Begin adding mutual authentication into the SessionManager::connect()…

… call.

This CL mainly changes APIs and stubs out functionality needed to
actually create the correct auth token stanzas.

BUG=None
TEST=compiles.

Review URL: http://codereview.chromium.org/4941001

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@67316 0039d316-1c4b-4281-b951-d872f2087c98

remoting/host/access_verifier.cc

@@ -7,6 +7,7 @@
 #include "base/logging.h"
 #include "base/string_util.h"
 #include "remoting/host/host_config.h"
+#include "remoting/proto/auth.pb.h"
 
 namespace remoting {
 
@@ -29,11 +30,33 @@ bool AccessVerifier::Init(HostConfig* config) {
   return true;
 }
 
-bool AccessVerifier::VerifyPermissions(const std::string& client_jid) {
+bool AccessVerifier::VerifyPermissions(
+    const std::string& client_jid,
+    const std::string& encoded_access_token) {
   CHECK(initialized_);
   // Check that the client has the same bare jid as the host, i.e.
   // client's full jid starts with host's bare jid.
-  return StartsWithASCII(client_jid, host_jid_prefix_, true);
+  if (!StartsWithASCII(client_jid, host_jid_prefix_, true)) {
+    return false;
+  }
+
+  // Decode the auth token.
+  protocol::ClientAuthToken client_token;
+  if (!DecodeClientAuthToken(encoded_access_token, &client_token)) {
+    return false;
+  }
+
+  // Kick off directory access permissions.
+  // TODO(ajwong): Actually implement this.
+  return true;
+}
+
+bool AccessVerifier::DecodeClientAuthToken(
+    const std::string& encoded_client_token,
+    protocol::ClientAuthToken* client_token) {
+  // TODO(ajwong): Implement this.
+  NOTIMPLEMENTED();
+  return true;
 }
 
 }  // namespace remoting

remoting/host/access_verifier.h

@@ -11,20 +11,31 @@
 
 namespace remoting {
 
+namespace protocol {
+class ClientAuthToken;
+}  // namespace protocol
+
 class HostConfig;
 
 // AccessVerifier is used by to verify that the client has access to the host.
-// Currently it just checks that host and client have the same bare JID.
+// Currently it
+//
+//   1) Checks that host and client have the same bare JID.
+//   2) Verifies that the access token can be decoded.
 //
-// TODO(sergeyu): AccessVerifier should query directory to verify user
-// permissions.
+// TODO(sergeyu): Remove the bare-JID check, and instead ask the directory to
+// perform user authorization.
 class AccessVerifier {
  public:
   AccessVerifier();
   bool Init(HostConfig* config);
-  bool VerifyPermissions(const std::string& client_jid);
+  bool VerifyPermissions(const std::string& client_jid,
+                         const std::string& encoded_client_token);
 
  private:
+  bool DecodeClientAuthToken(const std::string& encoded_client_token,
+                             protocol::ClientAuthToken* client_token);
+
   std::string host_jid_prefix_;
   bool initialized_;
 

remoting/host/access_verifier_unittest.cc

@@ -48,13 +48,13 @@ TEST_F(AccessVerifierTest, VerifyPermissions) {
   AccessVerifier target;
   InitConfig();
   ASSERT_TRUE(target.Init(config_));
-  EXPECT_TRUE(target.VerifyPermissions("host@domain.com/123123"));
-  EXPECT_FALSE(target.VerifyPermissions("host@domain.com"));
-  EXPECT_FALSE(target.VerifyPermissions("otherhost@domain.com/123123"));
-  EXPECT_FALSE(target.VerifyPermissions("host@otherdomain.com/123123"));
-  EXPECT_FALSE(target.VerifyPermissions(""));
-  EXPECT_FALSE(target.VerifyPermissions("host@domain.co/saf"));
-  EXPECT_FALSE(target.VerifyPermissions("host@domain.com.other/blah"));
+  EXPECT_TRUE(target.VerifyPermissions("host@domain.com/123123", ""));
+  EXPECT_FALSE(target.VerifyPermissions("host@domain.com", ""));
+  EXPECT_FALSE(target.VerifyPermissions("otherhost@domain.com/123123", ""));
+  EXPECT_FALSE(target.VerifyPermissions("host@otherdomain.com/123123", ""));
+  EXPECT_FALSE(target.VerifyPermissions("", ""));
+  EXPECT_FALSE(target.VerifyPermissions("host@domain.co/saf", ""));
+  EXPECT_FALSE(target.VerifyPermissions("host@domain.com.other/blah", ""));
 }
 
