diff options
| author | sergeyu <sergeyu@chromium.org> | 2016-03-08 10:10:28 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-03-08 18:12:41 +0000 |
| commit | 12e320ad7dd026121c0ff50bc7e5cb99a13aa983 (patch) | |
| tree | 502e83043c8a5e7c883f564b2301d7c622ebbf09 /remoting/protocol | |
| parent | 93957a91bbd0f906a9b0851532699d2a1e574a86 (diff) | |
| download | chromium_src-12e320ad7dd026121c0ff50bc7e5cb99a13aa983.zip chromium_src-12e320ad7dd026121c0ff50bc7e5cb99a13aa983.tar.gz chromium_src-12e320ad7dd026121c0ff50bc7e5cb99a13aa983.tar.bz2 | |
Remove dependency on V2Authenticator from ThirdParty and pairing authenticators.
Previously third-party and pairing authenticators were responsible for
creation for the underlying SPAKE2 authenticators. Now they get a
callback that they should use instead. This will allow to use them with
Spake2Authenticator.
Also made some minor cleanups in pairiting authenticators, particularly
in the code responsible for fetching the pin after paired auth fails.
BUG=589698
Review URL: https://codereview.chromium.org/1770923002
Cr-Commit-Position: refs/heads/master@{#379858}
Diffstat (limited to 'remoting/protocol')
| -rw-r--r-- | remoting/protocol/authenticator.h | 31 | ||||
| -rw-r--r-- | remoting/protocol/negotiating_authenticator_base.cc | 1 | ||||
| -rw-r--r-- | remoting/protocol/negotiating_client_authenticator.cc | 7 | ||||
| -rw-r--r-- | remoting/protocol/negotiating_host_authenticator.cc | 8 | ||||
| -rw-r--r-- | remoting/protocol/pairing_authenticator_base.cc | 74 | ||||
| -rw-r--r-- | remoting/protocol/pairing_authenticator_base.h | 25 | ||||
| -rw-r--r-- | remoting/protocol/pairing_client_authenticator.cc | 41 | ||||
| -rw-r--r-- | remoting/protocol/pairing_client_authenticator.h | 21 | ||||
| -rw-r--r-- | remoting/protocol/pairing_host_authenticator.cc | 54 | ||||
| -rw-r--r-- | remoting/protocol/pairing_host_authenticator.h | 21 | ||||
| -rw-r--r-- | remoting/protocol/third_party_authenticator_base.cc | 1 | ||||
| -rw-r--r-- | remoting/protocol/third_party_authenticator_unittest.cc | 15 | ||||
| -rw-r--r-- | remoting/protocol/third_party_client_authenticator.cc | 13 | ||||
| -rw-r--r-- | remoting/protocol/third_party_client_authenticator.h | 11 | ||||
| -rw-r--r-- | remoting/protocol/third_party_host_authenticator.cc | 18 | ||||
| -rw-r--r-- | remoting/protocol/third_party_host_authenticator.h | 22 |
16 files changed, 168 insertions, 195 deletions
diff --git a/remoting/protocol/authenticator.h b/remoting/protocol/authenticator.h index 927790c..febf38c 100644 --- a/remoting/protocol/authenticator.h +++ b/remoting/protocol/authenticator.h @@ -17,6 +17,7 @@ class XmlElement; namespace remoting { namespace protocol { +class Authenticator; class ChannelAuthenticator; typedef base::Callback<void(const std::string& secret)> SecretFetchedCallback; @@ -25,18 +26,16 @@ typedef base::Callback<void( const SecretFetchedCallback& secret_fetched_callback)> FetchSecretCallback; // Authenticator is an abstract interface for authentication protocol -// implementations. Different implementations of this interface may be -// used on each side of the connection depending of type of the auth -// protocol. Client and host will repeatedly call their Authenticators -// and deliver the messages they generate, until successful -// authentication is reported. +// implementations. Different implementations of this interface may be used on +// each side of the connection depending of type of the auth protocol. Client +// and host will repeatedly call their Authenticators and deliver the messages +// they generate, until successful authentication is reported. // -// Authenticator may exchange multiple messages before session is -// authenticated. Each message sent/received by an Authenticator is -// delivered either in a session description inside session-initiate -// and session-accept messages or in a session-info -// message. Session-info messages are used only if authenticators need -// to exchange more than one message. +// Authenticator may exchange multiple messages before session is authenticated. +// Each message sent/received by an Authenticator is delivered either in a +// session description inside session-initiate and session-accept messages or in +// a session-info message. Session-info messages are used only if authenticators +// need to exchange more than one message. class Authenticator { public: // Allowed state transitions: @@ -72,6 +71,14 @@ class Authenticator { PROTOCOL_ERROR, }; + // Callback used for layered Authenticator implementations, particularly + // third-party and pairing authenticators. They use this callback to create + // base SPAKE2 authenticators. + typedef base::Callback<scoped_ptr<Authenticator>( + const std::string& shared_secret, + Authenticator::State initial_state)> + CreateBaseAuthenticatorCallback; + // Returns true if |message| is an Authenticator message. static bool IsAuthenticatorMessage(const buzz::XmlElement* message); @@ -90,7 +97,7 @@ class Authenticator { virtual State state() const = 0; // Returns whether authentication has started. The chromoting host uses this - // method to starts the back off process to prevent malicious clients from + // method to start the back off process to prevent malicious clients from // guessing the PIN by spamming the host with auth requests. virtual bool started() const = 0; diff --git a/remoting/protocol/negotiating_authenticator_base.cc b/remoting/protocol/negotiating_authenticator_base.cc index 1d25466..dbb3aac 100644 --- a/remoting/protocol/negotiating_authenticator_base.cc +++ b/remoting/protocol/negotiating_authenticator_base.cc @@ -13,7 +13,6 @@ #include "base/strings/string_split.h" #include "remoting/base/rsa_key_pair.h" #include "remoting/protocol/channel_authenticator.h" -#include "remoting/protocol/v2_authenticator.h" #include "third_party/webrtc/libjingle/xmllite/xmlelement.h" namespace remoting { diff --git a/remoting/protocol/negotiating_client_authenticator.cc b/remoting/protocol/negotiating_client_authenticator.cc index 2a2247e..43b5825 100644 --- a/remoting/protocol/negotiating_client_authenticator.cc +++ b/remoting/protocol/negotiating_client_authenticator.cc @@ -42,8 +42,7 @@ NegotiatingClientAuthenticator::NegotiatingClientAuthenticator( } } -NegotiatingClientAuthenticator::~NegotiatingClientAuthenticator() { -} +NegotiatingClientAuthenticator::~NegotiatingClientAuthenticator() {} void NegotiatingClientAuthenticator::ProcessMessage( const buzz::XmlElement* message, @@ -120,6 +119,7 @@ void NegotiatingClientAuthenticator::CreateAuthenticatorForCurrentMethod( // one |ThirdPartyClientAuthenticator| will need to be created per session. DCHECK(token_fetcher_); current_authenticator_.reset(new ThirdPartyClientAuthenticator( + base::Bind(&V2Authenticator::CreateForClient), std::move(token_fetcher_))); resume_callback.Run(); } else { @@ -143,7 +143,8 @@ void NegotiatingClientAuthenticator::CreatePreferredAuthenticator() { // If the client specified a pairing id and shared secret, then create a // PairingAuthenticator. current_authenticator_.reset(new PairingClientAuthenticator( - client_pairing_id_, shared_secret_, fetch_secret_callback_, + client_pairing_id_, shared_secret_, + base::Bind(&V2Authenticator::CreateForClient), fetch_secret_callback_, authentication_tag_)); current_method_ = AuthenticationMethod::SPAKE2_PAIR; } diff --git a/remoting/protocol/negotiating_host_authenticator.cc b/remoting/protocol/negotiating_host_authenticator.cc index 57277ef..bcdb591 100644 --- a/remoting/protocol/negotiating_host_authenticator.cc +++ b/remoting/protocol/negotiating_host_authenticator.cc @@ -175,13 +175,17 @@ void NegotiatingHostAuthenticator::CreateAuthenticator( // one |ThirdPartyHostAuthenticator| will need to be created per session. DCHECK(token_validator_); current_authenticator_.reset(new ThirdPartyHostAuthenticator( - local_cert_, local_key_pair_, std::move(token_validator_))); + base::Bind(&V2Authenticator::CreateForHost, local_cert_, + local_key_pair_), + std::move(token_validator_))); } else if (current_method_ == AuthenticationMethod::SPAKE2_PAIR && preferred_initial_state == WAITING_MESSAGE) { // If the client requested Spake2Pair and sent an initial message, attempt // the paired connection protocol. current_authenticator_.reset(new PairingHostAuthenticator( - pairing_registry_, local_cert_, local_key_pair_, shared_secret_hash_)); + pairing_registry_, base::Bind(&V2Authenticator::CreateForHost, + local_cert_, local_key_pair_), + shared_secret_hash_)); } else { // In all other cases, use the V2 protocol. Note that this includes the // case where the protocol is Spake2Pair but the client is not yet paired. diff --git a/remoting/protocol/pairing_authenticator_base.cc b/remoting/protocol/pairing_authenticator_base.cc index 9a5d1fe9..3f9bcfa 100644 --- a/remoting/protocol/pairing_authenticator_base.cc +++ b/remoting/protocol/pairing_authenticator_base.cc @@ -24,35 +24,27 @@ const buzz::StaticQName kPairingFailedTag = const buzz::StaticQName kPairingErrorAttribute = { "", "error" }; } // namespace -PairingAuthenticatorBase::PairingAuthenticatorBase() - : using_paired_secret_(false), - waiting_for_authenticator_(false), - weak_factory_(this) { -} - -PairingAuthenticatorBase::~PairingAuthenticatorBase() { -} +PairingAuthenticatorBase::PairingAuthenticatorBase() : weak_factory_(this) {} +PairingAuthenticatorBase::~PairingAuthenticatorBase() {} Authenticator::State PairingAuthenticatorBase::state() const { - if (waiting_for_authenticator_) { - return PROCESSING_MESSAGE; - } - return v2_authenticator_->state(); + DCHECK(spake2_authenticator_); + return spake2_authenticator_->state(); } bool PairingAuthenticatorBase::started() const { - if (!v2_authenticator_) { + if (!spake2_authenticator_) { return false; } - return v2_authenticator_->started(); + return spake2_authenticator_->started(); } Authenticator::RejectionReason PairingAuthenticatorBase::rejection_reason() const { - if (!v2_authenticator_) { + if (!spake2_authenticator_) { return PROTOCOL_ERROR; } - return v2_authenticator_->rejection_reason(); + return spake2_authenticator_->rejection_reason(); } void PairingAuthenticatorBase::ProcessMessage( @@ -63,18 +55,17 @@ void PairingAuthenticatorBase::ProcessMessage( // The client authenticator creates the underlying authenticator in the ctor // and the host creates it in response to the first message before deferring // to this class to process it. Either way, it should exist here. - DCHECK(v2_authenticator_); + DCHECK(spake2_authenticator_); // If pairing failed, and we haven't already done so, try again with the PIN. if (using_paired_secret_ && HasErrorMessage(message)) { using_paired_secret_ = false; - waiting_for_authenticator_ = true; - v2_authenticator_.reset(); - SetAuthenticatorCallback set_authenticator = base::Bind( - &PairingAuthenticatorBase::SetAuthenticatorAndProcessMessage, - weak_factory_.GetWeakPtr(), base::Owned(new buzz::XmlElement(*message)), - resume_callback); - CreateV2AuthenticatorWithPIN(WAITING_MESSAGE, set_authenticator); + spake2_authenticator_.reset(); + CreateSpakeAuthenticatorWithPin( + WAITING_MESSAGE, base::Bind(&PairingAuthenticatorBase::ProcessMessage, + weak_factory_.GetWeakPtr(), + base::Owned(new buzz::XmlElement(*message)), + resume_callback)); return; } @@ -82,7 +73,7 @@ void PairingAuthenticatorBase::ProcessMessage( // check for a failed SPAKE exchange if we're using the paired secret. In // this case the pairing protocol can continue by communicating the error // to the peer and retrying with the PIN. - v2_authenticator_->ProcessMessage( + spake2_authenticator_->ProcessMessage( message, base::Bind(&PairingAuthenticatorBase::CheckForFailedSpakeExchange, weak_factory_.GetWeakPtr(), resume_callback)); @@ -90,19 +81,19 @@ void PairingAuthenticatorBase::ProcessMessage( scoped_ptr<buzz::XmlElement> PairingAuthenticatorBase::GetNextMessage() { DCHECK_EQ(state(), MESSAGE_READY); - scoped_ptr<buzz::XmlElement> result = v2_authenticator_->GetNextMessage(); + scoped_ptr<buzz::XmlElement> result = spake2_authenticator_->GetNextMessage(); AddPairingElements(result.get()); MaybeAddErrorMessage(result.get()); return result; } const std::string& PairingAuthenticatorBase::GetAuthKey() const { - return v2_authenticator_->GetAuthKey(); + return spake2_authenticator_->GetAuthKey(); } scoped_ptr<ChannelAuthenticator> PairingAuthenticatorBase::CreateChannelAuthenticator() const { - return v2_authenticator_->CreateChannelAuthenticator(); + return spake2_authenticator_->CreateChannelAuthenticator(); } void PairingAuthenticatorBase::MaybeAddErrorMessage(buzz::XmlElement* message) { @@ -131,37 +122,18 @@ void PairingAuthenticatorBase::CheckForFailedSpakeExchange( // If the SPAKE exchange failed due to invalid credentials, and those // credentials were the paired secret, then notify the peer that the // PIN-less connection failed and retry using the PIN. - if (v2_authenticator_->state() == REJECTED && - v2_authenticator_->rejection_reason() == INVALID_CREDENTIALS && + if (spake2_authenticator_->state() == REJECTED && + spake2_authenticator_->rejection_reason() == INVALID_CREDENTIALS && using_paired_secret_) { using_paired_secret_ = false; error_message_ = "invalid-shared-secret"; - v2_authenticator_.reset(); - buzz::XmlElement* no_message = nullptr; - SetAuthenticatorCallback set_authenticator = base::Bind( - &PairingAuthenticatorBase::SetAuthenticatorAndProcessMessage, - weak_factory_.GetWeakPtr(), no_message, resume_callback); - CreateV2AuthenticatorWithPIN(MESSAGE_READY, set_authenticator); + spake2_authenticator_.reset(); + CreateSpakeAuthenticatorWithPin(MESSAGE_READY, resume_callback); return; } resume_callback.Run(); } -void