Remove V1 chromoting authenticators

After the last chrome remote desktop webapp update (version 1.6.1180.51) V1 authenticators should never be used, so it's safe to remove them now. BUG=110483 Review URL: https://chromiumcodereview.appspot.com/10830184 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150225 0039d316-1c4b-4281-b951-d872f2087c98

Remove V1 chromoting authenticators
After the last chrome remote desktop webapp update (version 1.6.1180.51) V1 authenticators should never be used, so it's safe to remove them now. BUG=110483 Review URL: https://chromiumcodereview.appspot.com/10830184 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150225 0039d316-1c4b-4281-b951-d872f2087c98
fc0b660c · sergeyu@chromium.org · a11dbe9b · fc0b660c · fc0b660c · fc0b660c
Commit fc0b660c authored Aug 07, 2012 by sergeyu@chromium.org
9 changed files
--- a/remoting/protocol/authentication_method.h
+++ b/remoting/protocol/authentication_method.h
@@ -6,7 +6,6 @@
 // configuration. It knows how to parse and format authentication
 // method names.
 // Currently the following methods are supported:
-//   v1_token - deprecated V1 authentication mechanism,
 //   spake2_plain - SPAKE2 without hashing applied to the password.
 //   spake2_hmac - SPAKE2 with HMAC hashing of the password.

--- a/remoting/protocol/it2me_host_authenticator_factory.cc
+++ b/remoting/protocol/it2me_host_authenticator_factory.cc
@@ -6,7 +6,6 @@
 #include "base/logging.h"
 #include "crypto/rsa_private_key.h"
-#include "remoting/protocol/v1_authenticator.h"
 #include "remoting/protocol/negotiating_authenticator.h"
 namespace remoting {
@@ -28,14 +27,9 @@ scoped_ptr<Authenticator> It2MeHostAuthenticatorFactory::CreateAuthenticator(
    const std::string& local_jid,
    const std::string& remote_jid,
    const buzz::XmlElement* first_message) {
-  if (NegotiatingAuthenticator::IsNegotiableMessage(first_message)) {
+  return NegotiatingAuthenticator::CreateForHost(
-    return NegotiatingAuthenticator::CreateForHost(
+      local_cert_, *local_private_key_, shared_secret_,
-        local_cert_, *local_private_key_, shared_secret_,
+      AuthenticationMethod::NONE);
-        AuthenticationMethod::NONE);
-  }
-  return scoped_ptr<Authenticator>(new V1HostAuthenticator(
-      local_cert_, *local_private_key_, shared_secret_, remote_jid));
 }
 }  // namespace protocol

--- a/remoting/protocol/me2me_host_authenticator_factory.cc
+++ b/remoting/protocol/me2me_host_authenticator_factory.cc
@@ -9,7 +9,6 @@
 #include "crypto/rsa_private_key.h"
 #include "remoting/protocol/channel_authenticator.h"
 #include "remoting/protocol/negotiating_authenticator.h"
-#include "remoting/protocol/v1_authenticator.h"
 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
 namespace remoting {

--- a/remoting/protocol/ssl_hmac_channel_authenticator.cc
+++ b/remoting/protocol/ssl_hmac_channel_authenticator.cc
@@ -47,19 +47,12 @@ SslHmacChannelAuthenticator::CreateForHost(
 SslHmacChannelAuthenticator::SslHmacChannelAuthenticator(
    const std::string& auth_key)
    : auth_key_(auth_key),
-      local_private_key_(NULL),
+      local_private_key_(NULL) {
-      legacy_mode_(NONE) {
 }
 SslHmacChannelAuthenticator::~SslHmacChannelAuthenticator() {
 }
-void SslHmacChannelAuthenticator::SetLegacyOneWayMode(LegacyMode legacy_mode) {
-  // Must be called before SecureAndAuthenticate().
