diff options
| author | sergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-01-31 02:05:01 +0000 |
|---|---|---|
| committer | sergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-01-31 02:05:01 +0000 |
| commit | e4ac1e8b99cb29d6f6eb71d75736c77a44f47bfa (patch) | |
| tree | 941d5827d50e43b5043da315f078d6ef9f125338 /remoting | |
| parent | 630f1490db3086e0661e24562b9a55d89a62ff86 (diff) | |
| download | chromium_src-e4ac1e8b99cb29d6f6eb71d75736c77a44f47bfa.zip chromium_src-e4ac1e8b99cb29d6f6eb71d75736c77a44f47bfa.tar.gz chromium_src-e4ac1e8b99cb29d6f6eb71d75736c77a44f47bfa.tar.bz2 | |
Use NegotiatingAuthenticator instead of V2Authenticator.
- Changed Me2Me host to use NegotiatingAuthenticator.
- Changed client plugin to use NegotiatingAuthenticator when the webapp
specified any auth method other that v1_token.
- Cleaned up AuthenticationMethod as it is no longer used for v1_token.
BUG=105214
Review URL: https://chromiumcodereview.appspot.com/9113040
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@119816 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'remoting')
| -rw-r--r-- | remoting/client/chromoting_client.cc | 16 | ||||
| -rw-r--r-- | remoting/client/client_config.cc | 2 | ||||
| -rw-r--r-- | remoting/client/client_config.h | 4 | ||||
| -rw-r--r-- | remoting/client/plugin/chromoting_scriptable_object.cc | 59 | ||||
| -rw-r--r-- | remoting/protocol/authentication_method.cc | 62 | ||||
| -rw-r--r-- | remoting/protocol/authentication_method.h | 25 | ||||
| -rw-r--r-- | remoting/protocol/me2me_host_authenticator_factory.cc | 8 | ||||
| -rw-r--r-- | remoting/protocol/negotiating_authenticator.cc | 6 | ||||
| -rw-r--r-- | remoting/protocol/negotiating_authenticator.h | 2 |
9 files changed, 66 insertions, 118 deletions
diff --git a/remoting/client/chromoting_client.cc b/remoting/client/chromoting_client.cc index 404d383..a5f71ae 100644 --- a/remoting/client/chromoting_client.cc +++ b/remoting/client/chromoting_client.cc @@ -8,9 +8,10 @@ #include "remoting/client/chromoting_view.h" #include "remoting/client/client_context.h" #include "remoting/client/rectangle_update_decoder.h" -#include "remoting/protocol/authenticator.h" #include "remoting/protocol/authentication_method.h" #include "remoting/protocol/connection_to_host.h" +#include "remoting/protocol/negotiating_authenticator.h" +#include "remoting/protocol/v1_authenticator.h" #include "remoting/protocol/session_config.h" namespace remoting { @@ -48,10 +49,15 @@ ChromotingClient::~ChromotingClient() { void ChromotingClient::Start(scoped_refptr<XmppProxy> xmpp_proxy) { DCHECK(message_loop()->BelongsToCurrentThread()); - scoped_ptr<protocol::Authenticator> authenticator = - config_.authentication_method.CreateAuthenticator( - config_.local_jid, config_.authentication_tag, - config_.shared_secret); + scoped_ptr<protocol::Authenticator> authenticator; + if (config_.use_v1_authenticator) { + authenticator.reset(new protocol::V1ClientAuthenticator( + config_.local_jid, config_.shared_secret)); + } else { + authenticator = protocol::NegotiatingAuthenticator::CreateForClient( + config_.authentication_tag, + config_.shared_secret, config_.authentication_methods); + } connection_->Connect(xmpp_proxy, config_.local_jid, config_.host_jid, config_.host_public_key, authenticator.Pass(), diff --git a/remoting/client/client_config.cc b/remoting/client/client_config.cc index 3012a9b..7a9a844 100644 --- a/remoting/client/client_config.cc +++ b/remoting/client/client_config.cc @@ -7,7 +7,7 @@ namespace remoting { ClientConfig::ClientConfig() - : authentication_method(protocol::AuthenticationMethod::Invalid()) { + : use_v1_authenticator(false) { } ClientConfig::~ClientConfig() { diff --git a/remoting/client/client_config.h b/remoting/client/client_config.h index 31268fd..4ae3278 100644 --- a/remoting/client/client_config.h +++ b/remoting/client/client_config.h @@ -6,6 +6,7 @@ #define REMOTING_CLIENT_CLIENT_CONFIG_H_ #include <string> +#include <vector> #include "base/basictypes.h" #include "remoting/protocol/authentication_method.h" @@ -22,7 +23,8 @@ struct ClientConfig { std::string host_public_key; std::string shared_secret; - protocol::AuthenticationMethod authentication_method; + bool use_v1_authenticator; + std::vector<protocol::AuthenticationMethod> authentication_methods; std::string authentication_tag; }; diff --git a/remoting/client/plugin/chromoting_scriptable_object.cc b/remoting/client/plugin/chromoting_scriptable_object.cc index 334237d..9028bf7 100644 --- a/remoting/client/plugin/chromoting_scriptable_object.cc +++ b/remoting/client/plugin/chromoting_scriptable_object.cc @@ -362,67 +362,72 @@ Var ChromotingScriptableObject::DoConnect(const std::vector<Var>& args, // shared_secret // authentication_methods // authentication_tag + ClientConfig config; + unsigned int arg = 0; if (!args[arg].is_string()) { *exception = Var("The host_jid must be a string."); return Var(); } - std::string host_jid = args[arg++].AsString(); + config.host_jid = args[arg++].AsString(); if (!args[arg].is_string()) { *exception = Var("The host_public_key must be a string."); return Var(); } - std::string host_public_key = args[arg++].AsString(); + config.host_public_key = args[arg++].AsString(); if (!args[arg].is_string()) { *exception = Var("The client_jid must be a string."); return Var(); } - std::string client_jid = args[arg++].AsString(); + config.local_jid = args[arg++].AsString(); if (!args[arg].is_string()) { *exception = Var("The shared_secret must be a string."); return Var(); } - std::string shared_secret = args[arg++].AsString(); + config.shared_secret = args[arg++].AsString(); // Older versions of the webapp do not supply the following two // parameters. // By default use V1 authentication. - protocol::AuthenticationMethod authentication_method = - protocol::AuthenticationMethod::V1Token(); + config.use_v1_authenticator = true; if (args.size() > arg) { if (!args[arg].is_string()) { - *exception = Var("The authentication_method must be a string."); + *exception = Var("The authentication_methods must be a string."); return Var(); } - authentication_method = protocol::AuthenticationMethod::Invalid(); std::string as_string = args[arg++].AsString(); - std::vector<std::string> auth_methods; - base::SplitString(as_string, ',', &auth_methods); - for (std::vector<std::string>::iterator it = auth_methods.begin(); - it != auth_methods.end(); ++it) { - authentication_method = - protocol::AuthenticationMethod::FromString(as_string); - if (authentication_method.is_valid()) - break; - } - if (!authentication_method.is_valid()) { - *exception = Var("No valid authentication methods specified."); - return Var(); + if (as_string == "v1_token") { + config.use_v1_authenticator = true; + } else { + config.use_v1_authenticator = false; + + std::vector<std::string> auth_methods; + base::SplitString(as_string, ',', &auth_methods); + for (std::vector<std::string>::iterator it = auth_methods.begin(); + it != auth_methods.end(); ++it) { + protocol::AuthenticationMethod authentication_method = + protocol::AuthenticationMethod::FromString(*it); + if (authentication_method.is_valid()) + config.authentication_methods.push_back(authentication_method); + } + if (config.authentication_methods.empty()) { + *exception = Var("No valid authentication methods specified."); + return Var(); + } } } - std::string authentication_tag; if (args.size() > arg) { if (!args[arg].is_string()) { *exception = Var("The authentication_tag must be a string."); return Var(); } - authentication_tag = args[arg++].AsString(); + config.authentication_tag = args[arg++].AsString(); } if (args.size() != arg) { @@ -431,14 +436,8 @@ Var ChromotingScriptableObject::DoConnect(const std::vector<Var>& args, } VLOG(1) << "Connecting to host. " - << "client_jid: " << client_jid << ", host_jid: " << host_jid; - ClientConfig config; - config.local_jid = client_jid; - config.host_jid = host_jid; - config.host_public_key = host_public_key; - config.shared_secret = shared_secret; - config.authentication_method = authentication_method; - config.authentication_tag = authentication_tag; + << "client_jid: " << config.local_jid + << ", host_jid: " << config.host_jid; instance_->Connect(config); return Var(); diff --git a/remoting/protocol/authentication_method.cc b/remoting/protocol/authentication_method.cc index 0082126..97dca63 100644 --- a/remoting/protocol/authentication_method.cc +++ b/remoting/protocol/authentication_method.cc @@ -19,21 +19,14 @@ AuthenticationMethod AuthenticationMethod::Invalid() { } // static -AuthenticationMethod AuthenticationMethod::V1Token() { - return AuthenticationMethod(VERSION_1, NONE); -} - -// static AuthenticationMethod AuthenticationMethod::Spake2(HashFunction hash_function) { - return AuthenticationMethod(VERSION_2, hash_function); + return AuthenticationMethod(hash_function); } // static AuthenticationMethod AuthenticationMethod::FromString( const std::string& value) { - if (value == "v1_token") { - return V1Token(); - } else if (value == "spake2_plain") { + if (value == "spake2_plain") { return Spake2(NONE); } else if (value == "spake2_hmac") { return Spake2(HMAC_SHA256); @@ -73,44 +66,14 @@ std::string AuthenticationMethod::ApplyHashFunction( AuthenticationMethod::AuthenticationMethod() : invalid_(true), - version_(VERSION_2), hash_function_(NONE) { } -AuthenticationMethod::AuthenticationMethod(Version version, - HashFunction hash_function) +AuthenticationMethod::AuthenticationMethod(HashFunction hash_function) : invalid_(false), - version_(version), hash_function_(hash_function) { } -scoped_ptr<Authenticator> AuthenticationMethod::CreateAuthenticator( - const std::string& local_jid, - const std::string& tag, - const std::string& shared_secret) const { - DCHECK(is_valid()); - - switch (version_) { - case VERSION_1: - DCHECK_EQ(hash_function_, NONE); - return scoped_ptr<Authenticator>( - new protocol::V1ClientAuthenticator(local_jid, shared_secret)); - - case VERSION_2: - return protocol::V2Authenticator::CreateForClient( - ApplyHashFunction(hash_function_, tag, shared_secret), - Authenticator::MESSAGE_READY); - } - - NOTREACHED(); - return scoped_ptr<Authenticator>(NULL); -} - -AuthenticationMethod::Version AuthenticationMethod::version() const { - DCHECK(is_valid()); - return version_; -} - AuthenticationMethod::HashFunction AuthenticationMethod::hash_function() const { DCHECK(is_valid()); return hash_function_; @@ -119,17 +82,11 @@ AuthenticationMethod::HashFunction AuthenticationMethod::hash_function() const { const std::string AuthenticationMethod::ToString() const { DCHECK(is_valid()); - switch (version_) { - case VERSION_1: - return "v1_token"; - - case VERSION_2: - switch (hash_function_) { - case NONE: - return "spake2_plain"; - case HMAC_SHA256: - return "spake2_hmac"; - } + switch (hash_function_) { + case NONE: + return "spake2_plain"; + case HMAC_SHA256: + return "spake2_hmac"; } NOTREACHED(); @@ -142,8 +99,7 @@ bool AuthenticationMethod::operator ==( return !other.is_valid(); if (!other.is_valid()) return false; - return version_ == other.version_ && - hash_function_ == other.hash_function_; + return hash_function_ == other.hash_function_; } } // namespace protocol diff --git a/remoting/protocol/authentication_method.h b/remoting/protocol/authentication_method.h index 6b94a06..6702187 100644 --- a/remoting/protocol/authentication_method.h +++ b/remoting/protocol/authentication_method.h @@ -24,17 +24,6 @@ class Authenticator; class AuthenticationMethod { public: - enum Version { - // Legacy authentication mechanism. - // TODO(sergeyu): Should be removed when we finished switching to - // the new version (at which point this enum may be