PairingAuthenticatorBase::SetAuthenticatorAndProcessMessage( - const buzz::XmlElement* message, - const base::Closure& resume_callback, - scoped_ptr<Authenticator> authenticator) { - DCHECK(!v2_authenticator_); - DCHECK(authenticator); - waiting_for_authenticator_ = false; - v2_authenticator_ = std::move(authenticator); - if (message) { - ProcessMessage(message, resume_callback); - } else { - resume_callback.Run(); - } -} - } // namespace protocol } // namespace remoting diff --git a/remoting/protocol/pairing_authenticator_base.h b/remoting/protocol/pairing_authenticator_base.h index e241f0a..14645c1 100644 --- a/remoting/protocol/pairing_authenticator_base.h +++ b/remoting/protocol/pairing_authenticator_base.h @@ -53,17 +53,14 @@ class PairingAuthenticatorBase : public Authenticator { scoped_ptr<ChannelAuthenticator> CreateChannelAuthenticator() const override; protected: - typedef base::Callback<void(scoped_ptr<Authenticator> authenticator)> - SetAuthenticatorCallback; - static const buzz::StaticQName kPairingInfoTag; static const buzz::StaticQName kClientIdAttribute; - // Create a V2 authenticator in the specified state, prompting the user for - // the PIN first if necessary. - virtual void CreateV2AuthenticatorWithPIN( + // Create a Spake2 authenticator in the specified state, prompting the user + // for the PIN first if necessary. + virtual void CreateSpakeAuthenticatorWithPin( State initial_state, - const SetAuthenticatorCallback& callback) = 0; + const base::Closure& resume_callback) = 0; // Amend an authenticator message, for example to add client- or host-specific // elements to it. @@ -75,27 +72,19 @@ class PairingAuthenticatorBase : public Authenticator { // nor is it currently used other than being logged. std::string error_message_; - // The underlying V2 authenticator, created with either the PIN or the + // The underlying SPAKE2 authenticator, created with either the PIN or the // Paired Secret by the derived class. - scoped_ptr<Authenticator> v2_authenticator_; + scoped_ptr<Authenticator> spake2_authenticator_; // Derived classes must set this to True if the underlying authenticator is // using the Paired Secret. - bool using_paired_secret_; + bool using_paired_secret_ = false; private: // Helper methods for ProcessMessage and GetNextMessage void MaybeAddErrorMessage(buzz::XmlElement* message); bool HasErrorMessage(const buzz::XmlElement* message) const; void CheckForFailedSpakeExchange(const base::Closure& resume_callback); - void SetAuthenticatorAndProcessMessage( - const buzz::XmlElement* message, - const base::Closure& resume_callback, - scoped_ptr<Authenticator> authenticator); - - // Set to true if a PIN-based authenticator has been requested but has not - // yet been set. - bool waiting_for_authenticator_; base::WeakPtrFactory<PairingAuthenticatorBase> weak_factory_; diff --git a/remoting/protocol/pairing_client_authenticator.cc b/remoting/protocol/pairing_client_authenticator.cc index 5c03ab5..747654c 100644 --- a/remoting/protocol/pairing_client_authenticator.cc +++ b/remoting/protocol/pairing_client_authenticator.cc @@ -10,7 +10,6 @@ #include "remoting/base/rsa_key_pair.h" #include "remoting/protocol/authentication_method.h" #include "remoting/protocol/channel_authenticator.h" -#include "remoting/protocol/v2_authenticator.h" #include "third_party/webrtc/libjingle/xmllite/xmlelement.h" namespace remoting { @@ -19,29 +18,37 @@ namespace protocol { PairingClientAuthenticator::PairingClientAuthenticator( const std::string& client_id, const std::string& paired_secret, + const CreateBaseAuthenticatorCallback& create_base_authenticator_callback, const FetchSecretCallback& fetch_pin_callback, const std::string& authentication_tag) - : sent_client_id_(false), - client_id_(client_id), + : client_id_(client_id), paired_secret_(paired_secret), + create_base_authenticator_callback_(create_base_authenticator_callback), fetch_pin_callback_(fetch_pin_callback), authentication_tag_(authentication_tag), weak_factory_(this) { - v2_authenticator_ = V2Authenticator::CreateForClient( - paired_secret_, MESSAGE_READY); + spake2_authenticator_ = + create_base_authenticator_callback_.Run(paired_secret_, MESSAGE_READY); using_paired_secret_ = true; } -PairingClientAuthenticator::~PairingClientAuthenticator() { +PairingClientAuthenticator::~PairingClientAuthenticator() {} + +Authenticator::State PairingClientAuthenticator::state() const { + if (waiting_for_pin_) + return PROCESSING_MESSAGE; + return PairingAuthenticatorBase::state(); } -void