-  DCHECK(done_callback_.is_null());
-  legacy_mode_ = legacy_mode;
-}
 void SslHmacChannelAuthenticator::SecureAndAuthenticate(
    scoped_ptr<net::StreamSocket> socket, const DoneCallback& done_callback) {
  DCHECK(CalledOnValidThread());
@@ -130,34 +123,29 @@ void SslHmacChannelAuthenticator::OnConnected(int result) {
    return;
  }
-  if (legacy_mode_ != RECEIVE_ONLY) {
+  // Generate authentication digest to write to the socket.
-    // Generate authentication digest to write to the socket.
+  std::string auth_bytes = GetAuthBytes(
-    std::string auth_bytes = GetAuthBytes(
+      socket_.get(), is_ssl_server() ?
-        socket_.get(), is_ssl_server() ?
+      kHostAuthSslExporterLabel : kClientAuthSslExporterLabel, auth_key_);
-        kHostAuthSslExporterLabel : kClientAuthSslExporterLabel, auth_key_);
+  if (auth_bytes.empty()) {
-    if (auth_bytes.empty()) {
+    NotifyError(net::ERR_FAILED);
-      NotifyError(net::ERR_FAILED);
+    return;
-      return;
-    }
-    // Allocate a buffer to write the digest.
-    auth_write_buf_ = new net::DrainableIOBuffer(
-        new net::StringIOBuffer(auth_bytes), auth_bytes.size());
  }
-  if (legacy_mode_ != SEND_ONLY) {
+  // Allocate a buffer to write the digest.
-    // Read an incoming token.
+  auth_write_buf_ = new net::DrainableIOBuffer(
-    auth_read_buf_ = new net::GrowableIOBuffer();
+      new net::StringIOBuffer(auth_bytes), auth_bytes.size());
-    auth_read_buf_->SetCapacity(kAuthDigestLength);
-  }
+  // Read an incoming token.
+  auth_read_buf_ = new net::GrowableIOBuffer();
+  auth_read_buf_->SetCapacity(kAuthDigestLength);
  // If WriteAuthenticationBytes() results in |done_callback_| being
  // called then we must not do anything else because this object may
  // be destroyed at that point.
  bool callback_called = false;
-  if (legacy_mode_ != RECEIVE_ONLY)
+  WriteAuthenticationBytes(&callback_called);
-    WriteAuthenticationBytes(&callback_called);
+  if (!callback_called)
-  if (!callback_called && legacy_mode_ != SEND_ONLY)
    ReadAuthenticationBytes();
 }

--- a/remoting/protocol/ssl_hmac_channel_authenticator.h
+++ b/remoting/protocol/ssl_hmac_channel_authenticator.h
@@ -54,10 +54,6 @@ class SslHmacChannelAuthenticator : public ChannelAuthenticator,
      crypto::RSAPrivateKey* local_private_key,
      const std::string& auth_key);
-  // TODO(sergeyu): This method is used only for the legacy
-  // V1Authenticator. Remove it when V1Authenticator is removed.
-  void SetLegacyOneWayMode(LegacyMode legacy_mode);
  virtual ~SslHmacChannelAuthenticator();
  // ChannelAuthenticator interface.
@@ -95,8 +91,6 @@ class SslHmacChannelAuthenticator : public ChannelAuthenticator,
  std::string remote_cert_;
  scoped_ptr<net::CertVerifier> cert_verifier_;
-  LegacyMode legacy_mode_;
  scoped_ptr<net::SSLSocket> socket_;
  DoneCallback done_callback_;

--- a/remoting/protocol/v1_authenticator.cc
+++ b/remoting/protocol/v1_authenticator.cc
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-#include "remoting/protocol/v1_authenticator.h"
-#include "base/base64.h"
-#include "base/logging.h"
-#include "crypto/rsa_private_key.h"
-#include "remoting/base/constants.h"
-#include "remoting/protocol/auth_util.h"
-#include "remoting/protocol/ssl_hmac_channel_authenticator.h"
-#include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
-using buzz::QName;
-using buzz::XmlElement;
-namespace remoting {
-namespace protocol {
-namespace {
-const char kAuthTokenTag[] = "auth-token";
-const char kCertificateTag[] = "certificate";
-}  // namespace
-V1ClientAuthenticator::V1ClientAuthenticator(
-    const std::string& local_jid,
-    const std::string& shared_secret)
-    : local_jid_(local_jid),
-      shared_secret_(shared_secret),
-      state_(MESSAGE_READY),
-      rejection_reason_(INVALID_CREDENTIALS) {
-}
-V1ClientAuthenticator::~V1ClientAuthenticator() {
-}
-Authenticator::State V1ClientAuthenticator::state() const {
-  return state_;
-}
-Authenticator::RejectionReason V1ClientAuthenticator::rejection_reason() const {
-  DCHECK_EQ(state_, REJECTED);
-  return rejection_reason_;
-}
-void V1ClientAuthenticator::ProcessMessage(const XmlElement* message) {
-  DCHECK_EQ(state_, WAITING_MESSAGE);
-  // Parse the certificate.
