Google Git
Sign in
weave/weave/libweave/229113e837328b53f6fcf1c82790cdb2c013a0dc^!/.
commit
229113e837328b53f6fcf1c82790cdb2c013a0dc
[log] [tgz]
author
Vitaly Buka <vitalybuka@google.com>
Sun Dec 13 23:12:42 2015 -0800
committer
Vitaly Buka <vitalybuka@google.com>
Mon Dec 14 23:11:22 2015 +0000
tree
c4467491abed5eac02457289f871f35b37c307f8
parent
29bc59330bec58e43df1050bee279819b54e7c6e [diff]
Pass Config pointer into AuthManager

AuthManager needs to have logic for re-claming devices. This requires
persistent storage for secret and owner. It's going to be easier to
handle logic there than outside.

BUG=25766815

Change-Id: Icc417f23715b48461098503fd241cee534d2225c
Reviewed-on: https://weave-review.googlesource.com/1949
Reviewed-by: Vitaly Buka <vitalybuka@google.com>

diff --git a/src/device_manager.cc b/src/device_manager.cc
index cb575b8..88256da 100644
--- a/src/device_manager.cc
+++ b/src/device_manager.cc

@@ -33,15 +33,8 @@
   config_->Load();
 
   if (http_server) {
-    auth_manager_.reset(
-        new privet::AuthManager(config_->GetSettings().secret,
-                                http_server->GetHttpsCertificateFingerprint()));
-
-    if (auth_manager_->GetSecret() != config_->GetSettings().secret) {
-      // There is no Config::OnChangedCallback registered.
-      Config::Transaction transaction(config_.get());
-      transaction.set_secret(auth_manager_->GetSecret());
-    }
+    auth_manager_.reset(new privet::AuthManager(
+        config_.get(), http_server->GetHttpsCertificateFingerprint()));
   }
 
   device_info_.reset(new DeviceRegistrationInfo(

diff --git a/src/privet/auth_manager.cc b/src/privet/auth_manager.cc
index 92c33a7..3a2f5e0 100644
--- a/src/privet/auth_manager.cc
+++ b/src/privet/auth_manager.cc

@@ -7,6 +7,7 @@
 #include <base/rand_util.h>
 #include <base/strings/string_number_conversions.h>
 
+#include "src/config.h"
 #include "src/data_encoding.h"
 #include "src/privet/openssl_utils.h"
 #include "src/string_utils.h"
@@ -73,17 +74,36 @@
   DISALLOW_COPY_AND_ASSIGN(Caveat);
 };
 
+std::vector<uint8_t> CreateSecret() {
+  std::vector<uint8_t> secret(kSha256OutputSize);
+  base::RandBytes(secret.data(), secret.size());
+  return secret;
+}
+
 }  // namespace
 
+AuthManager::AuthManager(Config* config,
+                         const std::vector<uint8_t>& certificate_fingerprint)
+    : config_{config}, certificate_fingerprint_{certificate_fingerprint} {
+  SetSecret(config_ ? config_->GetSettings().secret : std::vector<uint8_t>{});
+}
+
 AuthManager::AuthManager(const std::vector<uint8_t>& secret,
                          const std::vector<uint8_t>& certificate_fingerprint,
                          base::Clock* clock)
-    : clock_{clock ? clock : &default_clock_},
-      secret_{secret},
-      certificate_fingerprint_{certificate_fingerprint} {
-  if (secret_.size() != kSha256OutputSize) {
-    secret_.resize(kSha256OutputSize);
-    base::RandBytes(secret_.data(), secret_.size());
+    : AuthManager(nullptr, certificate_fingerprint) {
+  SetSecret(secret);
+  if (clock)
+    clock_ = clock;
+}
+
+void AuthManager::SetSecret(const std::vector<uint8_t>& secret) {
+  secret_ = secret.size() == kSha256OutputSize ? secret : CreateSecret();
+  if (config_ && config_->GetSettings().secret != secret_) {
+    Config::Transaction change{config_};
+    change.set_secret(secret);
+    change.set_root_client_token_owner(RootClientTokenOwner::kNone);
+    change.Commit();
   }
 }
 
@@ -112,7 +132,7 @@
 
 std::vector<uint8_t> AuthManager::ClaimRootClientAuthToken() {
   pending_claims_.push_back(
-      std::unique_ptr<AuthManager>{new AuthManager{{}, {}, clock_}});
+      std::unique_ptr<AuthManager>{new AuthManager{nullptr, {}}});
   if (pending_claims_.size() > kMaxPendingClaims)
     pending_claims_.pop_front();
   return pending_claims_.back()->GetRootClientAuthToken();
@@ -144,6 +164,7 @@
       scope.GetCaveat(), issued.GetCaveat(),
   };
 
+  CHECK_EQ(kSha256OutputSize, secret_.size());
   UwMacaroon macaroon{};
   CHECK(uw_macaroon_new_from_root_key_(
       &macaroon, secret_.data(), secret_.size(), caveats, arraysize(caveats)));
@@ -167,6 +188,7 @@
     return false;
   }
 
+  CHECK_EQ(kSha256OutputSize, secret_.size());
   return uw_macaroon_verify_(&macaroon, secret_.data(), secret_.size());
 }
 

diff --git a/src/privet/auth_manager.h b/src/privet/auth_manager.h
index 8fcadfc..dd4ad3d 100644
--- a/src/privet/auth_manager.h
+++ b/src/privet/auth_manager.h

@@ -16,10 +16,17 @@
 #include "src/privet/privet_types.h"
 
 namespace weave {
+
+class Config;
+
 namespace privet {
 
 class AuthManager {
  public:
+  AuthManager(Config* config,
+              const std::vector<uint8_t>& certificate_fingerprint);
+
+  // Constructor for tests.
   AuthManager(const std::vector<uint8_t>& secret,
               const std::vector<uint8_t>& certificate_fingerprint,
               base::Clock* clock = nullptr);
@@ -43,8 +50,11 @@
   bool IsValidAuthToken(const std::vector<uint8_t>& token) const;
 
  private:
+  void SetSecret(const std::vector<uint8_t>& secret);
+
+  Config* config_{nullptr};
   base::DefaultClock default_clock_;
-  base::Clock* clock_{nullptr};
+  base::Clock* clock_{&default_clock_};
 
   std::vector<uint8_t> secret_;
   std::vector<uint8_t> certificate_fingerprint_;

diff --git a/src/privet/security_manager_unittest.cc b/src/privet/security_manager_unittest.cc
index d9f5c56..7c26026 100644
--- a/src/privet/security_manager_unittest.cc
+++ b/src/privet/security_manager_unittest.cc

@@ -104,11 +104,11 @@
   test::MockClock clock_;
   AuthManager auth_manager_{
       {},
-      {{
+      {
           59, 47, 77, 247, 129, 187, 188, 158, 172, 105, 246, 93, 102, 83, 8,
           138, 176, 141, 37, 63, 223, 40, 153, 121, 134, 23, 120, 106, 24, 205,
           7, 135,
-      }},
+      },
       &clock_};
   SecurityManager security_{&auth_manager_,
                             {PairingType::kEmbeddedCode},