media: Refactor PlatformVerificationFlow.

chrome/browser/chromeos/attestation/platform_verification_flow.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/attestation/platform_verification_flow.h"
 
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/message_loop/message_loop.h"
 #include "base/metrics/histogram.h"
 #include "base/prefs/pref_service.h"
 #include "base/time/time.h"
 #include "base/timer/timer.h"
 #include "chrome/browser/chromeos/attestation/attestation_ca_client.h"
 #include "chrome/browser/chromeos/attestation/attestation_signed_data.pb.h"
-#include "chrome/browser/chromeos/attestation/platform_verification_dialog.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
+#include "chrome/browser/media/protected_media_identifier_permission_context.h"
+#include "chrome/browser/media/protected_media_identifier_permission_context_factory.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/pref_names.h"
 #include "chromeos/attestation/attestation_flow.h"
 #include "chromeos/cryptohome/async_method_caller.h"
 #include "chromeos/dbus/cryptohome_client.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "components/content_settings/core/common/content_settings_pattern.h"
+#include "components/content_settings/core/common/permission_request_id.h"
 #include "components/pref_registry/pref_registry_syncable.h"
 #include "components/user_manager/user.h"
 #include "components/user_prefs/user_prefs.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/browser_thread.h"
+#include "content/public/browser/render_process_host.h"
+#include "content/public/browser/render_view_host.h"
 #include "content/public/browser/user_metrics.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/url_constants.h"
 #include "net/cert/x509_certificate.h"
 
 namespace {
 
-const char kDefaultHttpsPort[] = "443";
 const int kTimeoutInSeconds = 8;
 const char kAttestationResultHistogram[] =
     "ChromeOS.PlatformVerification.Result";
 const char kAttestationAvailableHistogram[] =
     "ChromeOS.PlatformVerification.Available";
 const int kAttestationResultHistogramMax = 10;
 
 // A callback method to handle DBus errors.
 void DBusCallback(const base::Callback<void(bool)>& on_success,
                   const base::Closure& on_failure,
@@ skipping 20 matching lines @@
 
 namespace chromeos {
 namespace attestation {
 
 // A default implementation of the Delegate interface.
 class DefaultDelegate : public PlatformVerificationFlow::Delegate {
  public:
   DefaultDelegate() {}
   ~DefaultDelegate() override {}
 
-  void ShowConsentPrompt(
-      content::WebContents* web_contents,
-      const GURL& requesting_origin,
-      const PlatformVerificationFlow::Delegate::ConsentCallback& callback)
-      override {
-    PlatformVerificationDialog::ShowDialog(web_contents, requesting_origin,
-                                           callback);
-  }
-
   PrefService* GetPrefs(content::WebContents* web_contents) override {
     return user_prefs::UserPrefs::Get(web_contents->GetBrowserContext());
   }
 
   const GURL& GetURL(content::WebContents* web_contents) override {
     const GURL& url = web_contents->GetLastCommittedURL();
     if (!url.is_valid())
       return web_contents->GetVisibleURL();
     return url;
   }
@@ skipping 68 matching lines @@
 
 PlatformVerificationFlow::~PlatformVerificationFlow() {
 }
 
 void PlatformVerificationFlow::ChallengePlatformKey(
     content::WebContents* web_contents,
     const std::string& service_id,
     const std::string& challenge,
     const ChallengeCallback& callback) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
+
   if (!delegate_->GetURL(web_contents).is_valid()) {
     LOG(WARNING) << "PlatformVerificationFlow: Invalid URL.";
     ReportError(callback, INTERNAL_ERROR);
     return;
   }
-  if (!IsAttestationEnabled(web_contents)) {
+
+  // Note: The following two checks are also checked in GetPermissionStatus.
+  // Checking them here explicitly to report the correct error type.
+
+  if (!IsAttestationAllowedByPolicy()) {
+    VLOG(1) << "Platform verification not allowed by device policy.";
     ReportError(callback, POLICY_REJECTED);
     return;
   }
-  // A platform key must be bound to a user.  They are not allowed in incognito
+
+  // A platform key must be bound to a user. They are not allowed in incognito
   // or guest mode.
   if (delegate_->IsGuestOrIncognito(web_contents)) {
     VLOG(1) << "Platform verification denied because the current session is "
             << "guest or incognito.";
     ReportError(callback, PLATFORM_NOT_VERIFIED);
     return;
   }
+
+  if (!IsPermittedByUser(web_contents)) {

[ddorwin, 2015/03/12 00:28:32]

Perhaps note that the user should have already been prompted if necessary.

