commit 7ce499fd4a485b717ef288f0d155d86c15e37e17
author Vitaly Buka <vitalybuka@chromium.org> Tue Jun 09 08:04:11 2015 -0700
committer ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> Sat Jun 13 01:24:59 2015 +0000
tree f0c2f1f6311c4cdf37d4e9d0fd9850667d4027f5
parent 4547afa5c3a4cf638e4c0c777648113af433b731

buffet: Move privetd sources into buffet

No functional changes, only renaming, fixed include paths and include
guards to avoid resubmit warnings.

BUG=brillo:1161
CQ-DEPEND=CL:276521
TEST=none

Change-Id: Icacff92aef47fdd46542bc96eba3ffbb4df6241a
Reviewed-on: https://chromium-review.googlesource.com/276319
Reviewed-by: Vitaly Buka <vitalybuka@chromium.org>
Commit-Queue: Vitaly Buka <vitalybuka@chromium.org>
Tested-by: Vitaly Buka <vitalybuka@chromium.org>

buffet/privet/security_manager.h

diff --git a/buffet/privet/security_manager.h b/buffet/privet/security_manager.h
new file mode 100644
index 0000000..04a942e
--- /dev/null
+++ b/buffet/privet/security_manager.h
@@ -0,0 +1,110 @@
+// Copyright 2014 The Chromium OS Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BUFFET_PRIVET_SECURITY_MANAGER_H_
+#define BUFFET_PRIVET_SECURITY_MANAGER_H_
+
+#include <map>
+#include <memory>
+#include <set>
+#include <string>
+#include <vector>
+
+#include <base/callback.h>
+#include <base/files/file_path.h>
+#include <base/memory/weak_ptr.h>
+#include <chromeos/errors/error.h>
+#include <chromeos/secure_blob.h>
+
+#include "buffet/privet/security_delegate.h"
+
+namespace crypto {
+class P224EncryptedKeyExchange;
+}  // namespace crypto
+
+namespace privetd {
+
+class SecurityManager : public SecurityDelegate {
+ public:
+  using PairingStartListener =
+      base::Callback<void(const std::string& session_id,
+                          PairingType pairing_type,
+                          const std::vector<uint8_t>& code)>;
+  using PairingEndListener =
+      base::Callback<void(const std::string& session_id)>;
+
+  class KeyExchanger {
+   public:
+    virtual ~KeyExchanger() = default;
+
+    virtual const std::string& GetMessage() = 0;
+    virtual bool ProcessMessage(const std::string& message,
+                                chromeos::ErrorPtr* error) = 0;
+    virtual const std::string& GetKey() const = 0;
+  };
+
+  SecurityManager(const std::set<PairingType>& pairing_modes,
+                  const base::FilePath& embedded_code_path,
+                  bool disable_security = false);
+  ~SecurityManager() override;
+
+  // SecurityDelegate methods
+  std::string CreateAccessToken(const UserInfo& user_info,
+                                const base::Time& time) override;
+  UserInfo ParseAccessToken(const std::string& token,
+                            base::Time* time) const override;
+  std::set<PairingType> GetPairingTypes() const override;
+  std::set<CryptoType> GetCryptoTypes() const override;
+  bool IsValidPairingCode(const std::string& auth_code) const override;
+
+  bool StartPairing(PairingType mode,
+                    CryptoType crypto,
+                    std::string* session_id,
+                    std::string* device_commitment,
+                    chromeos::ErrorPtr* error) override;
+
+  bool ConfirmPairing(const std::string& session_id,
+                      const std::string& client_commitment,
+                      std::string* fingerprint,
+                      std::string* signature,
+                      chromeos::ErrorPtr* error) override;
+  bool CancelPairing(const std::string& session_id,
+                     chromeos::ErrorPtr* error) override;
+
+  void RegisterPairingListeners(const PairingStartListener& on_start,
+                                const PairingEndListener& on_end);
+
+  void SetCertificateFingerprint(const chromeos::Blob& fingerprint) {
+    certificate_fingerprint_ = fingerprint;
+  }
+
+ private:
+  FRIEND_TEST_ALL_PREFIXES(SecurityManagerTest, ThrottlePairing);
+  // Allows limited number of new sessions without successful authorization.
+  bool CheckIfPairingAllowed(chromeos::ErrorPtr* error);
+  bool ClosePendingSession(const std::string& session_id);
+  bool CloseConfirmedSession(const std::string& session_id);
+
+  // If true allows unencrypted pairing and accepts any access code.
+  bool is_security_disabled_{false};
+  std::set<PairingType> pairing_modes_;
+  const base::FilePath embedded_code_path_;
+  std::string embedded_code_;
+  std::map<std::string, std::unique_ptr<KeyExchanger>> pending_sessions_;
+  std::map<std::string, std::unique_ptr<KeyExchanger>> confirmed_sessions_;
+  mutable int pairing_attemts_{0};
+  mutable base::Time block_pairing_until_;
+  chromeos::SecureBlob secret_;
+  chromeos::Blob certificate_fingerprint_;
+  PairingStartListener on_start_;
+  PairingEndListener on_end_;
+
+  base::WeakPtrFactory<SecurityManager> weak_ptr_factory_{this};
+
+  DISALLOW_COPY_AND_ASSIGN(SecurityManager);
+};
+
+}  // namespace privetd
+
+#endif  // BUFFET_PRIVET_SECURITY_MANAGER_H_