diff options
| author | ajwong@chromium.org <ajwong@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-11-24 21:27:50 +0000 |
|---|---|---|
| committer | ajwong@chromium.org <ajwong@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-11-24 21:27:50 +0000 |
| commit | 603e52dea02dcf7cb5f0d2677d40b1f6f66a1dbe (patch) | |
| tree | 9d0849337b671b3365a82976b485f08ab74d4d59 /remoting | |
| parent | 69e4b61b7bfc27a6eefb1bcd1483e47f4a7777b1 (diff) | |
| download | chromium_src-603e52dea02dcf7cb5f0d2677d40b1f6f66a1dbe.zip chromium_src-603e52dea02dcf7cb5f0d2677d40b1f6f66a1dbe.tar.gz chromium_src-603e52dea02dcf7cb5f0d2677d40b1f6f66a1dbe.tar.bz2 | |
Begin adding mutual authentication into the SessionManager::connect() call.
This CL mainly changes APIs and stubs out functionality needed to
actually create the correct auth token stanzas.
BUG=None
TEST=compiles.
Review URL: http://codereview.chromium.org/4941001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@67316 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'remoting')
| -rw-r--r-- | remoting/host/access_verifier.cc | 27 | ||||
| -rw-r--r-- | remoting/host/access_verifier.h | 19 | ||||
| -rw-r--r-- | remoting/host/access_verifier_unittest.cc | 14 | ||||
| -rw-r--r-- | remoting/host/chromoting_host.cc | 13 | ||||
| -rw-r--r-- | remoting/host/chromoting_host.h | 2 | ||||
| -rw-r--r-- | remoting/proto/auth.proto | 21 | ||||
| -rw-r--r-- | remoting/proto/chromotocol.gyp | 3 | ||||
| -rw-r--r-- | remoting/proto/internal.proto | 4 | ||||
| -rw-r--r-- | remoting/protocol/fake_session.cc | 16 | ||||
| -rw-r--r-- | remoting/protocol/fake_session.h | 9 | ||||
| -rw-r--r-- | remoting/protocol/jingle_connection_to_host.cc | 12 | ||||
| -rw-r--r-- | remoting/protocol/jingle_session.cc | 16 | ||||
| -rw-r--r-- | remoting/protocol/jingle_session.h | 17 | ||||
| -rw-r--r-- | remoting/protocol/jingle_session_manager.cc | 47 | ||||
| -rw-r--r-- | remoting/protocol/jingle_session_manager.h | 57 | ||||
| -rw-r--r-- | remoting/protocol/jingle_session_unittest.cc | 3 | ||||
| -rw-r--r-- | remoting/protocol/protocol_test_client.cc | 3 | ||||
| -rw-r--r-- | remoting/protocol/session.h | 6 | ||||
| -rw-r--r-- | remoting/protocol/session_manager.h | 17 |
19 files changed, 239 insertions, 67 deletions
diff --git a/remoting/host/access_verifier.cc b/remoting/host/access_verifier.cc index 1c31577..6271816 100644 --- a/remoting/host/access_verifier.cc +++ b/remoting/host/access_verifier.cc @@ -7,6 +7,7 @@ #include "base/logging.h" #include "base/string_util.h" #include "remoting/host/host_config.h" +#include "remoting/proto/auth.pb.h" namespace remoting { @@ -29,11 +30,33 @@ bool AccessVerifier::Init(HostConfig* config) { return true; } -bool AccessVerifier::VerifyPermissions(const std::string& client_jid) { +bool AccessVerifier::VerifyPermissions( + const std::string& client_jid, + const std::string& encoded_access_token) { CHECK(initialized_); // Check that the client has the same bare jid as the host, i.e. // client's full jid starts with host's bare jid. - return StartsWithASCII(client_jid, host_jid_prefix_, true); + if (!StartsWithASCII(client_jid, host_jid_prefix_, true)) { + return false; + } + + // Decode the auth token. + protocol::ClientAuthToken client_token; + if (!DecodeClientAuthToken(encoded_access_token, &client_token)) { + return false; + } + + // Kick off directory access permissions. + // TODO(ajwong): Actually implement this. + return true; +} + +bool AccessVerifier::DecodeClientAuthToken( + const std::string& encoded_client_token, + protocol::ClientAuthToken* client_token) { + // TODO(ajwong): Implement this. + NOTIMPLEMENTED(); + return true; } } // namespace remoting diff --git a/remoting/host/access_verifier.h b/remoting/host/access_verifier.h index 41244ef..85c314c 100644 --- a/remoting/host/access_verifier.h +++ b/remoting/host/access_verifier.h @@ -11,20 +11,31 @@ namespace remoting { +namespace protocol { +class ClientAuthToken; +} // namespace