-  const XmlElement* cert_tag =
-      message->FirstNamed(QName(kChromotingXmlNamespace, kCertificateTag));
-  if (cert_tag) {
-    std::string base64_cert = cert_tag->BodyText();
-    if (!base::Base64Decode(base64_cert, &remote_cert_)) {
-      LOG(ERROR) << "Failed to decode certificate received from the peer.";
-      remote_cert_.clear();
-    }
-  }
-  if (remote_cert_.empty()) {
-    state_ = REJECTED;
-    rejection_reason_ = PROTOCOL_ERROR;
-  } else {
-    state_ = ACCEPTED;
-  }
-}
-scoped_ptr<XmlElement> V1ClientAuthenticator::GetNextMessage() {
-  DCHECK_EQ(state_, MESSAGE_READY);
-  scoped_ptr<XmlElement> message = CreateEmptyAuthenticatorMessage();
-  std::string token =
-      protocol::GenerateSupportAuthToken(local_jid_, shared_secret_);
-  XmlElement* auth_token_tag = new XmlElement(
-      QName(kChromotingXmlNamespace, kAuthTokenTag));
-  auth_token_tag->SetBodyText(token);
-  message->AddElement(auth_token_tag);
-  state_ = WAITING_MESSAGE;
-  return message.Pass();
-}
-scoped_ptr<ChannelAuthenticator>
-V1ClientAuthenticator::CreateChannelAuthenticator() const {
-  DCHECK_EQ(state_, ACCEPTED);
-  scoped_ptr<SslHmacChannelAuthenticator> result =
-      SslHmacChannelAuthenticator::CreateForClient(
-          remote_cert_, shared_secret_);
-  result->SetLegacyOneWayMode(SslHmacChannelAuthenticator::SEND_ONLY);
-  return result.PassAs<ChannelAuthenticator>();
-};
-V1HostAuthenticator::V1HostAuthenticator(
-    const std::string& local_cert,
-    const crypto::RSAPrivateKey& local_private_key,
-    const std::string& shared_secret,
-    const std::string& remote_jid)
-    : local_cert_(local_cert),
-      local_private_key_(local_private_key.Copy()),
-      shared_secret_(shared_secret),
-      remote_jid_(remote_jid),
-      state_(WAITING_MESSAGE),
-      rejection_reason_(INVALID_CREDENTIALS) {
-}
-V1HostAuthenticator::~V1HostAuthenticator() {
-}
-Authenticator::State V1HostAuthenticator::state() const {
-  return state_;
-}
-Authenticator::RejectionReason V1HostAuthenticator::rejection_reason() const {
-  DCHECK_EQ(state_, REJECTED);
-  return rejection_reason_;
-}
-void V1HostAuthenticator::ProcessMessage(const XmlElement* message) {
-  DCHECK_EQ(state_, WAITING_MESSAGE);
-  std::string auth_token =
-      message->TextNamed(buzz::QName(kChromotingXmlNamespace, kAuthTokenTag));
-  if (auth_token.empty()) {
-    state_ = REJECTED;
-    rejection_reason_ = PROTOCOL_ERROR;
-    return;
-  }
-  if (!protocol::VerifySupportAuthToken(
-          remote_jid_, shared_secret_, auth_token)) {
-    state_ = REJECTED;
-    rejection_reason_ = INVALID_CREDENTIALS;
-  } else {
-    state_ = MESSAGE_READY;
-  }
-}
-scoped_ptr<XmlElement> V1HostAuthenticator::GetNextMessage() {
