| // Copyright 2017 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef COMPONENTS_CRYPTAUTH_SECURE_CHANNEL_H_ |
| #define COMPONENTS_CRYPTAUTH_SECURE_CHANNEL_H_ |
| |
| #include <deque> |
| |
| #include "base/macros.h" |
| #include "base/memory/weak_ptr.h" |
| #include "components/cryptauth/authenticator.h" |
| #include "components/cryptauth/connection.h" |
| #include "components/cryptauth/connection_observer.h" |
| #include "components/cryptauth/device_to_device_authenticator.h" |
| #include "components/cryptauth/remote_device.h" |
| #include "components/cryptauth/secure_context.h" |
| #include "components/cryptauth/secure_message_delegate.h" |
| |
| namespace cryptauth { |
| |
| class CryptAuthService; |
| |
| // An authenticated bi-directional channel for exchanging messages with remote |
| // devices. |SecureChannel| manages a |Connection| by initializing it and |
| // authenticating it via a security handshake once the connection has occurred. |
| // Once the channel has been authenticated, messages sent are automatically |
| // encrypted and messages received are automatically decrypted. |
| class SecureChannel : public ConnectionObserver { |
| public: |
| // Enumeration of possible states of connecting to a remote device. |
| // DISCONNECTED: There is no connection to the device, nor is there a |
| // pending connection attempt. |
| // CONNECTING: There is an ongoing connection attempt. |
| // CONNECTED: There is a Bluetooth connection to the device, but the |
| // connection has not yet been authenticated. |
| // AUTHENTICATING: There is an active connection that is currently in the |
| // process of authenticating via a 3-message authentication handshake. |
| // AUTHENTICATED: The connection has been authenticated, and arbitrary |
| // messages can be sent/received to/from the device. |
| enum class Status { |
| DISCONNECTED, |
| CONNECTING, |
| CONNECTED, |
| AUTHENTICATING, |
| AUTHENTICATED, |
| }; |
| |
| static std::string StatusToString(const Status& status); |
| |
| class Observer { |
| public: |
| virtual void OnSecureChannelStatusChanged( |
| SecureChannel* secure_channel, |
| const Status& old_status, |
| const Status& new_status) = 0; |
| |
| virtual void OnMessageReceived( |
| SecureChannel* secure_channel, |
| const std::string& feature, |
| const std::string& payload) = 0; |
| }; |
| |
| class Factory { |
| public: |
| static std::unique_ptr<SecureChannel> NewInstance( |
| std::unique_ptr<Connection> connection, |
| CryptAuthService* cryptauth_service); |
| |
| static void SetInstanceForTesting(Factory* factory); |
| |
| protected: |
| virtual std::unique_ptr<SecureChannel> BuildInstance( |
| std::unique_ptr<Connection> connection, |
| CryptAuthService* cryptauth_service); |
| |
| private: |
| static Factory* factory_instance_; |
| }; |
| |
| ~SecureChannel() override; |
| |
| virtual void Initialize(); |
| |
| virtual void SendMessage(const std::string& feature, |
| const std::string& payload); |
| |
| virtual void Disconnect(); |
| |
| virtual void AddObserver(Observer* observer); |
| virtual void RemoveObserver(Observer* observer); |
| |
| Status status() const { |
| return status_; |
| } |
| |
| // ConnectionObserver: |
| void OnConnectionStatusChanged(Connection* connection, |
| Connection::Status old_status, |
| Connection::Status new_status) override; |
| void OnMessageReceived(const Connection& connection, |
| const WireMessage& wire_message) override; |
| void OnSendCompleted(const cryptauth::Connection& connection, |
| const cryptauth::WireMessage& wire_message, |
| bool success) override; |
| |
| protected: |
| SecureChannel(std::unique_ptr<Connection> connection, |
| CryptAuthService* cryptauth_service); |
| |
| Status status_; |
| |
| private: |
| // Message waiting to be sent. Note that this is *not* the message that will |
| // end up being sent over the wire; before that can be done, the payload must |
| // be encrypted. |
| struct PendingMessage { |
| PendingMessage(); |
| PendingMessage(const std::string& feature, const std::string& payload); |
| virtual ~PendingMessage(); |
| |
| const std::string feature; |
| const std::string payload; |
| }; |
| |
| void TransitionToStatus(const Status& new_status); |
| void Authenticate(); |
| void ProcessMessageQueue(); |
| void OnMessageEncoded( |
| const std::string& feature, const std::string& encoded_message); |
| void OnMessageDecoded( |
| const std::string& feature, const std::string& decoded_message); |
| void OnAuthenticationResult( |
| Authenticator::Result result, |
| std::unique_ptr<SecureContext> secure_context); |
| |
| std::unique_ptr<Connection> connection_; |
| CryptAuthService* cryptauth_service_; // Outlives this instance. |
| std::unique_ptr<Authenticator> authenticator_; |
| std::unique_ptr<SecureContext> secure_context_; |
| std::deque<PendingMessage> queued_messages_; |
| std::unique_ptr<PendingMessage> pending_message_; |
| base::ObserverList<Observer> observer_list_; |
| base::WeakPtrFactory<SecureChannel> weak_ptr_factory_; |
| |
| DISALLOW_COPY_AND_ASSIGN(SecureChannel); |
| }; |
| |
| } // namespace cryptauth |
| |
| #endif // COMPONENTS_CRYPTAUTH_SECURE_CHANNEL_H_ |