PairingClientAuthenticator::CreateV2AuthenticatorWithPIN( +void PairingClientAuthenticator::CreateSpakeAuthenticatorWithPin( State initial_state, - const SetAuthenticatorCallback& set_authenticator_callback) { - SecretFetchedCallback callback = base::Bind( - &PairingClientAuthenticator::OnPinFetched, - weak_factory_.GetWeakPtr(), initial_state, set_authenticator_callback); - fetch_pin_callback_.Run(true, callback); + const base::Closure& resume_callback) { + DCHECK(!waiting_for_pin_); + waiting_for_pin_ = true; + fetch_pin_callback_.Run( + true, + base::Bind(&PairingClientAuthenticator::OnPinFetched, + weak_factory_.GetWeakPtr(), initial_state, resume_callback)); } void PairingClientAuthenticator::AddPairingElements(buzz::XmlElement* message) { @@ -59,12 +66,16 @@ void PairingClientAuthenticator::AddPairingElements(buzz::XmlElement* message) { void PairingClientAuthenticator::OnPinFetched( State initial_state, - const SetAuthenticatorCallback& callback, + const base::Closure& resume_callback, const std::string& pin) { - callback.Run(V2Authenticator::CreateForClient( + DCHECK(waiting_for_pin_); + DCHECK(!spake2_authenticator_); + waiting_for_pin_ = false; + spake2_authenticator_ = create_base_authenticator_callback_.Run( ApplySharedSecretHashFunction(HashFunction::HMAC_SHA256, authentication_tag_, pin), - initial_state)); + initial_state); + resume_callback.Run(); } } // namespace protocol diff --git a/remoting/protocol/pairing_client_authenticator.h b/remoting/protocol/pairing_client_authenticator.h index 50ff3e7..0e1a709 100644 --- a/remoting/protocol/pairing_client_authenticator.h +++ b/remoting/protocol/pairing_client_authenticator.h @@ -17,28 +17,37 @@ class PairingClientAuthenticator : public PairingAuthenticatorBase { PairingClientAuthenticator( const std::string& client_id, const std::string& paired_secret, + const CreateBaseAuthenticatorCallback& create_base_authenticator_callback, const FetchSecretCallback& fetch_pin_callback, const std::string& authentication_tag); ~PairingClientAuthenticator() override; + // Authenticator interface. + State state() const override; + private: - // PairingAuthenticatorBase interface. - void CreateV2AuthenticatorWithPIN( + // PairingAuthenticatorBase overrides. + void CreateSpakeAuthenticatorWithPin( State initial_state, - const SetAuthenticatorCallback& callback) override; + const base::Closure& resume_callback) override; void AddPairingElements(buzz::XmlElement* message) override; void OnPinFetched(State initial_state, - const SetAuthenticatorCallback& callback, + const base::Closure& resume_callback, const std::string& pin); // Protocol state. - bool sent_client_id_; + bool sent_client_id_ = false; std::string client_id_; - const std::string& paired_secret_; + std::string paired_secret_; + CreateBaseAuthenticatorCallback create_base_authenticator_callback_; FetchSecretCallback fetch_pin_callback_; std::string authentication_tag_; + // Set to true if a PIN-based authenticator has been requested but has not + // yet been set. + bool waiting_for_pin_ = false; + base::WeakPtrFactory<PairingClientAuthenticator> weak_factory_; DISALLOW_COPY_AND_ASSIGN(PairingClientAuthenticator); diff --git a/remoting/protocol/pairing_host_authenticator.cc b/remoting/protocol/pairing_host_authenticator.cc index 5418dd3..b00a5c7 100644 --- a/remoting/protocol/pairing_host_authenticator.cc +++ b/remoting/protocol/pairing_host_authenticator.cc @@ -7,9 +7,7 @@ #include "base/bind.h" #include "base/logging.h" #include "remoting/base/constants.h" -#include "remoting/base/rsa_key_pair.h" #include "remoting/protocol/channel_authenticator.h" -#include "remoting/protocol/v2_authenticator.h" #include "third_party/webrtc/libjingle/xmllite/xmlelement.h" namespace remoting { @@ -17,27 +15,21 @@ namespace protocol { PairingHostAuthenticator::PairingHostAuthenticator( scoped_refptr<PairingRegistry> pairing_registry, - const std::string& local_cert, - scoped_refptr<RsaKeyPair> key_pair, + const CreateBaseAuthenticatorCallback& create_base_authenticator_callback, const std::string& pin) : pairing_registry_(pairing_registry), - local_cert_(local_cert), - key_pair_(key_pair), + create_base_authenticator_callback_(create_base_authenticator_callback), pin_(pin), - protocol_error_(false), - waiting_for_paired_secret_(false), - weak_factory_(this) { -} + weak_factory_(this) {} -PairingHostAuthenticator::~PairingHostAuthenticator() { -} +PairingHostAuthenticator::~PairingHostAuthenticator() {} Authenticator::State PairingHostAuthenticator::state() const { if (protocol_error_) { return