 }  // namespace remoting

remoting/host/chromoting_host.cc

@@ -263,8 +263,9 @@ void ChromotingHost::OnNewClientSession(
     return;
   }
 
-  // Check that the user has access to the host.
-  if (!access_verifier_.VerifyPermissions(session->jid())) {
+  // Check that the client has access to the host.
+  if (!access_verifier_.VerifyPermissions(session->jid(),
+                                          session->initiator_token())) {
     *response = protocol::SessionManager::DECLINE;
     return;
   }
@@ -283,6 +284,8 @@ void ChromotingHost::OnNewClientSession(
   }
 
   session->set_config(config);
+  session->set_receiver_token(
+      GenerateHostAuthToken(session->initiator_token()));
 
   *response = protocol::SessionManager::ACCEPT;
 
@@ -326,4 +329,10 @@ Encoder* ChromotingHost::CreateEncoder(const protocol::SessionConfig* config) {
   return NULL;
 }
 
+std::string ChromotingHost::GenerateHostAuthToken(
+    const std::string& encoded_client_token) {
+  // TODO(ajwong): Return the signature of this instead.
+  return encoded_client_token;
+}
+
 }  // namespace remoting

remoting/host/chromoting_host.h

@@ -129,6 +129,8 @@ class ChromotingHost : public base::RefCountedThreadSafe<ChromotingHost>,
   // Creates encoder for the specified configuration.
   Encoder* CreateEncoder(const protocol::SessionConfig* config);
 
+  std::string GenerateHostAuthToken(const std::string& encoded_client_token);
+
   // The context that the chromoting host runs on.
   ChromotingHostContext* context_;
 

remoting/proto/auth.proto

@@ -0,0 +1,21 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Messages related to Client/Host Mutual Authentication and Local Login.
+
+syntax = "proto2";
+
+option optimize_for = LITE_RUNTIME;
+
+package remoting.protocol;
+
+// Represents the data used in generating the client auth token during session
+// initiation.
+message ClientAuthToken {
+  optional string host_full_jid = 1;
+  optional string client_full_jid = 2;
+
+  // A short-lived OAuth token identifying the client to the host.
+  optional string client_oauth_token = 3;
+}

remoting/proto/chromotocol.gyp

@@ -13,6 +13,7 @@
       'target_name': 'chromotocol_proto',
       'type': 'none',
       'sources': [
+        'auth.proto',
         'control.proto',
         'event.proto',
         'internal.proto',
@@ -66,6 +67,8 @@
       # chromotocol_proto to compile.
       'hard_dependency': 1,
       'sources': [
+        '<(out_dir)/auth.pb.cc',
+        '<(out_dir)/auth.pb.h',
         '<(out_dir)/control.pb.cc',
         '<(out_dir)/control.pb.h',
         '<(out_dir)/event.pb.cc',

remoting/proto/internal.proto

@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-// Internal messages as a unit for transmission in the wire.
+// Internal message types that should not be seen outside the protocol
+// directory.
 
 syntax = "proto2";
 
@@ -16,7 +17,6 @@ package remoting;
 
 // Defines the message that is sent from the client to the host.
 // Only one of the optional messages should be present.
-// NEXT ID: 7
 message ChromotingClientMessage {
   optional KeyEvent key_event = 1;
   optional MouseSetPositionEvent mouse_set_position_event = 2;

remoting/protocol/fake_session.cc

@@ -181,6 +181,22 @@ void FakeSession::set_config(const SessionConfig* config) {
   config_.reset(config);
 }
 
+const std::string& FakeSession::initiator_token() {
+  return initiator_token_;
+}
+
+void FakeSession::set_initiator_token(const std::string& initiator_token) {
+  initiator_token_ = initiator_token;
+}
+
+const std::string& FakeSession::receiver_token() {
+  return receiver_token_;
+}
+
+void FakeSession::set_receiver_token(const std::string& receiver_token) {
+  receiver_token_ = receiver_token;
+}
+
 void FakeSession::Close(Task* closed_task) {
   closed_ = true;
   closed_task->Run();

remoting/protocol/fake_session.h

@@ -118,6 +118,11 @@ class FakeSession : public Session {
   virtual const SessionConfig* config();
   virtual void set_config(const SessionConfig* config);
 
