Commit 42cb6f9f authored by sergeyu's avatar sergeyu Committed by Commit bot

Cleanup AuthenticationMethod usage.

Previously AuthenticationMethod type was used in many places. Removed
all dependencies on it except from NegotiatingAuthenticator classes.
AuthenticationMethod has been moved to
NegotiatingAuthenticatorBase::Method.

Also includes the following cleanups:
 - removed old authentication functions from auth_util.cc which were
   no longer needed.
 - Remove HashFunction enum as it wasn't useful.

BUG=589698

Review URL: https://codereview.chromium.org/1768383004

Cr-Commit-Position: refs/heads/master@{#380078}
parent 020716dc
......@@ -80,18 +80,10 @@ ChromotingJniInstance::ChromotingJniInstance(ChromotingJniRuntime* jni_runtime,
weak_factory_.GetWeakPtr()),
host_pubkey));
std::vector<protocol::AuthenticationMethod> auth_methods;
auth_methods.push_back(protocol::AuthenticationMethod::THIRD_PARTY);
auth_methods.push_back(protocol::AuthenticationMethod::SPAKE2_PAIR);
auth_methods.push_back(
protocol::AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC);
auth_methods.push_back(
protocol::AuthenticationMethod::SPAKE2_SHARED_SECRET_PLAIN);
authenticator_.reset(new protocol::NegotiatingClientAuthenticator(
pairing_id, pairing_secret, host_id_,
base::Bind(&ChromotingJniInstance::FetchSecret, this),
std::move(token_fetcher), auth_methods));
std::move(token_fetcher)));
// Post a task to start connection
jni_runtime_->network_task_runner()->PostTask(
......
......@@ -703,18 +703,10 @@ void ChromotingInstance::HandleConnect(const base::DictionaryValue& data) {
weak_factory_.GetWeakPtr()),
host_public_key));
std::vector<protocol::AuthenticationMethod> auth_methods;
auth_methods.push_back(protocol::AuthenticationMethod::THIRD_PARTY);
auth_methods.push_back(protocol::AuthenticationMethod::SPAKE2_PAIR);
auth_methods.push_back(
protocol::AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC);
auth_methods.push_back(
protocol::AuthenticationMethod::SPAKE2_SHARED_SECRET_PLAIN);
scoped_ptr<protocol::Authenticator> authenticator(
new protocol::NegotiatingClientAuthenticator(
client_pairing_id, client_paired_secret, authentication_tag,
fetch_secret_callback, std::move(token_fetcher), auth_methods));
fetch_secret_callback, std::move(token_fetcher)));
scoped_ptr<protocol::CandidateSessionConfig> config =
protocol::CandidateSessionConfig::CreateDefault();
......
......@@ -6,7 +6,7 @@
#include "base/base64.h"
#include "base/logging.h"
#include "remoting/protocol/authentication_method.h"
#include "remoting/protocol/auth_util.h"
#include "remoting/protocol/me2me_host_authenticator_factory.h"
namespace remoting {
......@@ -23,8 +23,7 @@ bool ParsePinHashFromConfig(const std::string& value,
std::string function_name = value.substr(0, separator);
if (function_name == "plain") {
*pin_hash_out = protocol::ApplySharedSecretHashFunction(
protocol::HashFunction::HMAC_SHA256, host_id, *pin_hash_out);
*pin_hash_out = protocol::GetSharedSecretHash(host_id, *pin_hash_out);
return true;
} else if (function_name == "hmac") {
return true;
......@@ -36,8 +35,7 @@ bool ParsePinHashFromConfig(const std::string& value,
std::string MakeHostPinHash(const std::string& host_id,
const std::string& pin) {
std::string hash = protocol::ApplySharedSecretHashFunction(
protocol::HashFunction::HMAC_SHA256, host_id, pin);
std::string hash = protocol::GetSharedSecretHash(host_id, pin);
std::string hash_base64;
base::Base64Encode(hash, &hash_base64);
return "hmac:" + hash_base64;
......@@ -51,8 +49,7 @@ bool VerifyHostPinHash(const std::string& hash,
LOG(FATAL) << "Failed to parse PIN hash.";
return false;
}
std::string hash_calculated = protocol::ApplySharedSecretHashFunction(
protocol::HashFunction::HMAC_SHA256, host_id, pin);
std::string hash_calculated = protocol::GetSharedSecretHash(host_id, pin);
return hash_calculated == hash_parsed;
}
......