+    VLOG(1) << "Platform verification not permitted by user.";
+    ReportError(callback, USER_REJECTED);

[ddorwin, 2015/03/12 00:28:32]

OOC, where do these values go and why? Do we use them for UMAs? They shouldn't
be exposed to the app, or even perhaps the renderer.

+    return;
+  }
+
   ChallengeContext context(web_contents, service_id, challenge, callback);
   // Check if the device has been prepared to use attestation.
-  BoolDBusMethodCallback dbus_callback = base::Bind(
-      &DBusCallback,
-      base::Bind(&PlatformVerificationFlow::CheckEnrollment, this, context),
-      base::Bind(&ReportError, callback, INTERNAL_ERROR));
+  BoolDBusMethodCallback dbus_callback =
+      base::Bind(&DBusCallback,
+                 base::Bind(&PlatformVerificationFlow::OnAttestationPrepared,

[xhwang, 2015/03/11 23:01:17]

I skipped the CheckEnrollment step because we don't care about the enrollment
status.

+                            this, context),
+                 base::Bind(&ReportError, callback, INTERNAL_ERROR));
   cryptohome_client_->TpmAttestationIsPrepared(dbus_callback);
 }
 
-void PlatformVerificationFlow::CheckEnrollment(const ChallengeContext& context,
-                                               bool attestation_prepared) {
+void PlatformVerificationFlow::OnAttestationPrepared(
+    const ChallengeContext& context,
+    bool attestation_prepared) {
   UMA_HISTOGRAM_BOOLEAN(kAttestationAvailableHistogram, attestation_prepared);
+
   if (!attestation_prepared) {
     // This device is not currently able to use attestation features.
     ReportError(context.callback, PLATFORM_NOT_VERIFIED);
     return;
   }
-  BoolDBusMethodCallback dbus_callback = base::Bind(
-      &DBusCallback,
-      base::Bind(&PlatformVerificationFlow::CheckConsent, this, context),
-      base::Bind(&ReportError, context.callback, INTERNAL_ERROR));
-  cryptohome_client_->TpmAttestationIsEnrolled(dbus_callback);
-}
 
-void PlatformVerificationFlow::CheckConsent(const ChallengeContext& context,
-                                            bool /* attestation_enrolled */) {
-  content::WebContents* web_contents = context.web_contents;
-
-  bool enabled_for_origin = false;
-  bool found =
-      GetOriginPref(delegate_->GetContentSettings(web_contents),
-                    delegate_->GetURL(web_contents), &enabled_for_origin);
-  if (found && !enabled_for_origin) {
-    VLOG(1) << "Platform verification denied because the origin has been "
-            << "blocked by the user.";
-    ReportError(context.callback, USER_REJECTED);
+  // Permission allowed. Now proceed to get certificate.
+  const user_manager::User* user = delegate_->GetUser(context.web_contents);
+  if (!user) {
+    ReportError(context.callback, INTERNAL_ERROR);
+    LOG(ERROR) << "Profile does not map to a valid user.";
     return;
   }
 
-  PrefService* pref_service = delegate_->GetPrefs(web_contents);
-  if (!pref_service) {
-    LOG(ERROR) << "Failed to get user prefs.";
-    ReportError(context.callback, INTERNAL_ERROR);
-    return;
-  }
-
-  // Consent required if user has never given consent for this origin, or if
-  // user has never given consent to attestation for content protection on this
-  // device.
-  bool consent_required =
-      !found || !pref_service->GetBoolean(prefs::kRAConsentGranted);

[xhwang, 2015/03/11 23:01:17]

This logic is moved to ProtectedMediaIdentifierPermissionContext.

