remoting/protocol/third_party_authenticator.h - Issue 12326090: Third Party authentication protocol.

Side by Side Diff: remoting/protocol/third_party_authenticator.h

Issue 12326090: Third Party authentication protocol. (Closed) Base URL: http://git.chromium.org/chromium/src.git@host_key_pair

Patch Set: Add the missing new files Created 7 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« remoting/protocol/negotiating_authenticator.h ('K') | « remoting/protocol/negotiating_authenticator_unittest.cc ('k') | remoting/protocol/third_party_authenticator.cc » ('j') | remoting/protocol/third_party_authenticator.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
	Sergey Ulanov 2013/02/26 01:14:50 nit: 2013 please nit: 2013 please rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/26 01:14:50, sergeyu wrote: > nit: 2013 please Done.
	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef REMOTING_PROTOCOL_TOKEN_AUTHENTICATOR_H_

	6 #define REMOTING_PROTOCOL_TOKEN_AUTHENTICATOR_H_

	7

	8 #include <string>

	9

	10 #include "base/callback.h"

	11 #include "base/memory/scoped_ptr.h"

	12 #include "base/memory/weak_ptr.h"

	13 #include "crypto/p224_spake.h"

	14 #include "crypto/signature_creator.h"

	15 #include "remoting/protocol/authenticator.h"

	16

	17 namespace remoting {

	18 namespace protocol {

	19

	20 class KeyPair;

	21

	22 class ThirdPartyAuthenticator : public Authenticator {
	Sergey Ulanov 2013/02/26 01:14:50 Add comment to explain what this class is for. Add comment to explain what this class is for. rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/26 01:14:50, sergeyu wrote: > Add comment to explain what this class is for. Done.
	23 public:

	24 class TokenFetcher {
	Sergey Ulanov 2013/02/26 01:14:50 Need virtual destructor for a class with virtual m Need virtual destructor for a class with virtual methods. rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/26 01:14:50, sergeyu wrote: > Need virtual destructor for a class with virtual methods. Done.
	25 public:
	Wez 2013/02/27 07:05:30 Define a virtual dtor for the interface. Since it' Define a virtual dtor for the interface. Since it's lifetime is not recipient-managed that probably needs to be protected. rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/27 07:05:30, Wez wrote: > Define a virtual dtor for the interface. Since it's lifetime is not > recipient-managed that probably needs to be protected. Done.
	26 // Fetches a third party token from \|token_url\|. \|host_public_key\| is sent

	27 // to the server so it can later authenticate the host. \|scope\| is a string

	28 // with a space-separated list of attributes for this connection (e.g.

	29 // "hostjid:abc@example.com/123 clientjid:def@example.org/456".

	30 // \|on_token_fetched\| is called by the TokenFetcher once \|token\| and
	Wez 2013/02/27 07:05:30 Clarify which thread the callback is invoked on - Clarify which thread the callback is invoked on - must it be the thread the call is made on? rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/27 07:05:30, Wez wrote: > Clarify which thread the callback is invoked on - must it be the thread the call > is made on? Done.
	31 // \|shared_secret\| are obtained, or called with empty strings on failure.

	32 virtual void FetchThirdPartyToken(
	Sergey Ulanov 2013/02/26 01:14:50 I think you also need a way to cancel the request I think you also need a way to cancel the request - for the case Authenticator object gets deleted while this request is pending. Also see my comment for ~TokenValidator() Wez 2013/02/27 07:05:30 You don't necessarily need a cancel method if the Show quoted text On 2013/02/26 01:14:50, sergeyu wrote: > I think you also need a way to cancel the request - for the case Authenticator > object gets deleted while this request is pending. > > Also see my comment for ~TokenValidator() You don't necessarily need a cancel method if the Callback is Bind()ed to a WeakPtr to the Authenticator. rmsousa 2013/03/05 03:30:24 Still useful to have a way to cancel explicitly - Show quoted text On 2013/02/27 07:05:30, Wez wrote: > On 2013/02/26 01:14:50, sergeyu wrote: > > I think you also need a way to cancel the request - for the case Authenticator > > object gets deleted while this request is pending. > > > > Also see my comment for ~TokenValidator() > > You don't necessarily need a cancel method if the Callback is Bind()ed to a > WeakPtr to the Authenticator. Still useful to have a way to cancel explicitly - e.g. in case this is doing an URLFetch, we can proactively cancel the fetch instead of waiting for it to finish to find that the callback is invalidated. In fact, by having this own the fetcher/validator, we can actually do away with the weakptr.
	33 const std::string& token_url,
	Sergey Ulanov 2013/02/26 01:14:50 maybe use GURL type for the URLs? maybe use GURL type for the URLs? rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/26 01:14:50, sergeyu wrote: > maybe use GURL type for the URLs? Done.
	34 const std::string& host_public_key,

