Third Party authentication protocol.

remoting/protocol/negotiating_authenticator.h

Index: remoting/protocol/negotiating_authenticator.h
diff --git a/remoting/protocol/negotiating_authenticator.h b/remoting/protocol/negotiating_authenticator.h
index 17d89eb35d334e429ff7b2261fc43ca1db8a3ebf..4f1cf48abcc63dfcee5b49ca4baedd39124387dd 100644
--- a/remoting/protocol/negotiating_authenticator.h
+++ b/remoting/protocol/negotiating_authenticator.h
@@ -12,6 +12,7 @@
 #include "base/memory/scoped_ptr.h"
 #include "remoting/protocol/authenticator.h"
 #include "remoting/protocol/authentication_method.h"
+#include "remoting/protocol/third_party_authenticator.h"
 
 namespace remoting {
 namespace protocol {
@@ -30,15 +31,29 @@ class NegotiatingAuthenticator : public Authenticator {
   static scoped_ptr<Authenticator> CreateForClient(
       const std::string& authentication_tag,
       const std::string& shared_secret,
-      const std::vector<AuthenticationMethod>& methods);
+      const std::string& host_public_key,
+      const std::vector<AuthenticationMethod>& methods,
+      ThirdPartyAuthenticator::TokenFetcher* third_party_token_fetcher);
 
   // Creates a host authenticator, using a fixed shared secret/PIN hash.
-  static scoped_ptr<Authenticator> CreateForHost(
+  static scoped_ptr<Authenticator> CreateForHostSharedSecret(
       const std::string& local_cert,
       scoped_ptr<KeyPair> key_pair,
       const std::string& shared_secret_hash,
       AuthenticationMethod::HashFunction hash_function);
 
+  // Creates a host authenticator, using a third party authentication server
+  // to negotiate a shared secret. |third_party_token_validator_factory| must
+  // outlive this authenticator.
+  static scoped_ptr<Authenticator> CreateForHostThirdPartyAuth(
+      const std::string& local_cert,
+      scoped_ptr<KeyPair> key_pair,
+      const std::string& third_party_token_url,

[Sergey Ulanov, 2013/02/26 01:14:50]

Maybe define a type that stores all four parameters for the third_party auth and
pass them as one argument. E.g. call it ThirdPartyAuthenticator::Config?

[rmsousa, 2013/03/05 03:30:24]

They can actually all go inside the validator.

+      const std::string& third_party_token_validation_url,
+      const std::string& third_party_token_scope,
+      ThirdPartyAuthenticator::TokenValidatorFactory*
+          third_party_token_validator_factory);
+
   // Authenticator interface.
   virtual State state() const OVERRIDE;
   virtual RejectionReason rejection_reason() const OVERRIDE;
@@ -46,6 +61,8 @@ class NegotiatingAuthenticator : public Authenticator {
   virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE;
   virtual scoped_ptr<ChannelAuthenticator>
       CreateChannelAuthenticator() const OVERRIDE;
+  virtual void PerformExternalAction(
+      const base::Closure& resume_callback) OVERRIDE;
 
  private:
   NegotiatingAuthenticator(Authenticator::State initial_state);
@@ -53,16 +70,27 @@ class NegotiatingAuthenticator : public Authenticator {
   void AddMethod(const AuthenticationMethod& method);
   void CreateAuthenticator(State initial_state);
 
+  void UpdateState(const base::Closure& resume_callback);
+
   bool is_host_side() const;
 
   // Used only for host authenticators.
   std::string local_cert_;
   scoped_ptr<KeyPair> key_pair_;
+  // Used only for pin-based host authenticators.
   std::string shared_secret_hash_;
+  // Used only for third-party-token-based authenticators.
+  std::string third_party_token_url_;
+  std::string third_party_token_validation_url_;
+  std::string third_party_token_scope_;
+  ThirdPartyAuthenticator::TokenValidatorFactory*
+      third_party_token_validator_factory_;
 
   // Used only for client authenticators.
+  std::string host_public_key_;
   std::string authentication_tag_;
   std::string shared_secret_;
+  ThirdPartyAuthenticator::TokenFetcher* third_party_token_fetcher_;
 
   // Used for both host and client authenticators.
   std::vector<AuthenticationMethod> methods_;