......@@ -22,20 +22,19 @@ const char kHostAuthSslExporterLabel[] =
const char kSslFakeHostName[] = "chromoting";
std::string GenerateSupportAuthToken(const std::string& jid,
const std::string& access_code) {
std::string sha256 = crypto::SHA256HashString(jid + " " + access_code);
std::string sha256_base64;
base::Base64Encode(sha256, &sha256_base64);
return sha256_base64;
}
std::string GetSharedSecretHash(const std::string& tag,
const std::string& shared_secret) {
crypto::HMAC response(crypto::HMAC::SHA256);
if (!response.Init(tag)) {
LOG(FATAL) << "HMAC::Init failed";
}
unsigned char out_bytes[kSharedSecretHashLength];
if (!response.Sign(shared_secret, out_bytes, sizeof(out_bytes))) {
LOG(FATAL) << "HMAC::Sign failed";
}
bool VerifySupportAuthToken(const std::string& jid,
const std::string& access_code,
const std::string& auth_token) {
std::string expected_token =
GenerateSupportAuthToken(jid, access_code);
return expected_token == auth_token;
return std::string(out_bytes, out_bytes + sizeof(out_bytes));
}
// static
......
......@@ -31,18 +31,9 @@ const size_t kSharedSecretHashLength = 32;
// Size of the HMAC-SHA-256 digest used for channel authentication.
const size_t kAuthDigestLength = 32;
// TODO(sergeyu): The following two methods are used for V1
// authentication. Remove them when we finally switch to V2
// authentication method. crbug.com/110483 .
// Generates auth token for the specified |jid| and |access_code|.
std::string GenerateSupportAuthToken(const std::string& jid,
const std::string& access_code);
// Verifies validity of an |access_token|.
bool VerifySupportAuthToken(const std::string& jid,
const std::string& access_code,
const std::string& auth_token);
// Returns HMAC-SHA-256 hash for |shared_secret| with the specified |tag|.
std::string GetSharedSecretHash(const std::string& tag,
const std::string& shared_secret);
// Returns authentication bytes that must be used for the given
// |socket|. Empty string is returned in case of failure.
......
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "remoting/protocol/authentication_method.h"
#include "base/logging.h"
#include "crypto/hmac.h"
#include "remoting/protocol/auth_util.h"
#include "remoting/protocol/name_value_map.h"
namespace remoting {
namespace protocol {
const NameMapElement<AuthenticationMethod> kAuthenticationMethodStrings[] = {
{AuthenticationMethod::SPAKE2_SHARED_SECRET_PLAIN, "spake2_plain"},
{AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC, "spake2_hmac"},
{AuthenticationMethod::SPAKE2_PAIR, "spake2_pair"},
{AuthenticationMethod::THIRD_PARTY, "third_party"}};
AuthenticationMethod ParseAuthenticationMethodString(const std::string& value) {
AuthenticationMethod result;
if (!NameToValue(kAuthenticationMethodStrings, value, &result))
return AuthenticationMethod::INVALID;
return result;
}
const std::string AuthenticationMethodToString(
AuthenticationMethod method) {
return ValueToName(kAuthenticationMethodStrings, method);
}
HashFunction GetHashFunctionForAuthenticationMethod(
AuthenticationMethod method) {
switch (method) {
case AuthenticationMethod::INVALID:
NOTREACHED();
return HashFunction::NONE;
case AuthenticationMethod::SPAKE2_SHARED_SECRET_PLAIN:
case AuthenticationMethod::THIRD_PARTY:
return HashFunction::NONE;
case AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC:
case AuthenticationMethod::SPAKE2_PAIR:
return HashFunction::HMAC_SHA256;
}
NOTREACHED();
return HashFunction::NONE;
}
std::string ApplySharedSecretHashFunction(HashFunction hash_function,
const std::string& tag,
const std::string& shared_secret) {
switch (hash_function) {
case HashFunction::NONE:
return shared_secret;
case HashFunction::HMAC_SHA256: {
crypto::HMAC response(crypto::HMAC::SHA256);
if (!response.Init(tag)) {
LOG(FATAL) << "HMAC::Init failed";
}
unsigned char out_bytes[kSharedSecretHashLength];
if (!response.Sign(shared_secret, out_bytes, sizeof(out_bytes))) {
LOG(FATAL) << "HMAC::Sign failed";
}
return std::string(out_bytes, out_bytes + sizeof(out_bytes));
}
}
NOTREACHED();
return shared_secret;
}
} // namespace protocol
} // namespace remoting
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_
#define REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_
#include <string>
namespace remoting {
namespace protocol {
class Authenticator;
// AuthenticationMethod represents an authentication algorithm.
enum class AuthenticationMethod {
INVALID,
SPAKE2_SHARED_SECRET_PLAIN,
SPAKE2_SHARED_SECRET_HMAC,
SPAKE2_PAIR,
THIRD_PARTY
};
enum class HashFunction {
NONE,
HMAC_SHA256,
};
// Parses a string that defines an authentication method. Returns
// AuthenticationMethod::INVALID if the string is invalid.
