diff options
| author | rmsousa@chromium.org <rmsousa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-02-26 06:30:31 +0000 |
|---|---|---|
| committer | rmsousa@chromium.org <rmsousa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-02-26 06:30:31 +0000 |
| commit | d95ee260453471c3283ec93c588a69d476841247 (patch) | |
| tree | 852fdf64d8d958008ae37dfcf26a3dcb25073645 /remoting/protocol | |
| parent | 37ea9a6d57233773d2a5daeab5ac44d14aa93882 (diff) | |
| download | chromium_src-d95ee260453471c3283ec93c588a69d476841247.zip chromium_src-d95ee260453471c3283ec93c588a69d476841247.tar.gz chromium_src-d95ee260453471c3283ec93c588a69d476841247.tar.bz2 | |
Refactor TokenValidatorImpl into a base class + implementation.
Most of the common logic and response handling code are moved into a base class, and the implementation contains just the logic to prepare the validation request (which is where the actual keypair-based authentication happens). This makes it easier to implement different, non-keypair-based host authentication mechanisms.
BUG=
Review URL: https://codereview.chromium.org/165293004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@253378 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'remoting/protocol')
8 files changed, 80 insertions, 51 deletions
diff --git a/remoting/protocol/me2me_host_authenticator_factory.cc b/remoting/protocol/me2me_host_authenticator_factory.cc index 1b36ee7..24c0ca4 100644 --- a/remoting/protocol/me2me_host_authenticator_factory.cc +++ b/remoting/protocol/me2me_host_authenticator_factory.cc @@ -9,6 +9,7 @@ #include "remoting/base/rsa_key_pair.h" #include "remoting/protocol/channel_authenticator.h" #include "remoting/protocol/negotiating_host_authenticator.h" +#include "remoting/protocol/token_validator.h" #include "third_party/libjingle/source/talk/xmllite/xmlelement.h" namespace remoting { @@ -86,7 +87,7 @@ Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth( const std::string& host_owner, const std::string& local_cert, scoped_refptr<RsaKeyPair> key_pair, - scoped_ptr<ThirdPartyHostAuthenticator::TokenValidatorFactory> + scoped_ptr<TokenValidatorFactory> token_validator_factory) { scoped_ptr<Me2MeHostAuthenticatorFactory> result( new Me2MeHostAuthenticatorFactory()); diff --git a/remoting/protocol/me2me_host_authenticator_factory.h b/remoting/protocol/me2me_host_authenticator_factory.h index 69d8493..23a6ae4 100644 --- a/remoting/protocol/me2me_host_authenticator_factory.h +++ b/remoting/protocol/me2me_host_authenticator_factory.h @@ -14,6 +14,7 @@ #include "remoting/protocol/authentication_method.h" #include "remoting/protocol/authenticator.h" #include "remoting/protocol/third_party_host_authenticator.h" +#include "remoting/protocol/token_validator.h" namespace remoting { @@ -40,8 +41,7 @@ class Me2MeHostAuthenticatorFactory : public AuthenticatorFactory { const std::string& host_owner, const std::string& local_cert, scoped_refptr<RsaKeyPair> key_pair, - scoped_ptr<ThirdPartyHostAuthenticator::TokenValidatorFactory> - token_validator_factory); + scoped_ptr<TokenValidatorFactory> token_validator_factory); // Create a factory that dispenses rejecting authenticators (used when the // host config/policy is inconsistent) @@ -67,8 +67,7 @@ class Me2MeHostAuthenticatorFactory : public AuthenticatorFactory { SharedSecretHash shared_secret_hash_; // Used only for third party host authenticators. - scoped_ptr<ThirdPartyHostAuthenticator::TokenValidatorFactory> - token_validator_factory_; + scoped_ptr<TokenValidatorFactory> token_validator_factory_; // Used only for pairing host authenticators. scoped_refptr<PairingRegistry> pairing_registry_; diff --git a/remoting/protocol/negotiating_host_authenticator.cc b/remoting/protocol/negotiating_host_authenticator.cc index 5a4cb0a..1239ed5 100644 --- a/remoting/protocol/negotiating_host_authenticator.cc +++ b/remoting/protocol/negotiating_host_authenticator.cc @@ -15,6 +15,7 @@ #include "remoting/protocol/channel_authenticator.h" #include "remoting/protocol/pairing_host_authenticator.h" #include "remoting/protocol/pairing_registry.h" +#include "remoting/protocol/token_validator.h" #include "remoting/protocol/v2_authenticator.h" #include "third_party/libjingle/source/talk/xmllite/xmlelement.h" @@ -52,7 +53,7 @@ scoped_ptr<Authenticator> NegotiatingHostAuthenticator::CreateWithThirdPartyAuth( const std::string& local_cert, scoped_refptr<RsaKeyPair> key_pair, - scoped_ptr<ThirdPartyHostAuthenticator::TokenValidator> token_validator) { + scoped_ptr<TokenValidator> token_validator) { scoped_ptr<NegotiatingHostAuthenticator> result( new NegotiatingHostAuthenticator(local_cert, key_pair)); result->token_validator_ = token_validator.Pass(); diff --git a/remoting/protocol/negotiating_host_authenticator.h b/remoting/protocol/negotiating_host_authenticator.h index ede3e8e..cb5b160 100644 --- a/remoting/protocol/negotiating_host_authenticator.h +++ b/remoting/protocol/negotiating_host_authenticator.h @@ -43,7 +43,7 @@ class NegotiatingHostAuthenticator : public NegotiatingAuthenticatorBase { static scoped_ptr<Authenticator> CreateWithThirdPartyAuth( const std::string& local_cert, scoped_refptr<RsaKeyPair> key_pair, - scoped_ptr<ThirdPartyHostAuthenticator::TokenValidator> token_validator); + scoped_ptr<TokenValidator> token_validator); // Overriden from Authenticator. virtual void ProcessMessage(const buzz::XmlElement* message, @@ -69,7 +69,7 @@ class NegotiatingHostAuthenticator : public NegotiatingAuthenticatorBase { std::string shared_secret_hash_; // Used only for third party host authenticators. - scoped_ptr<ThirdPartyHostAuthenticator::TokenValidator> token_validator_; + scoped_ptr<TokenValidator> token_validator_; // Used only for pairing authenticators. scoped_refptr<PairingRegistry> pairing_registry_; diff --git a/remoting/protocol/third_party_authenticator_unittest.cc b/remoting/protocol/third_party_authenticator_unittest.cc index 46644d3..a4b49ae 100644 --- a/remoting/protocol/third_party_authenticator_unittest.cc +++ b/remoting/protocol/third_party_authenticator_unittest.cc @@ -12,6 +12,7 @@ #include "remoting/protocol/third_party_authenticator_base.h" #include "remoting/protocol/third_party_client_authenticator.h" #include "remoting/protocol/third_party_host_authenticator.h" +#include "remoting/protocol/token_validator.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #include "third_party/libjingle/source/talk/xmllite/xmlelement.h" @@ -61,8 +62,7 @@ class ThirdPartyAuthenticatorTest : public AuthenticatorTestBase { TokenFetchedCallback on_token_fetched_; }; - class FakeTokenValidator - : public ThirdPartyHostAuthenticator::TokenValidator { + class FakeTokenValidator : public TokenValidator { public: FakeTokenValidator() : token_url_(kTokenUrl), @@ -104,8 +104,7 @@ class ThirdPartyAuthenticatorTest : public AuthenticatorTestBase { protected: void InitAuthenticators() { - scoped_ptr<ThirdPartyHostAuthenticator::TokenValidator> - token_validator(new FakeTokenValidator()); + scoped_ptr<TokenValidator> token_validator(new FakeTokenValidator()); token_validator_ = static_cast<FakeTokenValidator*>(token_validator.get()); host_.reset(new ThirdPartyHostAuthenticator( host_cert_, key_pair_, token_validator.Pass())); diff --git a/remoting/protocol/third_party_host_authenticator.cc b/remoting/protocol/third_party_host_authenticator.cc index 4f0a63b..09c7a8f 100644 --- a/remoting/protocol/third_party_host_authenticator.cc +++ b/remoting/protocol/third_party_host_authenticator.cc @@ -10,6 +10,7 @@ #include "base/logging.h" #include "remoting/base/constants.h" #include "remoting/base/rsa_key_pair.h" +#include "remoting/protocol/token_validator.h" #include "remoting/protocol/v2_authenticator.h" #include "third_party/libjingle/source/talk/xmllite/xmlelement.h" diff --git a/remoting/protocol/third_party_host_authenticator.h b/remoting/protocol/third_party_host_authenticator.h index 8bd470e..1438f68 100644 --- a/remoting/protocol/third_party_host_authenticator.h +++ b/remoting/protocol/third_party_host_authenticator.h @@ -10,7 +10,6 @@ #include "base/callback.h" #include "base/memory/scoped_ptr.h" #include "remoting/protocol/third_party_authenticator_base.h" -#include "url/gurl.h" namespace remoting { @@ -18,6 +17,8 @@ class RsaKeyPair; namespace protocol { +class TokenValidator; + // Implements the host side of the third party authentication mechanism. // The host authenticator sends the |token_url| and |scope| obtained from the // |TokenValidator| to the client, and expects a |token| in response. @@ -27,44 +28,6 @@ namespace protocol { // |V2Authenticator|, which