protocol + class HostConfig; // AccessVerifier is used by to verify that the client has access to the host. -// Currently it just checks that host and client have the same bare JID. +// Currently it +// +// 1) Checks that host and client have the same bare JID. +// 2) Verifies that the access token can be decoded. // -// TODO(sergeyu): AccessVerifier should query directory to verify user -// permissions. +// TODO(sergeyu): Remove the bare-JID check, and instead ask the directory to +// perform user authorization. class AccessVerifier { public: AccessVerifier(); bool Init(HostConfig* config); - bool VerifyPermissions(const std::string& client_jid); + bool VerifyPermissions(const std::string& client_jid, + const std::string& encoded_client_token); private: + bool DecodeClientAuthToken(const std::string& encoded_client_token, + protocol::ClientAuthToken* client_token); + std::string host_jid_prefix_; bool initialized_; diff --git a/remoting/host/access_verifier_unittest.cc b/remoting/host/access_verifier_unittest.cc index 7d151f5..75d5795 100644 --- a/remoting/host/access_verifier_unittest.cc +++ b/remoting/host/access_verifier_unittest.cc @@ -48,13 +48,13 @@ TEST_F(AccessVerifierTest, VerifyPermissions) { AccessVerifier target; InitConfig(); ASSERT_TRUE(target.Init(config_)); - EXPECT_TRUE(target.VerifyPermissions("host@domain.com/123123")); - EXPECT_FALSE(target.VerifyPermissions("host@domain.com")); - EXPECT_FALSE(target.VerifyPermissions("otherhost@domain.com/123123")); - EXPECT_FALSE(target.VerifyPermissions("host@otherdomain.com/123123")); - EXPECT_FALSE(target.VerifyPermissions("")); - EXPECT_FALSE(target.VerifyPermissions("host@domain.co/saf")); - EXPECT_FALSE(target.VerifyPermissions("host@domain.com.other/blah")); + EXPECT_TRUE(target.VerifyPermissions("host@domain.com/123123", "")); + EXPECT_FALSE(target.VerifyPermissions("host@domain.com", "")); + EXPECT_FALSE(target.VerifyPermissions("otherhost@domain.com/123123", "")); + EXPECT_FALSE(target.VerifyPermissions("host@otherdomain.com/123123", "")); + EXPECT_FALSE(target.VerifyPermissions("", "")); + EXPECT_FALSE(target.VerifyPermissions("host@domain.co/saf", "")); + EXPECT_FALSE(target.VerifyPermissions("host@domain.com.other/blah", "")); } } // namespace remoting diff --git a/remoting/host/chromoting_host.cc b/remoting/host/chromoting_host.cc index 95b9a6e..c713384 100644 --- a/remoting/host/chromoting_host.cc +++ b/remoting/host/chromoting_host.cc @@ -263,8 +263,9 @@ void ChromotingHost::OnNewClientSession( return; } - // Check that the user has access to the host. - if (!access_verifier_.VerifyPermissions(session->jid())) { + // Check that the client has access to the host. + if (!access_verifier_.VerifyPermissions(session->jid(), + session->initiator_token())) { *response = protocol::SessionManager::DECLINE; return; } @@ -283,6 +284,8 @@ void ChromotingHost::OnNewClientSession( } session->set_config(config); + session->set_receiver_token( + GenerateHostAuthToken(session->initiator_token())); *response = protocol::SessionManager::ACCEPT; @@ -326,4 +329,10 @@ Encoder* ChromotingHost::CreateEncoder(const protocol::SessionConfig* config) { return NULL; } +std::string ChromotingHost::GenerateHostAuthToken( + const std::string& encoded_client_token) { + // TODO(ajwong): Return the signature of this instead. + return encoded_client_token; +} + } // namespace remoting diff --git a/remoting/host/chromoting_host.h b/remoting/host/chromoting_host.h index aa8cb5f..1d37ad9 100644 --- a/remoting/host/chromoting_host.h +++ b/remoting/host/chromoting_host.h @@ -129,6 +129,8 @@ class ChromotingHost : public base::RefCountedThreadSafe<ChromotingHost>, // Creates encoder for the specified configuration. Encoder* CreateEncoder(const protocol::SessionConfig* config); + std::string GenerateHostAuthToken(const std::string& encoded_client_token); + // The context that the chromoting host runs on. ChromotingHostContext* context_; diff --git a/remoting/proto/auth.proto