+  virtual const std::string& initiator_token();
+  virtual void set_initiator_token(const std::string& initiator_token);
+  virtual const std::string& receiver_token();
+  virtual void set_receiver_token(const std::string& receiver_token);
+
   virtual void Close(Task* closed_task);
 
  public:
@@ -130,6 +135,10 @@ class FakeSession : public Session {
   FakeSocket video_channel_;
   FakeUdpSocket video_rtp_channel_;
   FakeUdpSocket video_rtcp_channel_;
+
+  std::string initiator_token_;
+  std::string receiver_token_;
+
   std::string jid_;
   bool closed_;
 };

remoting/protocol/jingle_connection_to_host.cc

@@ -8,6 +8,7 @@
 #include "base/message_loop.h"
 #include "remoting/base/constants.h"
 #include "remoting/jingle_glue/jingle_thread.h"
+#include "remoting/proto/auth.pb.h"
 #include "remoting/protocol/jingle_session_manager.h"
 #include "remoting/protocol/video_reader.h"
 #include "remoting/protocol/video_stub.h"
@@ -87,9 +88,18 @@ void JingleConnectionToHost::InitSession() {
   // TODO(sergeyu): Set resolution in the |candidate_config| to the desired
   // resolution.
 
+  ClientAuthToken auth_token_proto;
+  auth_token_proto.set_host_full_jid(host_jid_);
+  auth_token_proto.set_client_full_jid(jingle_client_->GetFullJid());
+  // TODO(ajwong): Use real token.
+  auth_token_proto.set_client_oauth_token("");
+
+  // TODO(ajwong): We should encrypt this based on the host's public key.
+  std::string client_token = auth_token_proto.SerializeAsString();
+
   // Initialize |session_|.
   session_ = session_manager_->Connect(
-      host_jid_, candidate_config,
+      host_jid_, client_token, candidate_config,
       NewCallback(this, &JingleConnectionToHost::OnSessionStateChange));
 }
 

remoting/protocol/jingle_session.cc

@@ -138,6 +138,22 @@ void JingleSession::set_config(const SessionConfig* config) {
   config_.reset(config);
 }
 
+const std::string& JingleSession::initiator_token() {
+  return initiator_token_;
+}
+
+void JingleSession::set_initiator_token(const std::string& initiator_token) {
+  initiator_token_ = initiator_token;
+}
+
+const std::string& JingleSession::receiver_token() {
+  return receiver_token_;
+}
+
+void JingleSession::set_receiver_token(const std::string& receiver_token) {
+  receiver_token_ = receiver_token;
+}
+
 void JingleSession::Close(Task* closed_task) {
   if (MessageLoop::current() != jingle_session_manager_->message_loop()) {
     jingle_session_manager_->message_loop()->PostTask(

remoting/protocol/jingle_session.h

@@ -51,11 +51,17 @@ class JingleSession : public protocol::Session,
   virtual const std::string& jid();
   virtual MessageLoop* message_loop();
 
-  virtual const CandidateSessionConfig* candidate_config();
   virtual const SessionConfig* config();
-
   virtual void set_config(const SessionConfig* config);
 
+  virtual const std::string& initiator_token();
+  virtual void set_initiator_token(const std::string& initiator_token);
+  virtual const std::string& receiver_token();
+  virtual void set_receiver_token(const std::string& receiver_token);
+
+  // These fields are only set on the receiving side.
+  virtual const CandidateSessionConfig* candidate_config();
+
   virtual void Close(Task* closed_task);
 
  protected:
@@ -95,9 +101,14 @@ class JingleSession : public protocol::Session,
   // The corresponding libjingle session.
   cricket::Session* cricket_session_;
 
-  scoped_ptr<const CandidateSessionConfig> candidate_config_;
   scoped_ptr<const SessionConfig> config_;
 
+  std::string initiator_token_;
+  std::string receiver_token_;
+
+  // These data members are only set on the receiving side.
+  scoped_ptr<const CandidateSessionConfig> candidate_config_;
+
   cricket::PseudoTcpChannel* control_channel_;
   scoped_ptr<StreamSocketAdapter> control_channel_adapter_;
   cricket::PseudoTcpChannel* event_channel_;