Roll src/third_party/WebKit d9c6159:8139f33 (svn 201974:201975)
[chromium-blink-merge.git] / remoting / protocol / ssl_hmac_channel_authenticator.h
blobb5d869b9ff4ce8f447a11ed21d7323618c2d44c7
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_
6 #define REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_
8 #include <string>
10 #include "base/callback.h"
11 #include "base/memory/ref_counted.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/threading/non_thread_safe.h"
14 #include "remoting/protocol/channel_authenticator.h"
16 namespace net {
17 class CertVerifier;
18 class DrainableIOBuffer;
19 class GrowableIOBuffer;
20 class SSLSocket;
21 class TransportSecurityState;
22 } // namespace net
24 namespace remoting {
26 class RsaKeyPair;
28 namespace protocol {
30 // SslHmacChannelAuthenticator implements ChannelAuthenticator that
31 // secures channels using SSL and authenticates them with a shared
32 // secret HMAC.
33 class SslHmacChannelAuthenticator : public ChannelAuthenticator,
34 public base::NonThreadSafe {
35 public:
36 enum LegacyMode {
37 NONE,
38 SEND_ONLY,
39 RECEIVE_ONLY,
42 // CreateForClient() and CreateForHost() create an authenticator
43 // instances for client and host. |auth_key| specifies shared key
44 // known by both host and client. In case of V1Authenticator the
45 // |auth_key| is set to access code. For EKE-based authentication
46 // |auth_key| is the key established using EKE over the signaling
47 // channel.
48 static scoped_ptr<SslHmacChannelAuthenticator> CreateForClient(
49 const std::string& remote_cert,
50 const std::string& auth_key);
52 static scoped_ptr<SslHmacChannelAuthenticator> CreateForHost(
53 const std::string& local_cert,
54 scoped_refptr<RsaKeyPair> key_pair,
55 const std::string& auth_key);
57 ~SslHmacChannelAuthenticator() override;
59 // ChannelAuthenticator interface.
60 void SecureAndAuthenticate(scoped_ptr<P2PStreamSocket> socket,
61 const DoneCallback& done_callback) override;
63 private:
64 SslHmacChannelAuthenticator(const std::string& auth_key);
66 bool is_ssl_server();
68 void OnConnected(int result);
70 void WriteAuthenticationBytes(bool* callback_called);
71 void OnAuthBytesWritten(int result);
72 bool HandleAuthBytesWritten(int result, bool* callback_called);
74 void ReadAuthenticationBytes();
75 void OnAuthBytesRead(int result);
76 bool HandleAuthBytesRead(int result);
77 bool VerifyAuthBytes(const std::string& received_auth_bytes);
79 void CheckDone(bool* callback_called);
80 void NotifyError(int error);
82 // The mutual secret used for authentication.
83 std::string auth_key_;
85 // Used in the SERVER mode only.
86 std::string local_cert_;
87 scoped_refptr<RsaKeyPair> local_key_pair_;
89 // Used in the CLIENT mode only.
90 std::string remote_cert_;
91 scoped_ptr<net::TransportSecurityState> transport_security_state_;
92 scoped_ptr<net::CertVerifier> cert_verifier_;
94 scoped_ptr<net::SSLSocket> socket_;
95 DoneCallback done_callback_;
97 scoped_refptr<net::DrainableIOBuffer> auth_write_buf_;
98 scoped_refptr<net::GrowableIOBuffer> auth_read_buf_;
100 DISALLOW_COPY_AND_ASSIGN(SslHmacChannelAuthenticator);
103 } // namespace protocol
104 } // namespace remoting
106 #endif // REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_