b/remoting/proto/auth.proto new file mode 100644 index 0000000..f3a555e --- /dev/null +++ b/remoting/proto/auth.proto @@ -0,0 +1,21 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Messages related to Client/Host Mutual Authentication and Local Login. + +syntax = "proto2"; + +option optimize_for = LITE_RUNTIME; + +package remoting.protocol; + +// Represents the data used in generating the client auth token during session +// initiation. +message ClientAuthToken { + optional string host_full_jid = 1; + optional string client_full_jid = 2; + + // A short-lived OAuth token identifying the client to the host. + optional string client_oauth_token = 3; +} diff --git a/remoting/proto/chromotocol.gyp b/remoting/proto/chromotocol.gyp index faab3e7..705af2d 100644 --- a/remoting/proto/chromotocol.gyp +++ b/remoting/proto/chromotocol.gyp @@ -13,6 +13,7 @@ 'target_name': 'chromotocol_proto', 'type': 'none', 'sources': [ + 'auth.proto', 'control.proto', 'event.proto', 'internal.proto', @@ -66,6 +67,8 @@ # chromotocol_proto to compile. 'hard_dependency': 1, 'sources': [ + '<(out_dir)/auth.pb.cc', + '<(out_dir)/auth.pb.h', '<(out_dir)/control.pb.cc', '<(out_dir)/control.pb.h', '<(out_dir)/event.pb.cc', diff --git a/remoting/proto/internal.proto b/remoting/proto/internal.proto index 7a8e908..a22ab632 100644 --- a/remoting/proto/internal.proto +++ b/remoting/proto/internal.proto @@ -2,7 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -// Internal messages as a unit for transmission in the wire. +// Internal message types that should not be seen outside the protocol +// directory. syntax = "proto2"; @@ -16,7 +17,6 @@ package remoting; // Defines the message that is sent from the client to the host. // Only one of the optional messages should be present. -// NEXT ID: 7 message ChromotingClientMessage { optional KeyEvent key_event = 1; optional MouseSetPositionEvent mouse_set_position_event = 2; diff --git a/remoting/protocol/fake_session.cc b/remoting/protocol/fake_session.cc index bba1d98..ac344e0 100644 --- a/remoting/protocol/fake_session.cc +++ b/remoting/protocol/fake_session.cc @@ -181,6 +181,22 @@ void FakeSession::set_config(const SessionConfig* config) { config_.reset(config); } +const std::string& FakeSession::initiator_token() { + return initiator_token_; +} + +void FakeSession::set_initiator_token(const std::string& initiator_token) { + initiator_token_ = initiator_token; +} + +const std::string& FakeSession::receiver_token() { + return receiver_token_; +} + +void FakeSession::set_receiver_token(const std::string& receiver_token) { + receiver_token_ = receiver_token; +} + void FakeSession::Close(Task* closed_task) { closed_ = true; closed_task->Run(); diff --git a/remoting/protocol/fake_session.h b/remoting/protocol/fake_session.h index 357ef69..62818e4 100644 --- a/remoting/protocol/fake_session.h +++ b/remoting/protocol/fake_session.h @@ -118,6 +118,11 @@ class FakeSession : public Session { virtual const SessionConfig* config(); virtual void set_config(const SessionConfig* config); + virtual const std::string& initiator_token(); + virtual void set_initiator_token(const std::string& initiator_token); + virtual const std::string& receiver_token(); + virtual void set_receiver_token(const std::string& receiver_token); + virtual void Close(Task* closed_task); public: @@ -130,6 +135,10 @@ class FakeSession : public Session { FakeSocket video_channel_; FakeUdpSocket video_rtp_channel_; FakeUdpSocket video_rtcp_channel_; + + std::string initiator_token_; + std::string receiver_token_; + std::string jid_; bool closed_; }; diff --git a/remoting/protocol/jingle_connection_to_host.cc b/remoting/protocol/jingle_connection_to_host.cc index 5b34c5d..a11a8fb 100644 --- a/remoting/protocol/jingle_connection_to_host.cc +++ b/remoting/protocol/jingle_connection_to_host.cc @@ -8,6 +8,7 @@ #include "base/message_loop.h" #include "remoting/base/constants.h" #include "remoting/jingle_glue/jingle_thread.h" +#include "remoting/proto/auth.pb.h" #include "remoting/protocol/jingle_session_manager.h" #include "remoting/protocol/video_reader.h" #include "remoting/protocol/video_stub.h" @@ -87,9 +88,18 @@ void JingleConnectionToHost::InitSession() { // TODO(sergeyu): Set resolution in the |candidate_config| to the desired // resolution. + ClientAuthToken auth_token_proto; + auth_token_proto.set_host_full_jid(host_jid_); + auth_token_proto.set_client_full_jid(jingle_client_->GetFullJid()); + // TODO(ajwong): Use real token. + auth_token_proto.set_client_oauth_token(""); + + // TODO(ajwong): We should encrypt this based on the host's public key. + std::string client_token = auth_token_proto.SerializeAsString(); + // Initialize |session_|. session_ = session_manager_->Connect( - host_jid_, candidate_config, + host_jid_, client_token, candidate_config, NewCallback(this, &JingleConnectionToHost::OnSessionStateChange)); } diff --git a/remoting/protocol/jingle_session.cc b/remoting/protocol/jingle_session.cc index 9988f30..f4acf8e 100644 --- a/remoting/protocol/jingle_session.cc +++ b/remoting/protocol/jingle_session.cc @@ -138,6 +138,22 @@ void JingleSession::set_config(const SessionConfig* config) { config_.reset(config); } +const std::string& JingleSession::initiator_token() { + return initiator_token_; +} + +void JingleSession::set_initiator_token(const std::string& initiator_token) { + initiator_token_ = initiator_token; +} + +const std::string& JingleSession::receiver_token() { + return receiver_token_; +} + +void JingleSession::set_receiver_token(const std::string& receiver_token) { + receiver_token_ = receiver_token; +} + void JingleSession::Close(Task* closed_task) { if (MessageLoop::current() != jingle_session_manager_->message_loop()) { jingle_session_manager_->message_loop()->PostTask( diff --git a/remoting/protocol/jingle_session.h b/remoting/protocol/jingle_session.h index 32654fc..cd5a602 100644 --- a/remoting/protocol/jingle_session.h +++ b/remoting/protocol/jingle_session.h @@ -51,11 +51,17 @@ class JingleSession : public protocol::Session, virtual const std::string& jid(); virtual MessageLoop* message_loop(); - virtual const CandidateSessionConfig* candidate_config(); virtual const SessionConfig* config(); - virtual void set_config(const SessionConfig* config); + virtual const std::string& initiator_token(); + virtual void set_initiator_token(const std::string& initiator_token); + virtual const std::string& receiver_token(); + virtual void set_receiver_token(const std::string& receiver_token); + + // These fields are only set on the receiving side. + virtual const CandidateSessionConfig* candidate_config(); + virtual void Close(Task* closed_task); protected: @@ -95,9 +101,14 @@ class JingleSession : public protocol::Session, // The corresponding libjingle session. cricket::Session* cricket_session_; - scoped_ptr<const CandidateSessionConfig> candidate_config_; scoped_ptr<const SessionConfig> config_; + std::string initiator_token_; + std::string receiver_token_; + + // These data members are only set on the receiving side. + scoped_ptr<const CandidateSessionConfig> candidate_config_; + cricket::PseudoTcpChannel* control_channel_; scoped_ptr<StreamSocketAdapter> control_channel_adapter_; cricket::PseudoTcpChannel* event_channel_; diff --git a/remoting/protocol/jingle_session_manager.cc b/remoting/protocol/jingle_session_manager.cc index 293a06f..46367c9 100644 --- a/remoting/protocol/jingle_session_manager.cc +++ b/remoting/protocol/jingle_session_manager.cc @@ -8,12 +8,11 @@ #include "base/string_number_conversions.h" #include "remoting/base/constants.h" #include "remoting/jingle_glue/jingle_thread.h" +#include "remoting/proto/auth.pb.h" #include "third_party/libjingle/source/talk/p2p/base/constants.h" #include "third_party/libjingle/source/talk/p2p/base/transport.h" #include "third_party/libjingle/source/talk/xmllite/xmlelement.h" -using cricket::ContentDescription; -using cricket::SessionDescription; using