1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef REMOTING_PROTOCOL_THIRD_PARTY_HOST_AUTHENTICATOR_H_ 6 #define REMOTING_PROTOCOL_THIRD_PARTY_HOST_AUTHENTICATOR_H_ 7 8 #include <string> 9 10 #include "base/callback.h" 11 #include "base/memory/scoped_ptr.h" 12 #include "remoting/protocol/third_party_authenticator_base.h" 13 #include "url/gurl.h" 14 15 namespace remoting { 16 17 class RsaKeyPair; 18 19 namespace protocol { 20 21 // Implements the host side of the third party authentication mechanism. 22 // The host authenticator sends the |token_url| and |scope| obtained from the 23 // |TokenValidator| to the client, and expects a |token| in response. 24 // Once that token is received, it calls |TokenValidator| asynchronously to 25 // validate it, and exchange it for a |shared_secret|. Once the |TokenValidator| 26 // returns, the host uses the |shared_secret| to create an underlying 27 // |V2Authenticator|, which is used to establish the encrypted connection. 28 class ThirdPartyHostAuthenticator : public ThirdPartyAuthenticatorBase { 29 public: 30 class TokenValidator { 31 public: 32 // Callback passed to |ValidateThirdPartyToken|, and called once the host 33 // authentication finishes. |shared_secret| should be used by the host to 34 // create a V2Authenticator. In case of failure, the callback is called with 35 // an empty |shared_secret|. 36 typedef base::Callback<void( 37 const std::string& shared_secret)> TokenValidatedCallback; 38 ~TokenValidator()39 virtual ~TokenValidator() {} 40 41 // Validates |token| with the server and exchanges it for a |shared_secret|. 42 // |token_validated_callback| is called when the host authentication ends, 43 // in the same thread |ValidateThirdPartyToken| was originally called. 44 // The request is canceled if this object is destroyed. 45 virtual void ValidateThirdPartyToken( 46 const std::string& token, 47 const TokenValidatedCallback& token_validated_callback) = 0; 48 49 // URL sent to the client, to be used by its |TokenFetcher| to get a token. 50 virtual const GURL& token_url() const = 0; 51 52 // Space-separated list of connection attributes the host must send to the 53 // client, and require the token received in response to match. 54 virtual const std::string& token_scope() const = 0; 55 }; 56 57 class TokenValidatorFactory { 58 public: ~TokenValidatorFactory()59 virtual ~TokenValidatorFactory() {} 60 61 // Creates a TokenValidator. |local_jid| and |remote_jid| are used to create 62 // a token scope that is restricted to the current connection's JIDs. 63 virtual scoped_ptr<TokenValidator> CreateTokenValidator( 64 const std::string& local_jid, 65 const std::string& remote_jid) = 0; 66 }; 67 68 // Creates a third-party host authenticator. |local_cert| and |key_pair| are 69 // used by the underlying V2Authenticator to create the SSL channels. 70 // |token_validator| contains the token parameters to be sent to the client 71 // and is used to obtain the shared secret. 72 ThirdPartyHostAuthenticator(const std::string& local_cert, 73 scoped_refptr<RsaKeyPair> key_pair, 74 scoped_ptr<TokenValidator> token_validator); 75 virtual ~ThirdPartyHostAuthenticator(); 76 77 protected: 78 // ThirdPartyAuthenticator implementation. 79 virtual void ProcessTokenMessage( 80 const buzz::XmlElement* message, 81 const base::Closure& resume_callback) OVERRIDE; 82 virtual void AddTokenElements(buzz::XmlElement* message) OVERRIDE; 83 84 private: 85 void OnThirdPartyTokenValidated(const buzz::XmlElement* message, 86 const base::Closure& resume_callback, 87 const std::string& shared_secret); 88 89 std::string local_cert_; 90 scoped_refptr<RsaKeyPair> key_pair_; 91 scoped_ptr<TokenValidator> token_validator_; 92 93 DISALLOW_COPY_AND_ASSIGN(ThirdPartyHostAuthenticator); 94 }; 95 96 } // namespace protocol 97 } // namespace remoting 98 99 #endif // REMOTING_PROTOCOL_THIRD_PARTY_HOST_AUTHENTICATOR_H_ 100