12a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved. 22a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 32a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// found in the LICENSE file. 42a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 52a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#ifndef REMOTING_PROTOCOL_THIRD_PARTY_CLIENT_AUTHENTICATOR_H_ 62a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define REMOTING_PROTOCOL_THIRD_PARTY_CLIENT_AUTHENTICATOR_H_ 72a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 82a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include <string> 92a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 102a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "base/callback.h" 112a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "base/memory/scoped_ptr.h" 122a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "base/memory/weak_ptr.h" 132a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "remoting/protocol/third_party_authenticator_base.h" 147dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch#include "url/gurl.h" 152a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 162a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)class GURL; 172a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 182a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)namespace remoting { 192a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)namespace protocol { 202a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Implements the client side of the third party authentication mechanism. 222a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// The client authenticator expects a |token_url| and |scope| in the first 232a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// message from the host, then calls the |TokenFetcher| asynchronously to 242a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// request a |token| and |shared_secret| from that url. If the server requires 252a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// interactive authentication, the |TokenFetcher| implementation will show the 262a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// appropriate UI. Once the |TokenFetcher| returns, the client sends the |token| 272a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// to the host, and uses the |shared_secret| to create an underlying 282a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// |V2Authenticator|, which is used to establish the encrypted connection. 292a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)class ThirdPartyClientAuthenticator : public ThirdPartyAuthenticatorBase { 302a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) public: 312a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) class TokenFetcher { 322a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) public: 332a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Callback passed to |FetchThirdPartyToken|, and called once the client 342a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // authentication finishes. |token| is an opaque string that should be sent 352a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // directly to the host. |shared_secret| should be used by the client to 362a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // create a V2Authenticator. In case of failure, the callback is called with 372a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // an empty |token| and |shared_secret|. 382a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) typedef base::Callback<void( 392a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const std::string& token, 402a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const std::string& shared_secret)> TokenFetchedCallback; 412a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 422a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) virtual ~TokenFetcher() {} 432a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 442a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Fetches a third party token from |token_url|. |host_public_key| is sent 452a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // to the server so it can later authenticate the host. |scope| is a string 462a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // with a space-separated list of attributes for this connection (e.g. 472a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // "hostjid:abc@example.com/123 clientjid:def@example.org/456". 482a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // |token_fetched_callback| is called when the client authentication ends, 492a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // in the same thread |FetchThirdPartyToken| was originally called. 502a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // The request is canceled if the TokenFetcher is destroyed. 512a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) virtual void FetchThirdPartyToken( 522a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const GURL& token_url, 532a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const std::string& scope, 542a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const TokenFetchedCallback& token_fetched_callback) = 0; 552a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) }; 562a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 572a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Creates a third-party client authenticator for the host with the given 582a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // |host_public_key|. |token_fetcher| is used to get the authentication token. 59c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) explicit ThirdPartyClientAuthenticator( 60c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) scoped_ptr<TokenFetcher> token_fetcher); 612a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) virtual ~ThirdPartyClientAuthenticator(); 622a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 632a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) protected: 642a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // ThirdPartyAuthenticator implementation. 652a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) virtual void ProcessTokenMessage( 662a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const buzz::XmlElement* message, 672a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const base::Closure& resume_callback) OVERRIDE; 682a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) virtual void AddTokenElements(buzz::XmlElement* message) OVERRIDE; 692a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 702a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) private: 712a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) void OnThirdPartyTokenFetched(const base::Closure& resume_callback, 722a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const std::string& third_party_token, 732a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const std::string& shared_secret); 742a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 752a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) std::string token_; 762a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) scoped_ptr<TokenFetcher> token_fetcher_; 772a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 782a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(ThirdPartyClientAuthenticator); 792a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)}; 802a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 812a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 822a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} // namespace protocol 832a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} // namespace remoting 842a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 852a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#endif // REMOTING_PROTOCOL_THIRD_PARTY_CLIENT_AUTHENTICATOR_H_ 86