| // Copyright 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "remoting/protocol/pairing_authenticator_base.h" |
| |
| #include "base/bind.h" |
| #include "remoting/base/constants.h" |
| #include "remoting/protocol/channel_authenticator.h" |
| |
| namespace remoting { |
| namespace protocol { |
| |
| const buzz::StaticQName PairingAuthenticatorBase::kPairingInfoTag = |
| { kChromotingXmlNamespace, "pairing-info" }; |
| const buzz::StaticQName PairingAuthenticatorBase::kClientIdAttribute = |
| { "", "client-id" }; |
| |
| namespace { |
| const buzz::StaticQName kPairingFailedTag = |
| { kChromotingXmlNamespace, "pairing-failed" }; |
| const buzz::StaticQName kPairingErrorAttribute = { "", "error" }; |
| } // namespace |
| |
| PairingAuthenticatorBase::PairingAuthenticatorBase() |
| : using_paired_secret_(false), |
| waiting_for_authenticator_(false), |
| weak_factory_(this) { |
| } |
| |
| PairingAuthenticatorBase::~PairingAuthenticatorBase() { |
| } |
| |
| Authenticator::State PairingAuthenticatorBase::state() const { |
| if (waiting_for_authenticator_) { |
| return PROCESSING_MESSAGE; |
| } |
| return v2_authenticator_->state(); |
| } |
| |
| Authenticator::RejectionReason |
| PairingAuthenticatorBase::rejection_reason() const { |
| if (!v2_authenticator_) { |
| return PROTOCOL_ERROR; |
| } |
| return v2_authenticator_->rejection_reason(); |
| } |
| |
| void PairingAuthenticatorBase::ProcessMessage( |
| const buzz::XmlElement* message, |
| const base::Closure& resume_callback) { |
| DCHECK_EQ(state(), WAITING_MESSAGE); |
| |
| // The client authenticator creates the underlying authenticator in the ctor |
| // and the host creates it in response to the first message before deferring |
| // to this class to process it. Either way, it should exist here. |
| DCHECK(v2_authenticator_); |
| |
| // If pairing failed, and we haven't already done so, try again with the PIN. |
| if (using_paired_secret_ && HasErrorMessage(message)) { |
| using_paired_secret_ = false; |
| waiting_for_authenticator_ = true; |
| v2_authenticator_.reset(); |
| SetAuthenticatorCallback set_authenticator = base::Bind( |
| &PairingAuthenticatorBase::SetAuthenticatorAndProcessMessage, |
| weak_factory_.GetWeakPtr(), base::Owned(new buzz::XmlElement(*message)), |
| resume_callback); |
| CreateV2AuthenticatorWithPIN(WAITING_MESSAGE, set_authenticator); |
| return; |
| } |
| |
| // Pass the message to the underlying authenticator for processing, but |
| // check for a failed SPAKE exchange if we're using the paired secret. In |
| // this case the pairing protocol can continue by communicating the error |
| // to the peer and retrying with the PIN. |
| v2_authenticator_->ProcessMessage( |
| message, |
| base::Bind(&PairingAuthenticatorBase::CheckForFailedSpakeExchange, |
| weak_factory_.GetWeakPtr(), resume_callback)); |
| } |
| |
| scoped_ptr<buzz::XmlElement> PairingAuthenticatorBase::GetNextMessage() { |
| DCHECK_EQ(state(), MESSAGE_READY); |
| scoped_ptr<buzz::XmlElement> result = v2_authenticator_->GetNextMessage(); |
| AddPairingElements(result.get()); |
| MaybeAddErrorMessage(result.get()); |
| return result.Pass(); |
| } |
| |
| scoped_ptr<ChannelAuthenticator> |
| PairingAuthenticatorBase::CreateChannelAuthenticator() const { |
| return v2_authenticator_->CreateChannelAuthenticator(); |
| } |
| |
| void PairingAuthenticatorBase::MaybeAddErrorMessage(buzz::XmlElement* message) { |
| if (!error_message_.empty()) { |
| buzz::XmlElement* pairing_failed_tag = |
| new buzz::XmlElement(kPairingFailedTag); |
| pairing_failed_tag->AddAttr(kPairingErrorAttribute, error_message_); |
| message->AddElement(pairing_failed_tag); |
| error_message_.clear(); |
| } |
| } |
| |
| bool PairingAuthenticatorBase::HasErrorMessage( |
| const buzz::XmlElement* message) const { |
| const buzz::XmlElement* pairing_failed_tag = |
| message->FirstNamed(kPairingFailedTag); |
| if (pairing_failed_tag) { |
| std::string error = pairing_failed_tag->Attr(kPairingErrorAttribute); |
| LOG(INFO) << "Pairing failed: " << error; |
| } |
| return pairing_failed_tag != NULL; |
| } |
| |
| void PairingAuthenticatorBase::CheckForFailedSpakeExchange( |
| const base::Closure& resume_callback) { |
| // If the SPAKE exchange failed due to invalid credentials, and those |
| // credentials were the paired secret, then notify the peer that the |
| // PIN-less connection failed and retry using the PIN. |
| if (v2_authenticator_->state() == REJECTED && |
| v2_authenticator_->rejection_reason() == INVALID_CREDENTIALS && |
| using_paired_secret_) { |
| using_paired_secret_ = false; |
| error_message_ = "invalid-shared-secret"; |
| v2_authenticator_.reset(); |
| buzz::XmlElement* no_message = NULL; |
| SetAuthenticatorCallback set_authenticator = base::Bind( |
| &PairingAuthenticatorBase::SetAuthenticatorAndProcessMessage, |
| weak_factory_.GetWeakPtr(), no_message, resume_callback); |
| CreateV2AuthenticatorWithPIN(MESSAGE_READY, set_authenticator); |
| return; |
| } |
| |
| resume_callback.Run(); |
| } |
| |
| void PairingAuthenticatorBase::SetAuthenticatorAndProcessMessage( |
| const buzz::XmlElement* message, |
| const base::Closure& resume_callback, |
| scoped_ptr<Authenticator> authenticator) { |
| DCHECK(!v2_authenticator_); |
| DCHECK(authenticator); |
| waiting_for_authenticator_ = false; |
| v2_authenticator_ = authenticator.Pass(); |
| if (message) { |
| ProcessMessage(message, resume_callback); |
| } else { |
| resume_callback.Run(); |
| } |
| } |
| |
| } // namespace protocol |
| } // namespace remoting |