AuthenticationMethod ParseAuthenticationMethodString(const std::string& value);
// Returns string representation of |method|.
const std::string AuthenticationMethodToString(AuthenticationMethod method);
// Returns hash function applied to the shared secret on both ends for the
// spefied |method|.
HashFunction GetHashFunctionForAuthenticationMethod(
AuthenticationMethod method);
// Applies the specified hash function to |shared_secret| with the
// specified |tag| as a key.
std::string ApplySharedSecretHashFunction(HashFunction hash_function,
const std::string& tag,
const std::string& shared_secret);
} // namespace protocol
} // namespace remoting
#endif // REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_
......@@ -11,7 +11,6 @@
#include "base/macros.h"
#include "base/memory/ref_counted.h"
#include "base/memory/scoped_ptr.h"
#include "remoting/protocol/authentication_method.h"
#include "remoting/protocol/authenticator.h"
#include "remoting/protocol/third_party_host_authenticator.h"
#include "remoting/protocol/token_validator.h"
......
......@@ -13,11 +13,26 @@
#include "base/strings/string_split.h"
#include "remoting/base/rsa_key_pair.h"
#include "remoting/protocol/channel_authenticator.h"
#include "remoting/protocol/name_value_map.h"
#include "third_party/webrtc/libjingle/xmllite/xmlelement.h"
namespace remoting {
namespace protocol {
namespace {
const NameMapElement<NegotiatingAuthenticatorBase::Method>
kAuthenticationMethodStrings[] = {
{NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_PLAIN,
"spake2_plain"},
{NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_HMAC,
"spake2_hmac"},
{NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR, "spake2_pair"},
{NegotiatingAuthenticatorBase::Method::THIRD_PARTY, "third_party"},
};
} // namespace
const buzz::StaticQName NegotiatingAuthenticatorBase::kMethodAttributeQName =
{ "", "method" };
const buzz::StaticQName
......@@ -47,6 +62,20 @@ NegotiatingAuthenticatorBase::rejection_reason() const {
return rejection_reason_;
}
// static
NegotiatingAuthenticatorBase::Method
NegotiatingAuthenticatorBase::ParseMethodString(const std::string& value) {
Method result;
if (!NameToValue(kAuthenticationMethodStrings, value, &result))
return Method::INVALID;
return result;
}
// static
std::string NegotiatingAuthenticatorBase::MethodToString(Method method) {
return ValueToName(kAuthenticationMethodStrings, method);
}
void NegotiatingAuthenticatorBase::ProcessMessageInternal(
const buzz::XmlElement* message,
const base::Closure& resume_callback) {
......@@ -78,7 +107,7 @@ void NegotiatingAuthenticatorBase::UpdateState(
scoped_ptr<buzz::XmlElement>
NegotiatingAuthenticatorBase::GetNextMessageInternal() {
DCHECK_EQ(state(), MESSAGE_READY);
DCHECK(current_method_ != AuthenticationMethod::INVALID);
DCHECK(current_method_ != Method::INVALID);
scoped_ptr<buzz::XmlElement> result;
if (current_authenticator_->state() == MESSAGE_READY) {
......@@ -88,13 +117,12 @@ NegotiatingAuthenticatorBase::GetNextMessageInternal() {
}
state_ = current_authenticator_->state();
DCHECK(state_ == ACCEPTED || state_ == WAITING_MESSAGE);
result->AddAttr(kMethodAttributeQName,
AuthenticationMethodToString(current_method_));
result->AddAttr(kMethodAttributeQName, MethodToString(current_method_));
return result;
}
void NegotiatingAuthenticatorBase::AddMethod(AuthenticationMethod method) {
DCHECK(method != AuthenticationMethod::INVALID);
void NegotiatingAuthenticatorBase::AddMethod(Method method) {
DCHECK(method != Method::INVALID);
methods_.push_back(method);
}
......