buzz::QName; using buzz::XmlElement; @@ -150,8 +149,10 @@ bool ParseChannelConfig(const XmlElement* element, bool codec_required, } // namespace ContentDescription::ContentDescription( - const CandidateSessionConfig* candidate_config) - : candidate_config_(candidate_config) { + const CandidateSessionConfig* candidate_config, + const std::string& auth_token) + : candidate_config_(candidate_config), + auth_token_(auth_token) { } ContentDescription::~ContentDescription() { } @@ -218,23 +219,25 @@ void JingleSessionManager::set_allow_local_ips(bool allow_local_ips) { } scoped_refptr<protocol::Session> JingleSessionManager::Connect( - const std::string& jid, + const std::string& host_jid, + const std::string& receiver_token, CandidateSessionConfig* candidate_config, protocol::Session::StateChangeCallback* state_change_callback) { // Can be called from any thread. - scoped_refptr<JingleSession> jingle_session( - new JingleSession(this)); + scoped_refptr<JingleSession> jingle_session(new JingleSession(this)); jingle_session->set_candidate_config(candidate_config); + jingle_session->set_receiver_token(receiver_token); message_loop()->PostTask( FROM_HERE, NewRunnableMethod(this, &JingleSessionManager::DoConnect, - jingle_session, jid, + jingle_session, host_jid, receiver_token, state_change_callback)); return jingle_session; } void JingleSessionManager::DoConnect( scoped_refptr<JingleSession> jingle_session, - const std::string& jid, + const std::string& host_jid, + const std::string& receiver_token, protocol::Session::StateChangeCallback* state_change_callback) { DCHECK_EQ(message_loop(), MessageLoop::current()); cricket::Session* cricket_session = cricket_session_manager_->CreateSession( @@ -246,8 +249,9 @@ void JingleSessionManager::DoConnect( sessions_.push_back(jingle_session); cricket_session->Initiate( - jid, - CreateSessionDescription(jingle_session->candidate_config()->Clone())); + host_jid, + CreateSessionDescription(jingle_session->candidate_config()->Clone(), + receiver_token)); } JingleThread* JingleSessionManager::jingle_thread() { @@ -309,9 +313,8 @@ void JingleSessionManager::AcceptConnection( static_cast<const ContentDescription*>(content->description); jingle_session->set_candidate_config(content_description->config()->Clone()); - IncomingSessionResponse response = protocol::SessionManager::DECLINE; - // Always reject connection if there is no callback. + IncomingSessionResponse response = protocol::SessionManager::DECLINE; if (incoming_session_callback_.get()) incoming_session_callback_->Run(jingle_session, &response); @@ -321,7 +324,9 @@ void JingleSessionManager::AcceptConnection( DCHECK(jingle_session->config()); CandidateSessionConfig* candidate_config = CandidateSessionConfig::CreateFrom(jingle_session->config()); - cricket_session->Accept(CreateSessionDescription(candidate_config)); + cricket_session->Accept( + CreateSessionDescription(candidate_config, + jingle_session->initiator_token())); break; } @@ -404,7 +409,10 @@ bool JingleSessionManager::ParseContent( *config->mutable_initial_resolution() = resolution; - *content = new ContentDescription(config.release()); + std::string auth_token; + // TODO(ajwong): Parse this out. + + *content = new ContentDescription(config.release(), auth_token); return true; } LOG(ERROR) << "Invalid description: " << element->Str(); @@ -463,12 +471,13 @@ bool JingleSessionManager::WriteContent( return true; } -SessionDescription* JingleSessionManager::CreateSessionDescription( - const CandidateSessionConfig* config) { - SessionDescription* desc = new SessionDescription(); +cricket::SessionDescription* JingleSessionManager::CreateSessionDescription( + const CandidateSessionConfig* config, + const std::string& auth_token) { + cricket::SessionDescription* desc = new cricket::SessionDescription(); desc->AddContent(JingleSession::kChromotingContentName, kChromotingXmlNamespace, - new ContentDescription(config)); + new ContentDescription(config, auth_token)); return