1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef REMOTING_PROTOCOL_THIRD_PARTY_HOST_AUTHENTICATOR_H_ 6#define REMOTING_PROTOCOL_THIRD_PARTY_HOST_AUTHENTICATOR_H_ 7 8#include <string> 9 10#include "base/callback.h" 11#include "base/memory/scoped_ptr.h" 12#include "remoting/protocol/third_party_authenticator_base.h" 13#include "url/gurl.h" 14 15namespace remoting { 16 17class RsaKeyPair; 18 19namespace protocol { 20 21// Implements the host side of the third party authentication mechanism. 22// The host authenticator sends the |token_url| and |scope| obtained from the 23// |TokenValidator| to the client, and expects a |token| in response. 24// Once that token is received, it calls |TokenValidator| asynchronously to 25// validate it, and exchange it for a |shared_secret|. Once the |TokenValidator| 26// returns, the host uses the |shared_secret| to create an underlying 27// |V2Authenticator|, which is used to establish the encrypted connection. 28class ThirdPartyHostAuthenticator : public ThirdPartyAuthenticatorBase { 29 public: 30 class TokenValidator { 31 public: 32 // Callback passed to |ValidateThirdPartyToken|, and called once the host 33 // authentication finishes. |shared_secret| should be used by the host to 34 // create a V2Authenticator. In case of failure, the callback is called with 35 // an empty |shared_secret|. 36 typedef base::Callback<void( 37 const std::string& shared_secret)> TokenValidatedCallback; 38 39 virtual ~TokenValidator() {} 40 41 // Validates |token| with the server and exchanges it for a |shared_secret|. 42 // |token_validated_callback| is called when the host authentication ends, 43 // in the same thread |ValidateThirdPartyToken| was originally called. 44 // The request is canceled if this object is destroyed. 45 virtual void ValidateThirdPartyToken( 46 const std::string& token, 47 const TokenValidatedCallback& token_validated_callback) = 0; 48 49 // URL sent to the client, to be used by its |TokenFetcher| to get a token. 50 virtual const GURL& token_url() const = 0; 51 52 // Space-separated list of connection attributes the host must send to the 53 // client, and require the token received in response to match. 54 virtual const std::string& token_scope() const = 0; 55 }; 56 57 class TokenValidatorFactory { 58 public: 59 virtual ~TokenValidatorFactory() {} 60 61 // Creates a TokenValidator. |local_jid| and |remote_jid| are used to create 62 // a token scope that is restricted to the current connection's JIDs. 63 virtual scoped_ptr<TokenValidator> CreateTokenValidator( 64 const std::string& local_jid, 65 const std::string& remote_jid) = 0; 66 }; 67 68 // Creates a third-party host authenticator. |local_cert| and |key_pair| are 69 // used by the underlying V2Authenticator to create the SSL channels. 70 // |token_validator| contains the token parameters to be sent to the client 71 // and is used to obtain the shared secret. 72 ThirdPartyHostAuthenticator(const std::string& local_cert, 73 scoped_refptr<RsaKeyPair> key_pair, 74 scoped_ptr<TokenValidator> token_validator); 75 virtual ~ThirdPartyHostAuthenticator(); 76 77 protected: 78 // ThirdPartyAuthenticator implementation. 79 virtual void ProcessTokenMessage( 80 const buzz::XmlElement* message, 81 const base::Closure& resume_callback) OVERRIDE; 82 virtual void AddTokenElements(buzz::XmlElement* message) OVERRIDE; 83 84 private: 85 void OnThirdPartyTokenValidated(const buzz::XmlElement* message, 86 const base::Closure& resume_callback, 87 const std::string& shared_secret); 88 89 std::string local_cert_; 90 scoped_refptr<RsaKeyPair> key_pair_; 91 scoped_ptr<TokenValidator> token_validator_; 92 93 DISALLOW_COPY_AND_ASSIGN(ThirdPartyHostAuthenticator); 94}; 95 96} // namespace protocol 97} // namespace remoting 98 99#endif // REMOTING_PROTOCOL_THIRD_PARTY_HOST_AUTHENTICATOR_H_ 100