......@@ -8,10 +8,10 @@
#include <string>
#include <vector>
#include "base/gtest_prod_util.h"
#include "base/macros.h"
#include "base/memory/ref_counted.h"
#include "base/memory/scoped_ptr.h"
#include "remoting/protocol/authentication_method.h"
#include "remoting/protocol/authenticator.h"
#include "third_party/webrtc/libjingle/xmllite/xmlelement.h"
......@@ -60,6 +60,15 @@ namespace protocol {
// mix of webapp, client plugin and host, for both Me2Me and IT2Me.
class NegotiatingAuthenticatorBase : public Authenticator {
public:
// Method represents an authentication algorithm.
enum class Method {
INVALID,
SPAKE2_SHARED_SECRET_PLAIN,
SPAKE2_SHARED_SECRET_HMAC,
SPAKE2_PAIR,
THIRD_PARTY,
};
~NegotiatingAuthenticatorBase() override;
// Authenticator interface.
......@@ -74,18 +83,24 @@ class NegotiatingAuthenticatorBase : public Authenticator {
void ProcessMessageInternal(const buzz::XmlElement* message,
const base::Closure& resume_callback);
const AuthenticationMethod& current_method_for_testing() const {
return current_method_;
}
protected:
friend class NegotiatingAuthenticatorTest;
FRIEND_TEST_ALL_PREFIXES(NegotiatingAuthenticatorTest, IncompatibleMethods);
static const buzz::StaticQName kMethodAttributeQName;
static const buzz::StaticQName kSupportedMethodsAttributeQName;
static const char kSupportedMethodsSeparator;
// Parses a string that defines an authentication method. Returns
// Method::INVALID if the string is invalid.
static Method ParseMethodString(const std::string& value);
// Returns string representation of |method|.
static std::string MethodToString(Method method);
explicit NegotiatingAuthenticatorBase(Authenticator::State initial_state);
void AddMethod(AuthenticationMethod method);
void AddMethod(Method method);
// Updates |state_| to reflect the current underlying authenticator state.
// |resume_callback| is called after the state is updated.
......@@ -95,8 +110,8 @@ class NegotiatingAuthenticatorBase : public Authenticator {
// the 'method' tag with |current_method_|.
virtual scoped_ptr<buzz::XmlElement> GetNextMessageInternal();
std::vector<AuthenticationMethod> methods_;
AuthenticationMethod current_method_ = AuthenticationMethod::INVALID;
std::vector<Method> methods_;
Method current_method_ = Method::INVALID;
scoped_ptr<Authenticator> current_authenticator_;
State state_;
RejectionReason rejection_reason_ = INVALID_CREDENTIALS;
......
......@@ -6,6 +6,7 @@
#include "base/macros.h"
#include "net/base/net_errors.h"
#include "remoting/base/rsa_key_pair.h"
#include "remoting/protocol/auth_util.h"
#include "remoting/protocol/authenticator_test_base.h"
#include "remoting/protocol/channel_authenticator.h"
#include "remoting/protocol/connection_tester.h"
......@@ -53,33 +54,25 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
const std::string& client_paired_secret,
const std::string& client_interactive_pin,
const std::string& host_secret,
bool it2me,
bool client_hmac_only) {
bool it2me) {
if (it2me) {
host_ = NegotiatingHostAuthenticator::CreateForIt2Me(
host_cert_, key_pair_, host_secret);
} else {
std::string host_secret_hash = ApplySharedSecretHashFunction(
HashFunction::HMAC_SHA256, kTestHostId, host_secret);
std::string host_secret_hash =
GetSharedSecretHash(kTestHostId, host_secret);
host_ = NegotiatingHostAuthenticator::CreateWithPin(
host_cert_, key_pair_, host_secret_hash, pairing_registry_);
}
std::vector<AuthenticationMethod> methods;
methods.push_back(AuthenticationMethod::SPAKE2_PAIR);
methods.push_back(AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC);
if (!client_hmac_only) {
methods.push_back(AuthenticationMethod::SPAKE2_SHARED_SECRET_PLAIN);
}
bool pairing_expected = pairing_registry_.get() != nullptr;
FetchSecretCallback fetch_secret_callback =
base::Bind(&NegotiatingAuthenticatorTest::FetchSecret,
client_interactive_pin,
pairing_expected);
client_as_negotiating_authenticator_ = new NegotiatingClientAuthenticator(
client_id, client_paired_secret,
kTestHostId, fetch_secret_callback,
nullptr, methods);
client_id, client_paired_secret, kTestHostId, fetch_secret_callback,
nullptr);
client_.reset(client_as_negotiating_authenticator_);
}
......@@ -113,7 +106,7 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
}
}
void VerifyAccepted(const AuthenticationMethod& expected_method) {
void VerifyAccepted(NegotiatingAuthenticatorBase::Method expected_method) {
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
ASSERT_EQ(Authenticator::ACCEPTED, host_->state());
......@@ -132,9 +125,8 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
tester.Start();
message_loop_.Run();
tester.CheckResults();
EXPECT_EQ(
expected_method,
client_as_negotiating_authenticator_->current_method_for_testing());
EXPECT_EQ(expected_method,
client_as_negotiating_authenticator_->current_method_);
}
// Use a bare pointer because the storage is managed by the base class.