	35 const std::string& scope,

	36 const base::Callback<void(
	Sergey Ulanov 2013/02/26 01:14:50 please add typedef for the callback - that would m please add typedef for the callback - that would make this code more readable and allow to document is separately. rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/26 01:14:50, sergeyu wrote: > please add typedef for the callback - that would make this code more readable > and allow to document is separately. Done.
	37 const std::string& token,

	38 const std::string& shared_secret)>&on_token_fetched) = 0;
	Sergey Ulanov 2013/02/26 01:14:50 space before argument name space before argument name Wez 2013/02/27 07:05:30 nit: Space between & and member name. nit: Best to nit: Space between & and member name. nit: Best to define a typedef for the Callback (e.g. TokenFetcher::Callback) Wez 2013/02/27 07:05:30 nit: on_token_fetched -> fetch_callback or just ca nit: on_token_fetched -> fetch_callback or just callback rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/26 01:14:50, sergeyu wrote: > space before argument name Done. rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/27 07:05:30, Wez wrote: > nit: Space between & and member name. > nit: Best to define a typedef for the Callback (e.g. TokenFetcher::Callback) Done. rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/27 07:05:30, Wez wrote: > nit: on_token_fetched -> fetch_callback or just callback Done.
	39 };

	40

	41 class TokenValidator {

	42 public:

	43 // Validates third party \|token\| with the server at \|token_validation_url\|,

	44 // and exchanges it for a \|shared_secret\|. \|host_public_key\| is sent to the

	45 // server to identify the host, and must match the one used by the client to

	46 // request \|token\|, and the private key used for \|token_signature\|. \|scope\|

	47 // is an attribute list (as above) that the token's scope must match.

	48 // \|on_token_validated\| is called by the TokenFetcher once \|shared_secret\|

	49 // is obtained, or called with an empty string on failure.

	50 virtual void ValidateThirdPartyToken(
	Sergey Ulanov 2013/02/26 01:14:50 Also need a way to cancel the request. Also need a way to cancel the request. rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/26 01:14:50, sergeyu wrote: > Also need a way to cancel the request. Done.
	51 const std::string& token_validation_url,

