Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(368)

Unified Diff: remoting/protocol/third_party_client_authenticator.h

Issue 12326090: Third Party authentication protocol. (Closed) Base URL: http://git.chromium.org/chromium/src.git@host_key_pair
Patch Set: Reviewer comments Created 7 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: remoting/protocol/third_party_client_authenticator.h
diff --git a/remoting/protocol/third_party_client_authenticator.h b/remoting/protocol/third_party_client_authenticator.h
new file mode 100644
index 0000000000000000000000000000000000000000..053d7ab25656ca3dcd955802098ed48231d3e368
--- /dev/null
+++ b/remoting/protocol/third_party_client_authenticator.h
@@ -0,0 +1,87 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef REMOTING_PROTOCOL_THIRD_PARTY_CLIENT_AUTHENTICATOR_H_
+#define REMOTING_PROTOCOL_THIRD_PARTY_CLIENT_AUTHENTICATOR_H_
+
+#include <string>
+
+#include "base/callback.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/memory/weak_ptr.h"
+#include "remoting/protocol/third_party_authenticator_base.h"
+
+class GURL;
+
+namespace remoting {
+namespace protocol {
+
+// Implements an authentication method that relies on a third party server for
+// authentication of both client and host.
+// When third party authentication is being used, the client must request both a
+// token and a shared secret from a third-party server (which may require the
+// user to authenticate themselves). The client then sends only the token to the
+// host. The host signs the token, then contacts the third-party server to
+// exchange the token for the shared secret. Once both client and host have the
+// shared secret, they use an underlying |V2Authenticator| (SPAKE2) to negotiate
+// an authentication key, which is used to establish the connection.
Wez 2013/03/22 06:17:01 Isn't this comment already present on the ThirdPar
rmsousa 2013/03/22 21:19:05 Indeed, changed for a client specific comment.
+class ThirdPartyClientAuthenticator : public ThirdPartyAuthenticatorBase {
+ public:
+ class TokenFetcher {
+ public:
+ // Callback passed to |FetchThirdPartyToken|, and called once the client
+ // authentication finishes. |token| is an opaque string that should be sent
+ // directly to the host. |shared_secret| should be used by the client to
+ // create a V2Authenticator. In case of failure, the callback is called with
+ // an empty |token| and |shared_secret|.
+ typedef base::Callback<void(
+ const std::string& token,
+ const std::string& shared_secret)> TokenFetchedCallback;
+
+ virtual ~TokenFetcher() {}
+
+ // Fetches a third party token from |token_url|. |host_public_key| is sent
+ // to the server so it can later authenticate the host. |scope| is a string
+ // with a space-separated list of attributes for this connection (e.g.
+ // "hostjid:abc@example.com/123 clientjid:def@example.org/456".
+ // |token_fetched_callback| is called when the client authentication ends,
+ // in the same thread |FetchThirdPartyToken| was originally called.
+ // The request is canceled if the TokenFetcher is destroyed.
+ virtual void FetchThirdPartyToken(
+ const GURL& token_url,
+ const std::string& host_public_key,
+ const std::string& scope,
+ const TokenFetchedCallback& token_fetched_callback) = 0;
+ };
+
+ // Creates a third-party client authenticator, for the host with the given
Wez 2013/03/22 06:17:01 nit: remove comma
rmsousa 2013/03/22 21:19:05 Done.
+ // |host_public_key|. |token_fetcher| is used to get the authentication token.
+ ThirdPartyClientAuthenticator(const std::string& host_public_key,
+ scoped_ptr<TokenFetcher> token_fetcher);
+ virtual ~ThirdPartyClientAuthenticator();
+
+ protected:
+ // ThirdPartyAuthenticator implementation.
+ virtual void ProcessTokenMessage(
+ const buzz::XmlElement* message,
+ const base::Closure& resume_callback) OVERRIDE;
+ virtual void AddTokenElements(buzz::XmlElement* message) OVERRIDE;
+
+ private:
+ void OnThirdPartyTokenFetched(const base::Closure& resume_callback,
+ const std::string& third_party_token,
+ const std::string& shared_secret);
+
+ std::string host_public_key_;
+ std::string token_;
+ scoped_ptr<TokenFetcher> token_fetcher_;
+
+ DISALLOW_COPY_AND_ASSIGN(ThirdPartyClientAuthenticator);
+};
+
+
+} // namespace protocol
+} // namespace remoting
+
+#endif // REMOTING_PROTOCOL_THIRD_PARTY_CLIENT_AUTHENTICATOR_H_

Powered by Google App Engine
This is Rietveld 408576698