-  DCHECK_EQ(state_, MESSAGE_READY);
-  scoped_ptr<XmlElement> message = CreateEmptyAuthenticatorMessage();
-  buzz::XmlElement* certificate_tag = new XmlElement(
-      buzz::QName(kChromotingXmlNamespace, kCertificateTag));
-  std::string base64_cert;
-  if (!base::Base64Encode(local_cert_, &base64_cert)) {
-    LOG(DFATAL) << "Cannot perform base64 encode on certificate";
-  }
-  certificate_tag->SetBodyText(base64_cert);
-  message->AddElement(certificate_tag);
-  state_ = ACCEPTED;
-  return message.Pass();
-}
-scoped_ptr<ChannelAuthenticator>
-V1HostAuthenticator::CreateChannelAuthenticator() const {
-  DCHECK_EQ(state_, ACCEPTED);
-  scoped_ptr<SslHmacChannelAuthenticator> result =
-      SslHmacChannelAuthenticator::CreateForHost(
-          local_cert_, local_private_key_.get(), shared_secret_);
-  result->SetLegacyOneWayMode(SslHmacChannelAuthenticator::RECEIVE_ONLY);
-  return result.PassAs<ChannelAuthenticator>();
-};
-}  // namespace remoting
-}  // namespace protocol
--- a/remoting/protocol/v1_authenticator.h
+++ b/remoting/protocol/v1_authenticator.h
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-#ifndef REMOTING_PROTOCOL_V1_AUTHENTICATOR_H_
-#define REMOTING_PROTOCOL_V1_AUTHENTICATOR_H_
-#include "base/basictypes.h"
-#include "base/compiler_specific.h"
-#include "base/memory/scoped_ptr.h"
-#include "remoting/protocol/authenticator.h"
-namespace crypto {
-class RSAPrivateKey;
-}  // namespace base
-namespace remoting {
-namespace protocol {
-class V1ClientAuthenticator : public Authenticator {
- public:
-  V1ClientAuthenticator(const std::string& local_jid,
-                        const std::string& shared_secret);
-  virtual ~V1ClientAuthenticator();
-  // Authenticator interface.
-  virtual State state() const OVERRIDE;
-  virtual RejectionReason rejection_reason() const OVERRIDE;
-  virtual void ProcessMessage(const buzz::XmlElement* message) OVERRIDE;
-  virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE;
-  virtual scoped_ptr<ChannelAuthenticator>
-      CreateChannelAuthenticator() const OVERRIDE;
- private:
-  std::string local_jid_;
-  std::string shared_secret_;
-  std::string remote_cert_;
-  State state_;
-  RejectionReason rejection_reason_;
-  DISALLOW_COPY_AND_ASSIGN(V1ClientAuthenticator);
-};
-class V1HostAuthenticator : public Authenticator {
- public:
-  // Doesn't take ownership of |local_private_key|.
-  V1HostAuthenticator(const std::string& local_cert,
-                      const crypto::RSAPrivateKey& local_private_key,
-                      const std::string& shared_secret,
-                      const std::string& remote_jid);
-  virtual ~V1HostAuthenticator();
-  // Authenticator interface.
