Pass Config pointer into AuthManager
AuthManager needs to have logic for re-claming devices. This requires
persistent storage for secret and owner. It's going to be easier to
handle logic there than outside.
BUG=25766815
Change-Id: Icc417f23715b48461098503fd241cee534d2225c
Reviewed-on: https://weave-review.googlesource.com/1949
Reviewed-by: Vitaly Buka <vitalybuka@google.com>
diff --git a/src/privet/auth_manager.cc b/src/privet/auth_manager.cc
index 92c33a7..3a2f5e0 100644
--- a/src/privet/auth_manager.cc
+++ b/src/privet/auth_manager.cc
@@ -7,6 +7,7 @@
#include <base/rand_util.h>
#include <base/strings/string_number_conversions.h>
+#include "src/config.h"
#include "src/data_encoding.h"
#include "src/privet/openssl_utils.h"
#include "src/string_utils.h"
@@ -73,17 +74,36 @@
DISALLOW_COPY_AND_ASSIGN(Caveat);
};
+std::vector<uint8_t> CreateSecret() {
+ std::vector<uint8_t> secret(kSha256OutputSize);
+ base::RandBytes(secret.data(), secret.size());
+ return secret;
+}
+
} // namespace
+AuthManager::AuthManager(Config* config,
+ const std::vector<uint8_t>& certificate_fingerprint)
+ : config_{config}, certificate_fingerprint_{certificate_fingerprint} {
+ SetSecret(config_ ? config_->GetSettings().secret : std::vector<uint8_t>{});
+}
+
AuthManager::AuthManager(const std::vector<uint8_t>& secret,
const std::vector<uint8_t>& certificate_fingerprint,
base::Clock* clock)
- : clock_{clock ? clock : &default_clock_},
- secret_{secret},
- certificate_fingerprint_{certificate_fingerprint} {
- if (secret_.size() != kSha256OutputSize) {
- secret_.resize(kSha256OutputSize);
- base::RandBytes(secret_.data(), secret_.size());
+ : AuthManager(nullptr, certificate_fingerprint) {
+ SetSecret(secret);
+ if (clock)
+ clock_ = clock;
+}
+
+void AuthManager::SetSecret(const std::vector<uint8_t>& secret) {
+ secret_ = secret.size() == kSha256OutputSize ? secret : CreateSecret();
+ if (config_ && config_->GetSettings().secret != secret_) {
+ Config::Transaction change{config_};
+ change.set_secret(secret);
+ change.set_root_client_token_owner(RootClientTokenOwner::kNone);
+ change.Commit();
}
}
@@ -112,7 +132,7 @@
std::vector<uint8_t> AuthManager::ClaimRootClientAuthToken() {
pending_claims_.push_back(
- std::unique_ptr<AuthManager>{new AuthManager{{}, {}, clock_}});
+ std::unique_ptr<AuthManager>{new AuthManager{nullptr, {}}});
if (pending_claims_.size() > kMaxPendingClaims)
pending_claims_.pop_front();
return pending_claims_.back()->GetRootClientAuthToken();
@@ -144,6 +164,7 @@
scope.GetCaveat(), issued.GetCaveat(),
};
+ CHECK_EQ(kSha256OutputSize, secret_.size());
UwMacaroon macaroon{};
CHECK(uw_macaroon_new_from_root_key_(
&macaroon, secret_.data(), secret_.size(), caveats, arraysize(caveats)));
@@ -167,6 +188,7 @@
return false;
}
+ CHECK_EQ(kSha256OutputSize, secret_.size());
return uw_macaroon_verify_(&macaroon, secret_.data(), secret_.size());
}