REJECTED; } else if (waiting_for_paired_secret_) { return PROCESSING_MESSAGE; - } else if (!v2_authenticator_) { + } else if (!spake2_authenticator_) { return WAITING_MESSAGE; } return PairingAuthenticatorBase::state(); @@ -51,17 +43,18 @@ PairingHostAuthenticator::rejection_reason() const { return PairingAuthenticatorBase::rejection_reason(); } -void PairingHostAuthenticator::CreateV2AuthenticatorWithPIN( +void PairingHostAuthenticator::CreateSpakeAuthenticatorWithPin( State initial_state, - const SetAuthenticatorCallback& callback) { - callback.Run(V2Authenticator::CreateForHost( - local_cert_, key_pair_, pin_, initial_state)); + const base::Closure& resume_callback) { + spake2_authenticator_ = + create_base_authenticator_callback_.Run(pin_, initial_state); + resume_callback.Run(); } void PairingHostAuthenticator::ProcessMessage( const buzz::XmlElement* message, const base::Closure& resume_callback) { - if (!v2_authenticator_) { + if (!spake2_authenticator_) { std::string client_id; const buzz::XmlElement* pairing_tag = message->FirstNamed(kPairingInfoTag); @@ -72,16 +65,17 @@ void PairingHostAuthenticator::ProcessMessage( if (client_id.empty()) { LOG(ERROR) << "No client id specified."; protocol_error_ = true; - } else { - waiting_for_paired_secret_ = true; - pairing_registry_->GetPairing( - client_id, - base::Bind(&PairingHostAuthenticator::ProcessMessageWithPairing, - weak_factory_.GetWeakPtr(), - base::Owned(new buzz::XmlElement(*message)), - resume_callback)); return; } + + waiting_for_paired_secret_ = true; + pairing_registry_->GetPairing( + client_id, + base::Bind(&PairingHostAuthenticator::ProcessMessageWithPairing, + weak_factory_.GetWeakPtr(), + base::Owned(new buzz::XmlElement(*message)), + resume_callback)); + return; } PairingAuthenticatorBase::ProcessMessage(message, resume_callback); @@ -104,12 +98,12 @@ void PairingHostAuthenticator::ProcessMessageWithPairing( using_paired_secret_ = !paired_secret.empty(); if (using_paired_secret_) { - v2_authenticator_ = V2Authenticator::CreateForHost( - local_cert_, key_pair_, paired_secret, WAITING_MESSAGE); + spake2_authenticator_ = + create_base_authenticator_callback_.Run(paired_secret, WAITING_MESSAGE); PairingAuthenticatorBase::ProcessMessage(message, resume_callback); } else { - v2_authenticator_ = V2Authenticator::CreateForHost( - local_cert_, key_pair_, pin_, MESSAGE_READY); + spake2_authenticator_ = + create_base_authenticator_callback_.Run(pin_, MESSAGE_READY); // The client's optimistic SPAKE message is using a Paired Secret to // which the host doesn't have access, so don't bother processing it. resume_callback.Run(); diff --git a/remoting/protocol/pairing_host_authenticator.h b/remoting/protocol/pairing_host_authenticator.h index bb814f1..0325691 100644 --- a/remoting/protocol/pairing_host_authenticator.h +++ b/remoting/protocol/pairing_host_authenticator.h @@ -11,9 +11,6 @@ #include "remoting/protocol/pairing_registry.h" namespace remoting { - -class RsaKeyPair; - namespace protocol { class PairingRegistry; @@ -22,8 +19,7 @@ class PairingHostAuthenticator : public PairingAuthenticatorBase { public: PairingHostAuthenticator( scoped_refptr<PairingRegistry> pairing_registry, - const std::string& local_cert, - scoped_refptr<RsaKeyPair> key_pair, + const CreateBaseAuthenticatorCallback& create_base_authenticator_callback, const std::string& pin); ~PairingHostAuthenticator() override; @@ -34,10 +30,10 @@ class PairingHostAuthenticator : public PairingAuthenticatorBase { const base::Closure& resume_callback) override; private: - // PairingAuthenticatorBase interface. - void CreateV2AuthenticatorWithPIN( + // PairingAuthenticatorBase overrides. + void CreateSpakeAuthenticatorWithPin( State initial_state, - const SetAuthenticatorCallback& callback) override; + const base::Closure& resume_callback) override; void AddPairingElements(buzz::XmlElement* message) override; // Continue processing a protocol message once the pairing information for @@ -48,11 +44,10 @@ class PairingHostAuthenticator : public PairingAuthenticatorBase { // Protocol state. scoped_refptr<PairingRegistry> pairing_registry_; - std::string local_cert_; - scoped_refptr<RsaKeyPair> key_pair_; - const std::string& pin_; - bool protocol_error_; - bool waiting_for_paired_secret_; + CreateBaseAuthenticatorCallback create_base_authenticator_callback_; + std::string pin_; + bool protocol_error_ = false; + bool waiting_for_paired_secret_ = false; base::WeakPtrFactory<PairingHostAuthenticator> weak_factory_; diff --git a/remoting/protocol/third_party_authenticator_base.cc