desc; } diff --git a/remoting/protocol/jingle_session_manager.h b/remoting/protocol/jingle_session_manager.h index f6ad45ab..7bb0424 100644 --- a/remoting/protocol/jingle_session_manager.h +++ b/remoting/protocol/jingle_session_manager.h @@ -28,21 +28,29 @@ class JingleThread; namespace protocol { -// ContentDescription used for chromoting sessions. It simply wraps -// CandidateSessionConfig. CandidateSessionConfig doesn't inherit -// from ContentDescription to avoid dependency on libjingle in -// Chromotocol Session interface. +// ContentDescription used for chromoting sessions. It contains the information +// from the content description stanza in the session intialization handshake. +// +// This class also provides a type abstraction so that the Chromotocol Session +// interface does not need to depend on libjingle. class ContentDescription : public cricket::ContentDescription { public: - explicit ContentDescription(const CandidateSessionConfig* config); + explicit ContentDescription(const CandidateSessionConfig* config, + const std::string& auth_token); ~ContentDescription(); const CandidateSessionConfig* config() const { return candidate_config_.get(); } + const std::string& auth_token() const { return auth_token_; } + private: scoped_ptr<const CandidateSessionConfig> candidate_config_; + + // This may contain the initiating, or the accepting token depending on + // context. + std::string auth_token_; }; // This class implements SessionClient for Chromoting sessions. It acts as a @@ -61,15 +69,30 @@ class JingleSessionManager cricket::SessionManager* cricket_session_manager, IncomingSessionCallback* incoming_session_callback); - // ChromotocolServer interface. + // SessionManager interface. virtual scoped_refptr<protocol::Session> Connect( const std::string& jid, + const std::string& client_token, CandidateSessionConfig* candidate_config, protocol::Session::StateChangeCallback* state_change_callback); virtual void Close(Task* closed_task); void set_allow_local_ips(bool allow_local_ips); + // cricket::SessionClient interface. + virtual void OnSessionCreate(cricket::Session* cricket_session, + bool received_initiate); + virtual void OnSessionDestroy(cricket::Session* cricket_session); + + virtual bool ParseContent(cricket::SignalingProtocol protocol, + const buzz::XmlElement* elem, + const cricket::ContentDescription** content, + cricket::ParseError* error); + virtual bool WriteContent(cricket::SignalingProtocol protocol, + const cricket::ContentDescription* content, + buzz::XmlElement** elem, + cricket::WriteError* error); + protected: virtual ~JingleSessionManager(); @@ -88,28 +111,16 @@ class JingleSessionManager void DoConnect( scoped_refptr<JingleSession> jingle_session, - const std::string& jid, + const std::string& host_jid, + const std::string& client_token, protocol::Session::StateChangeCallback* state_change_callback); // Creates outgoing session description for an incoming session. cricket::SessionDescription* CreateSessionDescription( - const CandidateSessionConfig* candidate_config); - - // cricket::SessionClient interface. - virtual void OnSessionCreate(cricket::Session* cricket_session, - bool received_initiate); - virtual void OnSessionDestroy(cricket::Session* cricket_session); - - virtual bool ParseContent(cricket::SignalingProtocol protocol, - const buzz::XmlElement* elem, - const cricket::ContentDescription** content, - cricket::ParseError* error); - virtual bool WriteContent(cricket::SignalingProtocol protocol, - const cricket::ContentDescription* content, - buzz::XmlElement** elem, - cricket::WriteError* error); + const CandidateSessionConfig* candidate_config, + const std::string& auth_token); - std::string local_jid_; + std::string local_jid_; // Full jid for the local side of the session. JingleThread* jingle_thread_; cricket::SessionManager* cricket_session_manager_; scoped_ptr<IncomingSessionCallback> incoming_session_callback_; diff --git