......@@ -148,35 +140,43 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthMe2MePin) {
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
kTestPin, kTestPin, false, false));
VerifyAccepted(AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC);
kTestPin, kTestPin, false));
VerifyAccepted(
NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_HMAC);
}
TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthIt2me) {
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
kTestPin, kTestPin, true, false));
VerifyAccepted(AuthenticationMethod::SPAKE2_SHARED_SECRET_PLAIN);
kTestPin, kTestPin, true));
VerifyAccepted(
NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_PLAIN);
}
TEST_F(NegotiatingAuthenticatorTest, InvalidMe2MePin) {
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
kNoClientId, kNoPairedSecret, kTestPinBad, kTestPin, false, false));
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
kTestPinBad, kTestPin, false));
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
VerifyRejected(Authenticator::INVALID_CREDENTIALS);
}
TEST_F(NegotiatingAuthenticatorTest, InvalidIt2MeAccessCode) {
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, true, false));
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
kTestPin, kTestPinBad, true));
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
VerifyRejected(Authenticator::INVALID_CREDENTIALS);
}
TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) {
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, true, true));
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
kTestPin, kTestPinBad, true));
std::vector<NegotiatingAuthenticatorBase::Method>* methods =
&(client_as_negotiating_authenticator_->methods_);
methods->erase(std::find(
methods->begin(), methods->end(),
NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_PLAIN));
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
VerifyRejected(Authenticator::PROTOCOL_ERROR);
......@@ -184,57 +184,57 @@ TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) {
TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) {
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret,
kTestPin, kTestPin, false, false));
kTestPin, kTestPin, false));
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
VerifyAccepted(AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC);
VerifyAccepted(
NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_HMAC);
}
TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) {
CreatePairingRegistry(false);
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
kTestPin, kTestPin, false, false));
kTestPin, kTestPin, false));
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR);
VerifyAccepted(NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR);
}
TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) {
CreatePairingRegistry(false);
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret,
kTestPin, kTestPin, false, false));
kTestPin, kTestPin, false));
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR);
VerifyAccepted(NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR);
}
TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) {
CreatePairingRegistry(false);
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, false, false));
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret,
kTestPinBad, kTestPin, false));
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
VerifyRejected(Authenticator::INVALID_CREDENTIALS);
}
TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) {
CreatePairingRegistry(true);
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, false, false));
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret,
kTestPinBad, kTestPin, false));
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR);
VerifyAccepted(NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR);
}
TEST_F(NegotiatingAuthenticatorTest,
PairingSucceededInvalidSecretButPinOkay) {
CreatePairingRegistry(true);
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, false, false));
kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, false));
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR);
VerifyAccepted(NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR);
}
TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) {
CreatePairingRegistry(true);
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId,
kTestPairedSecretBad, kTestPinBad,
kTestPin, false, false));
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
kTestClientId, kTestPairedSecretBad, kTestPinBad, kTestPin, false));
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
VerifyRejected(Authenticator::INVALID_CREDENTIALS);
}
......
......@@ -12,6 +12,7 @@
#include "base/callback.h"
#include "base/logging.h"
#include "base/strings/string_split.h"
#include "remoting/protocol/auth_util.h"
#include "remoting/protocol/channel_authenticator.h"
#include "remoting/protocol/pairing_client_authenticator.h"
#include "remoting/protocol/v2_authenticator.h"
......@@ -25,21 +26,18 @@ NegotiatingClientAuthenticator::NegotiatingClientAuthenticator(
const std::string& shared_secret,
const std::string& authentication_tag,
const FetchSecretCallback& fetch_secret_callback,
scoped_ptr<ThirdPartyClientAuthenticator::TokenFetcher> token_fetcher,
const std::vector<AuthenticationMethod>& methods)