 01:14:50
Maybe define a type that stores all four parameter
rmsousa
2013/03/05 03:30:24
They can actually all go inside the validator.
| |
| 52 const std::string& third_party_token_validation_url, | |
| 53 const std::string& third_party_token_scope, | |
| 54 ThirdPartyAuthenticator::TokenValidatorFactory* | |
| 55 third_party_token_validator_factory); | |
| 56 | |
| 42 // Authenticator interface. | 57 // Authenticator interface. |
| 43 virtual State state() const OVERRIDE; | 58 virtual State state() const OVERRIDE; |
| 44 virtual RejectionReason rejection_reason() const OVERRIDE; | 59 virtual RejectionReason rejection_reason() const OVERRIDE; |
| 45 virtual void ProcessMessage(const buzz::XmlElement* message) OVERRIDE; | 60 virtual void ProcessMessage(const buzz::XmlElement* message) OVERRIDE; |
| 46 virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE; | 61 virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE; |
| 47 virtual scoped_ptr<ChannelAuthenticator> | 62 virtual scoped_ptr<ChannelAuthenticator> |
| 48 CreateChannelAuthenticator() const OVERRIDE; | 63 CreateChannelAuthenticator() const OVERRIDE; |
| 64 virtual void PerformExternalAction( | |
| 65 const base::Closure& resume_callback) OVERRIDE; | |
| 49 | 66 |
| 50 private: | 67 private: |
| 51 NegotiatingAuthenticator(Authenticator::State initial_state); | 68 NegotiatingAuthenticator(Authenticator::State initial_state); |
| 52 | 69 |
| 53 void AddMethod(const AuthenticationMethod& method); | 70 void AddMethod(const AuthenticationMethod& method); |
| 54 void CreateAuthenticator(State initial_state); | 71 void CreateAuthenticator(State initial_state); |
| 55 | 72 |
| 73 void UpdateState(const base::Closure& resume_callback); | |
| 74 | |
| 56 bool is_host_side() const; | 75 bool is_host_side() const; |
| 57 | 76 |
| 58 // Used only for host authenticators. | 77 // Used only for host authenticators. |
| 59 std::string local_cert_; | 78 std::string local_cert_; |
| 60 scoped_ptr<KeyPair> key_pair_; | 79 scoped_ptr<KeyPair> key_pair_; |
| 80 // Used only for pin-based host authenticators. | |
| 61 std::string shared_secret_hash_; | 81 std::string shared_secret_hash_; |
| 82 // Used only for third-party-token-based authenticators. | |
| 83 std::string third_party_token_url_; | |
| 84 std::string third_party_token_validation_url_; | |
| 85 std::string third_party_token_scope_; | |
| 86 ThirdPartyAuthenticator::TokenValidatorFactory* | |
| 87 third_party_token_validator_factory_; | |
| 62 | 88 |
| 63 // Used only for client authenticators. | 89 // Used only for client authenticators. |
| 90 std::string host_public_key_; | |
| 64 std::string authentication_tag_; | 91 std::string authentication_tag_; |
| 65 std::string shared_secret_; | 92 std::string shared_secret_; |
| 93 ThirdPartyAuthenticator::TokenFetcher* third_party_token_fetcher_; | |
| 66 | 94 |
| 67 // Used for both host and client authenticators. | 95 // Used for both host and client authenticators. |
| 68 std::vector<AuthenticationMethod> methods_; | 96 std::vector<AuthenticationMethod> methods_; |
| 69 AuthenticationMethod current_method_; | 97 AuthenticationMethod current_method_; |
| 70 scoped_ptr<Authenticator> current_authenticator_; | 98 scoped_ptr<Authenticator> current_authenticator_; |
| 71 State state_; | 99 State state_; |
| 72 RejectionReason rejection_reason_; | 100 RejectionReason rejection_reason_; |
| 73 | 101 |
| 74 DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticator); | 102 DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticator); |
| 75 }; | 103 }; |
| 76 | 104 |
| 77 } // namespace protocol | 105 } // namespace protocol |
| 78 } // namespace remoting | 106 } // namespace remoting |
| 79 | 107 |
| 80 #endif // REMOTING_PROTOCOL_NEGOTIATING_AUTHENTICATOR_H_ | 108 #endif // REMOTING_PROTOCOL_NEGOTIATING_AUTHENTICATOR_H_ |
| OLD | NEW |