a/remoting/protocol/jingle_session_unittest.cc b/remoting/protocol/jingle_session_unittest.cc index 20463ed..6b5a99d 100644 --- a/remoting/protocol/jingle_session_unittest.cc +++ b/remoting/protocol/jingle_session_unittest.cc @@ -44,6 +44,7 @@ const int kMessageSize = 1024; const int kMessages = 100; const int kTestDataSize = kMessages * kMessageSize; const int kUdpWriteDelayMs = 10; +const char kTestToken[] = "a_dummy_token"; } // namespace class MockSessionManagerCallback { @@ -166,6 +167,7 @@ class JingleSessionTest : public testing::Test { client_session_ = client_server_->Connect( SessionManagerPair::kHostJid, + kTestToken, CandidateSessionConfig::CreateDefault(), NewCallback(&client_connection_callback_, &MockSessionCallback::OnStateChange)); @@ -537,6 +539,7 @@ TEST_F(JingleSessionTest, RejectConnection) { client_session_ = client_server_->Connect( SessionManagerPair::kHostJid, + kTestToken, CandidateSessionConfig::CreateDefault(), NewCallback(&client_connection_callback_, &MockSessionCallback::OnStateChange)); diff --git a/remoting/protocol/protocol_test_client.cc b/remoting/protocol/protocol_test_client.cc index aa40195..6486331 100644 --- a/remoting/protocol/protocol_test_client.cc +++ b/remoting/protocol/protocol_test_client.cc @@ -33,6 +33,7 @@ namespace protocol { namespace { const int kBufferSize = 4096; +const char kDummyAuthToken[] = ""; } // namespace class ProtocolTestClient; @@ -285,7 +286,7 @@ void ProtocolTestClient::OnStateChange( ProtocolTestConnection* connection = new ProtocolTestConnection(this, client_->message_loop()); connection->Init(session_manager_->Connect( - host_jid_, CandidateSessionConfig::CreateDefault(), + host_jid_, kDummyAuthToken, CandidateSessionConfig::CreateDefault(), NewCallback(connection, &ProtocolTestConnection::OnStateChange))); connections_.push_back(make_scoped_refptr(connection)); diff --git a/remoting/protocol/session.h b/remoting/protocol/session.h index cbd857b..286dbe7 100644 --- a/remoting/protocol/session.h +++ b/remoting/protocol/session.h @@ -76,6 +76,12 @@ class Session : public base::RefCountedThreadSafe<Session> { // given to the connection. virtual void set_config(const SessionConfig* config) = 0; + // The raw auth tokens from the session-initiate, or session-accept stanzas. + virtual const std::string& initiator_token() = 0; + virtual void set_initiator_token(const std::string& initiator_token) = 0; + virtual const std::string& receiver_token() = 0; + virtual void set_receiver_token(const std::string& receiver_token) = 0; + // Closes connection. Callbacks are guaranteed not to be called after // |closed_task| is executed. virtual void Close(Task* closed_task) = 0; diff --git a/remoting/protocol/session_manager.h b/remoting/protocol/session_manager.h index f953e43..9fd2fd3 100644 --- a/remoting/protocol/session_manager.h +++ b/remoting/protocol/session_manager.h @@ -76,10 +76,21 @@ class SessionManager : public base::RefCountedThreadSafe<SessionManager> { typedef Callback2<Session*, IncomingSessionResponse*>::Type IncomingSessionCallback; - // Initializes session to the host |jid|. Ownership of the - // |config| is passed to the new session. + // Tries to create a session to the host |jid|. + // + // |host_jid| is the full jid of the host to connect to. + // |host_public_key| is used to encrypt the client authentication token. + // |client_oauth_token| is a short-lived OAuth token identify the client. + // |config| contains the session configurations that the client supports. + // |state_change_callback| is called when the connection state changes. + // + // This function may be called from any thread. The |state_change_callback| + // is invoked on the network thread. + // + // Ownership of the |config| is passed to the new session. virtual scoped_refptr<Session> Connect( - const std::string& jid, + const std::string& host_jid, + const std::string& client_token, CandidateSessionConfig* config, Session::StateChangeCallback* state_change_callback) = 0; |