	52 const std::string& token,

	53 const std::string& host_public_key,

	54 const std::string& token_signature,

	55 const std::string& scope,
	Sergey Ulanov 2013/02/26 01:14:50 Do we expect the content of this string to be in s Do we expect the content of this string to be in some format? Maybe better to add a class that parses a scope and use it here. rmsousa 2013/03/05 03:30:24 The only ones that need to know about the string c Show quoted text On 2013/02/26 01:14:50, sergeyu wrote: > Do we expect the content of this string to be in some format? Maybe better to > add a class that parses a scope and use it here. The only ones that need to know about the string contents are the validator and the fetcher - the authenticator is only a pass-through for it, and needs it to be a pretty much opaque string. I've moved everything that can be determined at tokenvalidator construction time into the validator (and out of this class's constructors). Namely: scope, urls, keypair.
	56 const base::Callback<void(
	Sergey Ulanov 2013/02/26 01:14:50 typedef for the callback please typedef for the callback please rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/26 01:14:50, sergeyu wrote: > typedef for the callback please Done. rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/26 01:14:50, sergeyu wrote: > typedef for the callback please Done.
	57 const std::string& shared_secret)>& on_token_validated) = 0;
	Wez 2013/02/27 07:05:30 nit: on_token_validated -> validation_callback or nit: on_token_validated -> validation_callback or just callback rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/27 07:05:30, Wez wrote: > nit: on_token_validated -> validation_callback or just callback Done.
	58 virtual ~TokenValidator() {}
	Sergey Ulanov 2013/02/26 01:14:50 nit: does the destructor need to be public? if not nit: does the destructor need to be public? if not make it protected. If you make destructor public then you can use it as a way to cancel the request, but then the Authenticator should take ownership of the implementation of this interface. IMO that would be the best way to implement request cancellation. rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/26 01:14:50, sergeyu wrote: > nit: does the destructor need to be public? if not make it protected. > > If you make destructor public then you can use it as a way to cancel the > request, but then the Authenticator should take ownership of the implementation > of this interface. IMO that would be the best way to implement request > cancellation. Done.
	59 };

	60

	61 class TokenValidatorFactory {

	62 public:

	63 // Creates a TokenValidator instance.

	64 virtual scoped_ptr<TokenValidator> CreateTokenValidator() = 0;

	65 };

	66

	67 // Creates a third-party client authenticator, for the host with the given

	68 // \|host_public_key\|. \|token_fetcher\| must outlive this authenticator.

	69 static scoped_ptr<Authenticator> CreateForClient(

	70 const std::string& host_public_key,

	71 ThirdPartyAuthenticator::TokenFetcher* token_fetcher,
	Wez 2013/02/27 07:05:30 Does this need to out-live, or could it be scoped_ Does this need to out-live, or could it be scoped_ptr? rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/27 07:05:30, Wez wrote: > Does this need to out-live, or could it be scoped_ptr? Done.
	72 Authenticator::State initial_state);

	73

	74 // Creates a third-party host authenticator. \|local_cert\| is used to establish
	Sergey Ulanov 2013/02/26 01:14:50 Why do we need to pass local_cert? Can't it be gen Why do we need to pass local_cert? Can't it be generated using KeyPair::GenerateCertificate(). rmsousa 2013/03/05 03:30:24 Isn't generating certificates expensive? (If I und Show quoted text On 2013/02/26 01:14:50, sergeyu wrote: > Why do we need to pass local_cert? Can't it be generated using > KeyPair::GenerateCertificate(). Isn't generating certificates expensive? (If I understood our SSL code correctly, in some OSes each generated certificate will actually have to go into the system cert store) The current code generates a certificate once when RemotingMe2MeHost starts, and uses the same one for every connection - I just kept that behavior. If we want to generate one certificate for every connection, we should do it for every authenticator (i.e. change v2_authenticator to also do it, and remove local_cert from every constructor signature).
	75 // the underlying SSL channels. \|key_pair\| is used for SSL, as well as to sign

	76 // the token for \|token_validator\|. \|token_url\| is sent to the client, to be

	77 // used by its \|TokenFetcher\|. \|token_validation_url\| is used by
	Wez 2013/02/27 07:05:30 Why are \|token_url\|, \|token_validator\|, \|scope\|, \| Why are \|token_url\|, \|token_validator\|, \|scope\|, \|key_pair\| passed here rather than to the TokenValidator implementation ctor, which the caller has already had to call? rmsousa 2013/03/05 03:30:24 key_pair needs to be here to construct the underly Show quoted text On 2013/02/27 07:05:30, Wez wrote: > Why are \|token_url\|, \|token_validator\|, \|scope\|, \|key_pair\| passed here rather > than to the TokenValidator implementation ctor, which the caller has already had > to call? key_pair needs to be here to construct the underlying v2_authenticator (I don't want to bake in an assumption that the token_validator necessarily has a key pair, so I prefer that we pass an explicit reference to the keypair here, even if it's ultimately the same) For the token parameters, yeah, good point, I've moved them into the validator.
	78 // \|token_validator\| to obtain the shared secret. \|scope\| is a list of

	79 // connection attributes the host must send to the client, and require the

	80 // token to match. This object may add/require its own attributes to \|scope\|

	81 // (e.g. a nonce).