b/remoting/protocol/third_party_authenticator_base.cc index ec5490e..a0bdce4 100644 --- a/remoting/protocol/third_party_authenticator_base.cc +++ b/remoting/protocol/third_party_authenticator_base.cc @@ -11,7 +11,6 @@ #include "remoting/base/constants.h" #include "remoting/base/rsa_key_pair.h" #include "remoting/protocol/channel_authenticator.h" -#include "remoting/protocol/v2_authenticator.h" #include "third_party/webrtc/libjingle/xmllite/xmlelement.h" namespace remoting { diff --git a/remoting/protocol/third_party_authenticator_unittest.cc b/remoting/protocol/third_party_authenticator_unittest.cc index 441c56a..7b9c46d 100644 --- a/remoting/protocol/third_party_authenticator_unittest.cc +++ b/remoting/protocol/third_party_authenticator_unittest.cc @@ -17,6 +17,7 @@ #include "remoting/protocol/third_party_client_authenticator.h" #include "remoting/protocol/third_party_host_authenticator.h" #include "remoting/protocol/token_validator.h" +#include "remoting/protocol/v2_authenticator.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #include "third_party/webrtc/libjingle/xmllite/xmlelement.h" @@ -100,14 +101,14 @@ class ThirdPartyAuthenticatorTest : public AuthenticatorTestBase { protected: void InitAuthenticators() { - scoped_ptr<TokenValidator> token_validator(new FakeTokenValidator()); - token_validator_ = static_cast<FakeTokenValidator*>(token_validator.get()); + token_validator_ = new FakeTokenValidator(); host_.reset(new ThirdPartyHostAuthenticator( - host_cert_, key_pair_, std::move(token_validator))); - scoped_ptr<ThirdPartyClientAuthenticator::TokenFetcher> - token_fetcher(new FakeTokenFetcher()); - token_fetcher_ = static_cast<FakeTokenFetcher*>(token_fetcher.get()); - client_.reset(new ThirdPartyClientAuthenticator(std::move(token_fetcher))); + base::Bind(&V2Authenticator::CreateForHost, host_cert_, key_pair_), + make_scoped_ptr(token_validator_))); + token_fetcher_ = new FakeTokenFetcher(); + client_.reset(new ThirdPartyClientAuthenticator( + base::Bind(&V2Authenticator::CreateForClient), + make_scoped_ptr(token_fetcher_))); } FakeTokenFetcher* token_fetcher_; diff --git a/remoting/protocol/third_party_client_authenticator.cc b/remoting/protocol/third_party_client_authenticator.cc index 544f4f2..0b199b7 100644 --- a/remoting/protocol/third_party_client_authenticator.cc +++ b/remoting/protocol/third_party_client_authenticator.cc @@ -13,7 +13,6 @@ #include "remoting/base/constants.h" #include "remoting/base/rsa_key_pair.h" #include "remoting/protocol/channel_authenticator.h" -#include "remoting/protocol/v2_authenticator.h" #include "third_party/webrtc/libjingle/xmllite/xmlelement.h" #include "url/gurl.h" @@ -21,13 +20,13 @@ namespace remoting { namespace protocol { ThirdPartyClientAuthenticator::ThirdPartyClientAuthenticator( + const CreateBaseAuthenticatorCallback& create_base_authenticator_callback, scoped_ptr<TokenFetcher> token_fetcher) : ThirdPartyAuthenticatorBase(WAITING_MESSAGE), - token_fetcher_(std::move(token_fetcher)) { -} + create_base_authenticator_callback_(create_base_authenticator_callback), + token_fetcher_(std::move(token_fetcher)) {} -ThirdPartyClientAuthenticator::~ThirdPartyClientAuthenticator() { -} +ThirdPartyClientAuthenticator::~ThirdPartyClientAuthenticator() {} void ThirdPartyClientAuthenticator::ProcessTokenMessage( const buzz::XmlElement* message, @@ -74,8 +73,8 @@ void ThirdPartyClientAuthenticator::OnThirdPartyTokenFetched( rejection_reason_ = INVALID_CREDENTIALS; } else { token_state_ = MESSAGE_READY; - underlying_ = V2Authenticator::CreateForClient( - shared_secret, MESSAGE_READY); + underlying_ = + create_base_authenticator_callback_.Run(shared_secret, MESSAGE_READY); } resume_callback.Run(); } diff --git a/remoting/protocol/third_party_client_authenticator.h b/remoting/protocol/third_party_client_authenticator.h index 823aad4..7ebc04f 100644 --- a/remoting/protocol/third_party_client_authenticator.h +++ b/remoting/protocol/third_party_client_authenticator.h @@ -55,9 +55,11 @@ class ThirdPartyClientAuthenticator : public ThirdPartyAuthenticatorBase { const TokenFetchedCallback& token_fetched_callback) = 0; }; - // Creates a third-party client authenticator for the host with the given - // |host_public_key|. |token_fetcher| is used to get the authentication token. - explicit ThirdPartyClientAuthenticator( + // Creates a third-party client authenticator. + // |create_base_authenticator_callback| is used to create the base + // authenticator. |token_fetcher| is used to get the authentication