password_manager::metrics_util::LogUMAHistogramBoolean should upload
[chromium-blink-merge.git] / remoting / protocol / negotiating_client_authenticator.cc
blobce2f410c68eddf88f6cbac8d57bb164e4cd750df
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "remoting/protocol/negotiating_client_authenticator.h"
7 #include <algorithm>
8 #include <sstream>
10 #include "base/bind.h"
11 #include "base/callback.h"
12 #include "base/logging.h"
13 #include "base/strings/string_split.h"
14 #include "remoting/protocol/channel_authenticator.h"
15 #include "remoting/protocol/pairing_client_authenticator.h"
16 #include "remoting/protocol/v2_authenticator.h"
17 #include "third_party/webrtc/libjingle/xmllite/xmlelement.h"
19 namespace remoting {
20 namespace protocol {
22 NegotiatingClientAuthenticator::NegotiatingClientAuthenticator(
23 const std::string& client_pairing_id,
24 const std::string& shared_secret,
25 const std::string& authentication_tag,
26 const FetchSecretCallback& fetch_secret_callback,
27 scoped_ptr<ThirdPartyClientAuthenticator::TokenFetcher> token_fetcher,
28 const std::vector<AuthenticationMethod>& methods)
29 : NegotiatingAuthenticatorBase(MESSAGE_READY),
30 client_pairing_id_(client_pairing_id),
31 shared_secret_(shared_secret),
32 authentication_tag_(authentication_tag),
33 fetch_secret_callback_(fetch_secret_callback),
34 token_fetcher_(token_fetcher.Pass()),
35 method_set_by_host_(false),
36 weak_factory_(this) {
37 DCHECK(!methods.empty());
38 for (std::vector<AuthenticationMethod>::const_iterator it = methods.begin();
39 it != methods.end(); ++it) {
40 AddMethod(*it);
44 NegotiatingClientAuthenticator::~NegotiatingClientAuthenticator() {
47 void NegotiatingClientAuthenticator::ProcessMessage(
48 const buzz::XmlElement* message,
49 const base::Closure& resume_callback) {
50 DCHECK_EQ(state(), WAITING_MESSAGE);
52 std::string method_attr = message->Attr(kMethodAttributeQName);
53 AuthenticationMethod method = AuthenticationMethod::FromString(method_attr);
55 // The host picked a method different from the one the client had selected.
56 if (method != current_method_) {
57 // The host must pick a method that is valid and supported by the client,
58 // and it must not change methods after it has picked one.
59 if (method_set_by_host_ || !method.is_valid() ||
60 std::find(methods_.begin(), methods_.end(), method) == methods_.end()) {
61 state_ = REJECTED;
62 rejection_reason_ = PROTOCOL_ERROR;
63 resume_callback.Run();
64 return;
67 current_method_ = method;
68 method_set_by_host_ = true;
69 state_ = PROCESSING_MESSAGE;
71 // Copy the message since the authenticator may process it asynchronously.
72 base::Closure callback = base::Bind(
73 &NegotiatingAuthenticatorBase::ProcessMessageInternal,
74 base::Unretained(this), base::Owned(new buzz::XmlElement(*message)),
75 resume_callback);
76 CreateAuthenticatorForCurrentMethod(WAITING_MESSAGE, callback);
77 return;
79 ProcessMessageInternal(message, resume_callback);
82 scoped_ptr<buzz::XmlElement> NegotiatingClientAuthenticator::GetNextMessage() {
83 DCHECK_EQ(state(), MESSAGE_READY);
85 // This is the first message to the host, send a list of supported methods.
86 if (!current_method_.is_valid()) {
87 // If no authentication method has been chosen, see if we can optimistically
88 // choose one.
89 scoped_ptr<buzz::XmlElement> result;
90 CreatePreferredAuthenticator();
91 if (current_authenticator_) {
92 DCHECK(current_authenticator_->state() == MESSAGE_READY);
93 result = GetNextMessageInternal();
94 } else {
95 result = CreateEmptyAuthenticatorMessage();
98 // Include a list of supported methods.
99 std::stringstream supported_methods(std::stringstream::out);
100 for (std::vector<AuthenticationMethod>::iterator it = methods_.begin();
101 it != methods_.end(); ++it) {
102 if (it != methods_.begin())
103 supported_methods << kSupportedMethodsSeparator;
104 supported_methods << it->ToString();
106 result->AddAttr(kSupportedMethodsAttributeQName, supported_methods.str());
107 state_ = WAITING_MESSAGE;
108 return result.Pass();
110 return GetNextMessageInternal();
113 void NegotiatingClientAuthenticator::CreateAuthenticatorForCurrentMethod(
114 Authenticator::State preferred_initial_state,
115 const base::Closure& resume_callback) {
116 DCHECK(current_method_.is_valid());
117 if (current_method_.type() == AuthenticationMethod::THIRD_PARTY) {
118 // |ThirdPartyClientAuthenticator| takes ownership of |token_fetcher_|.
119 // The authentication method negotiation logic should guarantee that only
120 // one |ThirdPartyClientAuthenticator| will need to be created per session.
121 DCHECK(token_fetcher_);
122 current_authenticator_.reset(new ThirdPartyClientAuthenticator(
123 token_fetcher_.Pass()));
124 resume_callback.Run();
125 } else {
126 DCHECK(current_method_.type() == AuthenticationMethod::SPAKE2 ||
127 current_method_.type() == AuthenticationMethod::SPAKE2_PAIR);
128 bool pairing_supported =
129 (current_method_.type() == AuthenticationMethod::SPAKE2_PAIR);
130 SecretFetchedCallback callback = base::Bind(
131 &NegotiatingClientAuthenticator::CreateV2AuthenticatorWithSecret,
132 weak_factory_.GetWeakPtr(), preferred_initial_state, resume_callback);
133 fetch_secret_callback_.Run(pairing_supported, callback);
137 void NegotiatingClientAuthenticator::CreatePreferredAuthenticator() {
138 if (!client_pairing_id_.empty() && !shared_secret_.empty() &&
139 std::find(methods_.begin(), methods_.end(),
140 AuthenticationMethod::Spake2Pair()) != methods_.end()) {
141 // If the client specified a pairing id and shared secret, then create a
142 // PairingAuthenticator.
143 current_authenticator_.reset(new PairingClientAuthenticator(
144 client_pairing_id_, shared_secret_, fetch_secret_callback_,
145 authentication_tag_));
146 current_method_ = AuthenticationMethod::Spake2Pair();
150 void NegotiatingClientAuthenticator::CreateV2AuthenticatorWithSecret(
151 Authenticator::State initial_state,
152 const base::Closure& resume_callback,
153 const std::string& shared_secret) {
154 current_authenticator_ = V2Authenticator::CreateForClient(
155 AuthenticationMethod::ApplyHashFunction(
156 current_method_.hash_function(), authentication_tag_, shared_secret),
157 initial_state);
158 resume_callback.Run();
161 } // namespace protocol
162 } // namespace remoting