is used to establish the encrypted connection. class ThirdPartyHostAuthenticator : public ThirdPartyAuthenticatorBase { public: - class TokenValidator { - public: - // Callback passed to |ValidateThirdPartyToken|, and called once the host - // authentication finishes. |shared_secret| should be used by the host to - // create a V2Authenticator. In case of failure, the callback is called with - // an empty |shared_secret|. - typedef base::Callback<void( - const std::string& shared_secret)> TokenValidatedCallback; - - virtual ~TokenValidator() {} - - // Validates |token| with the server and exchanges it for a |shared_secret|. - // |token_validated_callback| is called when the host authentication ends, - // in the same thread |ValidateThirdPartyToken| was originally called. - // The request is canceled if this object is destroyed. - virtual void ValidateThirdPartyToken( - const std::string& token, - const TokenValidatedCallback& token_validated_callback) = 0; - - // URL sent to the client, to be used by its |TokenFetcher| to get a token. - virtual const GURL& token_url() const = 0; - - // Space-separated list of connection attributes the host must send to the - // client, and require the token received in response to match. - virtual const std::string& token_scope() const = 0; - }; - - class TokenValidatorFactory { - public: - virtual ~TokenValidatorFactory() {} - - // Creates a TokenValidator. |local_jid| and |remote_jid| are used to create - // a token scope that is restricted to the current connection's JIDs. - virtual scoped_ptr<TokenValidator> CreateTokenValidator( - const std::string& local_jid, - const std::string& remote_jid) = 0; - }; - // Creates a third-party host authenticator. |local_cert| and |key_pair| are // used by the underlying V2Authenticator to create the SSL channels. // |token_validator| contains the token parameters to be sent to the client diff --git a/remoting/protocol/token_validator.h b/remoting/protocol/token_validator.h new file mode 100644 index 0000000..70540c7 --- /dev/null +++ b/remoting/protocol/token_validator.h @@ -0,0 +1,65 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef REMOTING_PROTOCOL_TOKEN_VALIDATOR_H_ +#define REMOTING_PROTOCOL_TOKEN_VALIDATOR_H_ + +#include <string> + +#include "base/callback.h" +#include "base/memory/scoped_ptr.h" +#include "url/gurl.h" + +namespace remoting { + +class RsaKeyPair; + +namespace protocol { + +// The |TokenValidator| encapsulates the parameters to be sent to the client +// to obtain a token, and the method to validate that token and obtain the +// shared secret for the connection. +class TokenValidator { + public: + // Callback passed to |ValidateThirdPartyToken|, and called once the host + // authentication finishes. |shared_secret| should be used by the host to + // create a V2Authenticator. In case of failure, the callback is called with + // an empty |shared_secret|. + typedef base::Callback<void( + const std::string& shared_secret)> TokenValidatedCallback; + + virtual ~TokenValidator() {} + + // Validates |token| with the server and exchanges it for a |shared_secret|. + // |token_validated_callback| is called when the host authentication ends, + // in the same thread |ValidateThirdPartyToken| was originally called. + // The request is canceled if this object is destroyed. + virtual void ValidateThirdPartyToken( + const std::string& token, + const TokenValidatedCallback& token_validated_callback) = 0; + + // URL sent to the client, to be used by its |TokenFetcher| to get a token. + virtual const GURL& token_url() const = 0; + + // Space-separated list of connection attributes the host must send to the + // client, and require the token received in response to match. + virtual const std::string& token_scope() const = 0; +}; + +// Factory for |TokenValidator|. +class TokenValidatorFactory { + public: + virtual ~TokenValidatorFactory() {} + + // Creates a TokenValidator. |local_jid| and |remote_jid| are used to create + // a token scope that is restricted to the current connection's JIDs. + virtual scoped_ptr<TokenValidator> CreateTokenValidator( + const std::string& local_jid, + const std::string& remote_jid) = 0; +}; + +} // namespace protocol +} // namespace remoting + +#endif // REMOTING_PROTOCOL_TOKEN_VALIDATOR_H_ |