token. + ThirdPartyClientAuthenticator( + const CreateBaseAuthenticatorCallback& create_base_authenticator_callback, scoped_ptr<TokenFetcher> token_fetcher); ~ThirdPartyClientAuthenticator() override; @@ -72,8 +74,9 @@ class ThirdPartyClientAuthenticator : public ThirdPartyAuthenticatorBase { const std::string& third_party_token, const std::string& shared_secret); - std::string token_; + CreateBaseAuthenticatorCallback create_base_authenticator_callback_; scoped_ptr<TokenFetcher> token_fetcher_; + std::string token_; DISALLOW_COPY_AND_ASSIGN(ThirdPartyClientAuthenticator); }; diff --git a/remoting/protocol/third_party_host_authenticator.cc b/remoting/protocol/third_party_host_authenticator.cc index db2ba5c..1ee4a02 100644 --- a/remoting/protocol/third_party_host_authenticator.cc +++ b/remoting/protocol/third_party_host_authenticator.cc @@ -11,26 +11,20 @@ #include "base/callback.h" #include "base/logging.h" #include "remoting/base/constants.h" -#include "remoting/base/rsa_key_pair.h" #include "remoting/protocol/token_validator.h" -#include "remoting/protocol/v2_authenticator.h" #include "third_party/webrtc/libjingle/xmllite/xmlelement.h" namespace remoting { namespace protocol { ThirdPartyHostAuthenticator::ThirdPartyHostAuthenticator( - const std::string& local_cert, - scoped_refptr<RsaKeyPair> key_pair, + const CreateBaseAuthenticatorCallback& create_base_authenticator_callback, scoped_ptr<TokenValidator> token_validator) : ThirdPartyAuthenticatorBase(MESSAGE_READY), - local_cert_(local_cert), - key_pair_(key_pair), - token_validator_(std::move(token_validator)) { -} + create_base_authenticator_callback_(create_base_authenticator_callback), + token_validator_(std::move(token_validator)) {} -ThirdPartyHostAuthenticator::~ThirdPartyHostAuthenticator() { -} +ThirdPartyHostAuthenticator::~ThirdPartyHostAuthenticator() {} void ThirdPartyHostAuthenticator::ProcessTokenMessage( const buzz::XmlElement* message, @@ -88,8 +82,8 @@ void ThirdPartyHostAuthenticator::OnThirdPartyTokenValidated( // The other side already started the SPAKE authentication. token_state_ = ACCEPTED; - underlying_ = V2Authenticator::CreateForHost( - local_cert_, key_pair_, shared_secret, WAITING_MESSAGE); + underlying_ = + create_base_authenticator_callback_.Run(shared_secret, WAITING_MESSAGE); underlying_->ProcessMessage(message, resume_callback); } diff --git a/remoting/protocol/third_party_host_authenticator.h b/remoting/protocol/third_party_host_authenticator.h index ff2036a..f9755a9 100644 --- a/remoting/protocol/third_party_host_authenticator.h +++ b/remoting/protocol/third_party_host_authenticator.h @@ -13,9 +13,6 @@ #include "remoting/protocol/third_party_authenticator_base.h" namespace remoting { - -class RsaKeyPair; - namespace protocol { class TokenValidator; @@ -26,16 +23,16 @@ class TokenValidator; // Once that token is received, it calls |TokenValidator| asynchronously to // validate it, and exchange it for a |shared_secret|. Once the |TokenValidator| // returns, the host uses the |shared_secret| to create an underlying -// |V2Authenticator|, which is used to establish the encrypted connection. +// SPAKE2 authenticator, which is used to establish the encrypted connection. class ThirdPartyHostAuthenticator : public ThirdPartyAuthenticatorBase { public: - // Creates a third-party host authenticator. |local_cert| and |key_pair| are - // used by the underlying V2Authenticator to create the SSL channels. - // |token_validator| contains the token parameters to be sent to the client - // and is used to obtain the shared secret. - ThirdPartyHostAuthenticator(const std::string& local_cert, - scoped_refptr<RsaKeyPair> key_pair, - scoped_ptr<TokenValidator> token_validator); + // Creates a third-party host authenticator. + // |create_base_authenticator_callback| is used to create the base + // authenticator. |token_validator| contains the token parameters to be sent + // to the client and is used to obtain the shared secret. + ThirdPartyHostAuthenticator( + const CreateBaseAuthenticatorCallback& create_base_authenticator_callback, + scoped_ptr<TokenValidator> token_validator); ~ThirdPartyHostAuthenticator() override; protected: @@ -49,8 +46,7 @@ class ThirdPartyHostAuthenticator : public ThirdPartyAuthenticatorBase { const base::Closure& resume_callback, const std::string& shared_secret); - std::string local_cert_; - scoped_refptr<RsaKeyPair> key_pair_; + CreateBaseAuthenticatorCallback create_base_authenticator_callback_; scoped_ptr<TokenValidator> token_validator_; DISALLOW_COPY_AND_ASSIGN(ThirdPartyHostAuthenticator); |