// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "remoting/protocol/pairing_authenticator_base.h"
#include "base/bind.h"
#include "remoting/base/constants.h"
#include "remoting/protocol/channel_authenticator.h"
namespace remoting {
namespace protocol {
const buzz::StaticQName PairingAuthenticatorBase::kPairingInfoTag =
{ kChromotingXmlNamespace, "pairing-info" };
const buzz::StaticQName PairingAuthenticatorBase::kClientIdAttribute =
{ "", "client-id" };
namespace {
const buzz::StaticQName kPairingFailedTag =
{ kChromotingXmlNamespace, "pairing-failed" };
const buzz::StaticQName kPairingErrorAttribute = { "", "error" };
} // namespace
PairingAuthenticatorBase::PairingAuthenticatorBase()
: using_paired_secret_(false),
waiting_for_authenticator_(false),
weak_factory_(this) {
}
PairingAuthenticatorBase::~PairingAuthenticatorBase() {
}
Authenticator::State PairingAuthenticatorBase::state() const {
if (waiting_for_authenticator_) {
return PROCESSING_MESSAGE;
}
return v2_authenticator_->state();
}
Authenticator::RejectionReason
PairingAuthenticatorBase::rejection_reason() const {
if (!v2_authenticator_) {
return PROTOCOL_ERROR;
}
return v2_authenticator_->rejection_reason();
}
void PairingAuthenticatorBase::ProcessMessage(
const buzz::XmlElement* message,
const base::Closure& resume_callback) {
DCHECK_EQ(state(), WAITING_MESSAGE);
// The client authenticator creates the underlying authenticator in the ctor
// and the host creates it in response to the first message before deferring
// to this class to process it. Either way, it should exist here.
DCHECK(v2_authenticator_);
// If pairing failed, and we haven't already done so, try again with the PIN.
if (using_paired_secret_ && HasErrorMessage(message)) {
using_paired_secret_ = false;
waiting_for_authenticator_ = true;
v2_authenticator_.reset();
SetAuthenticatorCallback set_authenticator = base::Bind(
&PairingAuthenticatorBase::SetAuthenticatorAndProcessMessage,
weak_factory_.GetWeakPtr(), base::Owned(new buzz::XmlElement(*message)),
resume_callback);
CreateV2AuthenticatorWithPIN(WAITING_MESSAGE, set_authenticator);
return;
}
// Pass the message to the underlying authenticator for processing, but
// check for a failed SPAKE exchange if we're using the paired secret. In
// this case the pairing protocol can continue by communicating the error
// to the peer and retrying with the PIN.
v2_authenticator_->ProcessMessage(
message,
base::Bind(&PairingAuthenticatorBase::CheckForFailedSpakeExchange,
weak_factory_.GetWeakPtr(), resume_callback));
}
scoped_ptr<buzz::XmlElement> PairingAuthenticatorBase::GetNextMessage() {
DCHECK_EQ(state(), MESSAGE_READY);
scoped_ptr<buzz::XmlElement> result = v2_authenticator_->GetNextMessage();
AddPairingElements(result.get());
MaybeAddErrorMessage(result.get());
return result.Pass();
}
scoped_ptr<ChannelAuthenticator>
PairingAuthenticatorBase::CreateChannelAuthenticator() const {
return v2_authenticator_->CreateChannelAuthenticator();
}
void PairingAuthenticatorBase::MaybeAddErrorMessage(buzz::XmlElement* message) {
if (!error_message_.empty()) {
buzz::XmlElement* pairing_failed_tag =
new buzz::XmlElement(kPairingFailedTag);
pairing_failed_tag->AddAttr(kPairingErrorAttribute, error_message_);
message->AddElement(pairing_failed_tag);
error_message_.clear();
}
}
bool PairingAuthenticatorBase::HasErrorMessage(
const buzz::XmlElement* message) const {
const buzz::XmlElement* pairing_failed_tag =
message->FirstNamed(kPairingFailedTag);
if (pairing_failed_tag) {
std::string error = pairing_failed_tag->Attr(kPairingErrorAttribute);
LOG(ERROR) << "Pairing failed: " << error;
}
return pairing_failed_tag != NULL;
}
void PairingAuthenticatorBase::CheckForFailedSpakeExchange(
const base::Closure& resume_callback) {
// If the SPAKE exchange failed due to invalid credentials, and those
// credentials were the paired secret, then notify the peer that the
// PIN-less connection failed and retry using the PIN.
if (v2_authenticator_->state() == REJECTED &&
v2_authenticator_->rejection_reason() == INVALID_CREDENTIALS &&
using_paired_secret_) {
using_paired_secret_ = false;
error_message_ = "invalid-shared-secret";
v2_authenticator_.reset();
buzz::XmlElement* no_message = NULL;
SetAuthenticatorCallback set_authenticator = base::Bind(
&PairingAuthenticatorBase::SetAuthenticatorAndProcessMessage,
weak_factory_.GetWeakPtr(), no_message, resume_callback);
CreateV2AuthenticatorWithPIN(MESSAGE_READY, set_authenticator);
return;
}
resume_callback.Run();
}
void PairingAuthenticatorBase::SetAuthenticatorAndProcessMessage(
const buzz::XmlElement* message,
const base::Closure& resume_callback,
scoped_ptr<Authenticator> authenticator) {
DCHECK(!v2_authenticator_);
DCHECK(authenticator);
waiting_for_authenticator_ = false;
v2_authenticator_ = authenticator.Pass();
if (message) {
ProcessMessage(message, resume_callback);
} else {
resume_callback.Run();
}
}
} // namespace protocol
} // namespace remoting