removed). - // crbug.com/110483 - VERSION_1, - - // The new SPAKE2-based authentication. - VERSION_2, - }; - enum HashFunction { NONE, HMAC_SHA256, @@ -42,7 +31,6 @@ class AuthenticationMethod { // Constructors for various authentication methods. static AuthenticationMethod Invalid(); - static AuthenticationMethod V1Token(); static AuthenticationMethod Spake2(HashFunction hash_function); // Parses a string that defines an authentication method. Returns an @@ -60,21 +48,12 @@ class AuthenticationMethod { // Following methods are valid only when is_valid() returns true. - // Version of the authentication protocol. - Version version() const ; - // Hash function applied to the shared secret on both ends. HashFunction hash_function() const; // Returns string representation of the value stored in this object. const std::string ToString() const; - // Creates client authenticator using the specified parameters. - scoped_ptr<Authenticator> CreateAuthenticator( - const std::string& local_jid, - const std::string& tag, - const std::string& shared_secret) const; - // Comparison operators so that std::find() can be used with // collections of this class. bool operator ==(const AuthenticationMethod& other) const; @@ -84,11 +63,9 @@ class AuthenticationMethod { private: AuthenticationMethod(); - AuthenticationMethod(Version version, - HashFunction hash_function); + AuthenticationMethod(HashFunction hash_function); bool invalid_; - Version version_; HashFunction hash_function_; }; diff --git a/remoting/protocol/me2me_host_authenticator_factory.cc b/remoting/protocol/me2me_host_authenticator_factory.cc index 21272cf..9a6f60b 100644 --- a/remoting/protocol/me2me_host_authenticator_factory.cc +++ b/remoting/protocol/me2me_host_authenticator_factory.cc @@ -8,8 +8,8 @@ #include "base/string_util.h" #include "crypto/rsa_private_key.h" #include "remoting/protocol/channel_authenticator.h" +#include "remoting/protocol/negotiating_authenticator.h" #include "remoting/protocol/v1_authenticator.h" -#include "remoting/protocol/v2_authenticator.h" #include "third_party/libjingle/source/talk/xmllite/xmlelement.h" namespace remoting { @@ -107,10 +107,10 @@ scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator( return scoped_ptr<Authenticator>(new RejectingAuthenticator()); } - if (V2Authenticator::IsEkeMessage(first_message)) { - return V2Authenticator::CreateForHost( + if (NegotiatingAuthenticator::IsNegotiableMessage(first_message)) { + return NegotiatingAuthenticator::CreateForHost( local_cert_, *local_private_key_, shared_secret_hash_.value, - Authenticator::WAITING_MESSAGE); + shared_secret_hash_.hash_function); } // TODO(sergeyu): Old clients still use V1 auth protocol. Remove diff --git a/remoting/protocol/negotiating_authenticator.cc b/remoting/protocol/negotiating_authenticator.cc index 55e1d78..1234c25 100644 --- a/remoting/protocol/negotiating_authenticator.cc +++ b/remoting/protocol/negotiating_authenticator.cc @@ -28,6 +28,12 @@ const char kSupportedMethodsSeparator = ','; } // namespace // static +bool NegotiatingAuthenticator::IsNegotiableMessage( + const buzz::XmlElement* message) { + return message->HasAttr(kSupportedMethodsAttributeQName); +} + +// static scoped_ptr<Authenticator> NegotiatingAuthenticator::CreateForClient( const std::string& authentication_tag, const std::string& shared_secret, diff --git a/remoting/protocol/negotiating_authenticator.h b/remoting/protocol/negotiating_authenticator.h index beda194..aabbf88 100644 --- a/remoting/protocol/negotiating_authenticator.h +++ b/remoting/protocol/negotiating_authenticator.h @@ -24,6 +24,8 @@ class NegotiatingAuthenticator : public Authenticator { public: virtual ~NegotiatingAuthenticator(); + static bool IsNegotiableMessage(const buzz::XmlElement* message); + static scoped_ptr<Authenticator> CreateForClient( const std::string& authentication_tag, const std::string& shared_secret, |