1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef REMOTING_PROTOCOL_TOKEN_VALIDATOR_H_
6#define REMOTING_PROTOCOL_TOKEN_VALIDATOR_H_
7
8#include <string>
9
10#include "base/callback.h"
11#include "base/memory/scoped_ptr.h"
12#include "url/gurl.h"
13
14namespace remoting {
15
16class RsaKeyPair;
17
18namespace protocol {
19
20// The |TokenValidator| encapsulates the parameters to be sent to the client
21// to obtain a token, and the method to validate that token and obtain the
22// shared secret for the connection.
23class TokenValidator {
24 public:
25  // Callback passed to |ValidateThirdPartyToken|, and called once the host
26  // authentication finishes. |shared_secret| should be used by the host to
27  // create a V2Authenticator. In case of failure, the callback is called with
28  // an empty |shared_secret|.
29  typedef base::Callback<void(
30      const std::string& shared_secret)> TokenValidatedCallback;
31
32  virtual ~TokenValidator() {}
33
34  // Validates |token| with the server and exchanges it for a |shared_secret|.
35  // |token_validated_callback| is called when the host authentication ends,
36  // in the same thread |ValidateThirdPartyToken| was originally called.
37  // The request is canceled if this object is destroyed.
38  virtual void ValidateThirdPartyToken(
39      const std::string& token,
40      const TokenValidatedCallback& token_validated_callback) = 0;
41
42  // URL sent to the client, to be used by its |TokenFetcher| to get a token.
43  virtual const GURL& token_url() const = 0;
44
45  // Space-separated list of connection attributes the host must send to the
46  // client, and require the token received in response to match.
47  virtual const std::string& token_scope() const = 0;
48};
49
50// Factory for |TokenValidator|.
51class TokenValidatorFactory {
52 public:
53  virtual ~TokenValidatorFactory() {}
54
55  // Creates a TokenValidator. |local_jid| and |remote_jid| are used to create
56  // a token scope that is restricted to the current connection's JIDs.
57  virtual scoped_ptr<TokenValidator> CreateTokenValidator(
58      const std::string& local_jid,
59      const std::string& remote_jid) = 0;
60};
61
62}  // namespace protocol
63}  // namespace remoting
64
65#endif  // REMOTING_PROTOCOL_TOKEN_VALIDATOR_H_
66