-  virtual State state() const OVERRIDE;
-  virtual RejectionReason rejection_reason() const OVERRIDE;
-  virtual void ProcessMessage(const buzz::XmlElement* message) OVERRIDE;
-  virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE;
-  virtual scoped_ptr<ChannelAuthenticator>
-      CreateChannelAuthenticator() const OVERRIDE;
- private:
-  std::string local_cert_;
-  scoped_ptr<crypto::RSAPrivateKey> local_private_key_;
-  std::string shared_secret_;
-  std::string remote_jid_;
-  State state_;
-  RejectionReason rejection_reason_;
-  DISALLOW_COPY_AND_ASSIGN(V1HostAuthenticator);
-};
-}  // namespace protocol
-}  // namespace remoting
-#endif  // REMOTING_PROTOCOL_V1_AUTHENTICATOR_H_
--- a/remoting/protocol/v1_authenticator_unittest.cc
+++ b/remoting/protocol/v1_authenticator_unittest.cc
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-#include "remoting/protocol/v1_authenticator.h"
-#include "base/bind.h"
-#include "net/base/net_errors.h"
-#include "remoting/protocol/authenticator.h"
-#include "remoting/protocol/authenticator_test_base.h"
-#include "remoting/protocol/channel_authenticator.h"
-#include "remoting/protocol/connection_tester.h"
-#include "remoting/protocol/fake_session.h"
-#include "testing/gmock/include/gmock/gmock.h"
-#include "testing/gtest/include/gtest/gtest.h"
-#include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
-using testing::_;
-using testing::DeleteArg;
-using testing::Mock;
-using testing::SaveArg;
-namespace remoting {
-namespace protocol {
-namespace {
-const int kMessageSize = 100;
-const int kMessages = 1;
-const char kClientJid[] = "host2@gmail.com/321";
-const char kTestSharedSecret[] = "1234-1234-5678";
-const char kTestSharedSecretBad[] = "0000-0000-0001";
-}  // namespace
-class V1AuthenticatorTest : public AuthenticatorTestBase {
- public:
-  V1AuthenticatorTest() {
-  }
-  virtual ~V1AuthenticatorTest() {
-  }
- protected:
-  void InitAuthenticators(const std::string& client_secret,
-                          const std::string& host_secret) {
-    host_.reset(new V1HostAuthenticator(
-        host_cert_, *private_key_, host_secret, kClientJid));
-    client_.reset(new V1ClientAuthenticator(kClientJid, client_secret));
-  }
-  DISALLOW_COPY_AND_ASSIGN(V1AuthenticatorTest);
-};
-TEST_F(V1AuthenticatorTest, SuccessfulAuth) {
-  {
-    SCOPED_TRACE("RunAuthExchange");
-    InitAuthenticators(kTestSharedSecret, kTestSharedSecret);
-    RunAuthExchange();
-  }
-  ASSERT_EQ(Authenticator::ACCEPTED, host_->state());
-  ASSERT_EQ(Authenticator::ACCEPTED, client_->state());
-  client_auth_ = client_->CreateChannelAuthenticator();
-  host_auth_ = host_->CreateChannelAuthenticator();
-  RunChannelAuth(false);
-  EXPECT_TRUE(client_socket_.get() != NULL);
-  EXPECT_TRUE(host_socket_.get() != NULL);
-  StreamConnectionTester tester(host_socket_.get(), client_socket_.get(),
-                                kMessageSize, kMessages);
-  tester.Start();
-  message_loop_.Run();
-  tester.CheckResults();
-}
-// Verify that connection is rejected when secrets don't match.
-TEST_F(V1AuthenticatorTest, InvalidSecret) {
-  {
-    SCOPED_TRACE("RunAuthExchange");
-    InitAuthenticators(kTestSharedSecretBad, kTestSharedSecret);
-    RunAuthExchange();
-  }
-  ASSERT_EQ(Authenticator::REJECTED, host_->state());
-}
-}  // namespace protocol
-}  // namespace remoting
--- a/remoting/remoting.gyp
+++ b/remoting/remoting.gyp
@@ -1684,8 +1684,6 @@
        'protocol/transport_config.h',
        'protocol/util.cc',
        'protocol/util.h',
-        'protocol/v1_authenticator.cc',
-        'protocol/v1_authenticator.h',
        'protocol/v2_authenticator.cc',
        'protocol/v2_authenticator.h',
        'protocol/video_reader.cc',
@@ -1824,7 +1822,6 @@
        'protocol/protocol_mock_objects.h',
        'protocol/ppapi_module_stub.cc',
        'protocol/ssl_hmac_channel_authenticator_unittest.cc',
-        'protocol/v1_authenticator_unittest.cc',
        'protocol/v2_authenticator_unittest.cc',
        'run_all_unittests.cc',
      ],