	82 static scoped_ptr<Authenticator> CreateForHost(

	83 const std::string& local_cert,
	Sergey Ulanov 2013/02/26 01:14:50 Why do we need local_cert here together with key_p Why do we need local_cert here together with key_pair? Can't we generate local_cert from the key pair? rmsousa 2013/03/05 03:30:24 see above Show quoted text On 2013/02/26 01:14:50, sergeyu wrote: > Why do we need local_cert here together with key_pair? Can't we generate > local_cert from the key pair? see above
	84 scoped_ptr<KeyPair> key_pair,

	85 const std::string& token_url,

	86 const std::string& token_validation_url,

	87 const std::string& scope,
	Sergey Ulanov 2013/02/26 01:14:50 this argument is called token_scope in .cc file. this argument is called token_scope in .cc file. rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/26 01:14:50, sergeyu wrote: > this argument is called token_scope in .cc file. Done.
	88 scoped_ptr<ThirdPartyAuthenticator::TokenValidator> token_validator,

	89 Authenticator::State initial_state);

	90

	91 virtual ~ThirdPartyAuthenticator();

	92

	93 // Authenticator interface.

	94 virtual State state() const OVERRIDE;

	95 virtual RejectionReason rejection_reason() const OVERRIDE;

	96 virtual void ProcessMessage(const buzz::XmlElement* message) OVERRIDE;

	97 virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE;

	98 virtual scoped_ptr<ChannelAuthenticator>

	99 CreateChannelAuthenticator() const OVERRIDE;

	100 virtual void PerformExternalAction(

	101 const base::Closure& resume_callback) OVERRIDE;

	102

	103 private:

	104 ThirdPartyAuthenticator(State initial_state);

	105 void OnThirdPartyTokenFetched(const base::Closure& resume_callback,

	106 const std::string& third_party_token,

	107 const std::string& shared_secret);

	108 void OnThirdPartyTokenValidated(const base::Closure& resume_callback,

	109 const std::string& shared_secret);
	Wez 2013/02/27 07:05:30 nit: Separate these methods by blank lines and add nit: Separate these methods by blank lines and add a comment to each of the On* methods to explain what they do (it's clear from the name when they are called :) rmsousa 2013/03/05 03:30:24 Done. Show quoted text On 2013/02/27 07:05:30, Wez wrote: > nit: Separate these methods by blank lines and add a comment to each of the On* > methods to explain what they do (it's clear from the name when they are called > :) Done.
	110 bool is_host_side() const;

	111

	112 // Used only for host authenticators.

	113 bool expecting_token_;

	114 std::string local_cert_;

	115 scoped_ptr<KeyPair> key_pair_;

	116 scoped_ptr<TokenValidator> token_validator_;

	117

	118 // Used only for client authenticators.

	119 TokenFetcher* token_fetcher_;

	120 scoped_ptr<buzz::XmlElement> pending_message_;

	121 std::string host_public_key_;

	122

	123 // Used for both host and client authenticators.

	124 std::string token_url_;

	125 std::string token_validation_url_;

	126 std::string token_scope_;

	127 std::string token_;

	128 std::string token_signature_;

	129 std::string shared_secret_;

	130 scoped_ptr<Authenticator> underlying_;

	131 State state_;

	132 RejectionReason rejection_reason_;

	133 base::WeakPtrFactory<ThirdPartyAuthenticator> weak_factory_;

	134

	135 DISALLOW_COPY_AND_ASSIGN(ThirdPartyAuthenticator);

	136 };

	137

	138 } // namespace protocol

	139 } // namespace remoting

	140

	141 #endif // REMOTING_PROTOCOL_TOKEN_AUTHENTICATOR_H_

OLD	NEW