-
-  Delegate::ConsentCallback consent_callback = base::Bind(
-      &PlatformVerificationFlow::OnConsentResponse,
-      this,
-      context,
-      consent_required);
-  if (consent_required) {
-    // TODO(xhwang): Using delegate_->GetURL() here is not right. The consent
-    // may be requested by a frame from a different origin. This will be solved
-    // when http://crbug.com/454847 is fixed.
-    delegate_->ShowConsentPrompt(
-        context.web_contents,
-        delegate_->GetURL(context.web_contents).GetOrigin(), consent_callback);
-  } else {
-    consent_callback.Run(CONSENT_RESPONSE_NONE);
-  }
+  GetCertificate(context, user->email(), false /* Don't force a new key */);
 }
 
 void PlatformVerificationFlow::RegisterProfilePrefs(
     user_prefs::PrefRegistrySyncable* prefs) {
   prefs->RegisterBooleanPref(prefs::kRAConsentGranted,
                              false,  // Default value.
                              user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
 }
 
-void PlatformVerificationFlow::OnConsentResponse(
-    const ChallengeContext& context,
-    bool consent_required,
-    ConsentResponse consent_response) {
-  if (consent_required) {
-    if (consent_response == CONSENT_RESPONSE_NONE) {
-      // No user response - do not proceed and do not modify any settings.
-      LOG(WARNING) << "PlatformVerificationFlow: No response from user.";
-      ReportError(context.callback, USER_REJECTED);
-      return;
-    }
-    if (!UpdateSettings(context.web_contents, consent_response)) {
-      ReportError(context.callback, INTERNAL_ERROR);
-      return;
-    }
-    if (consent_response == CONSENT_RESPONSE_DENY) {
-      content::RecordAction(
-          base::UserMetricsAction("PlatformVerificationRejected"));
-      VLOG(1) << "Platform verification denied by user.";
-      ReportError(context.callback, USER_REJECTED);
-      return;
-    } else if (consent_response == CONSENT_RESPONSE_ALLOW) {
-      content::RecordAction(
-          base::UserMetricsAction("PlatformVerificationAccepted"));
-      VLOG(1) << "Platform verification accepted by user.";
-    }
-  }
-
-  // At this point all user interaction is complete and we can proceed with the
-  // certificate request.
-  const user_manager::User* user = delegate_->GetUser(context.web_contents);
-  if (!user) {
-    ReportError(context.callback, INTERNAL_ERROR);
-    LOG(ERROR) << "Profile does not map to a valid user.";
-    return;
-  }
-
-  GetCertificate(context, user->email(), false /* Don't force a new key */);
-}
-
 void PlatformVerificationFlow::GetCertificate(const ChallengeContext& context,
                                               const std::string& user_id,
                                               bool force_new_key) {
   scoped_ptr<base::Timer> timer(new base::Timer(false,    // Don't retain.
                                                 false));  // Don't repeat.
   base::Closure timeout_callback = base::Bind(
       &PlatformVerificationFlow::OnCertificateTimeout,
       this,
       context);
   timer->Start(FROM_HERE, timeout_delay_, timeout_callback);
@@ skipping 75 matching lines @@
   }
   VLOG(1) << "Platform verification successful.";
   UMA_HISTOGRAM_ENUMERATION(kAttestationResultHistogram, SUCCESS,
                             kAttestationResultHistogramMax);
   context.callback.Run(SUCCESS,
                        signed_data_pb.data(),
                        signed_data_pb.signature(),
                        certificate);
 }
 
-bool PlatformVerificationFlow::IsAttestationEnabled(
-    content::WebContents* web_contents) {
+bool PlatformVerificationFlow::IsAttestationAllowedByPolicy() {
   // Check the device policy for the feature.
   bool enabled_for_device = false;
   if (!CrosSettings::Get()->GetBoolean(kAttestationForContentProtectionEnabled,
                                        &enabled_for_device)) {
     LOG(ERROR) << "Failed to get device setting.";
     return false;
   }
   if (!enabled_for_device) {
     VLOG(1) << "Platform verification denied because Verified Access is "
             << "disabled for the device.";
     return false;
   }
 
-  // Check the user preference for the feature.
-  PrefService* pref_service = delegate_->GetPrefs(web_contents);
-  if (!pref_service) {
-    LOG(ERROR) << "Failed to get user prefs.";
-    return false;
-  }
-  if (!pref_service->GetBoolean(prefs::kEnableDRM)) {
-    VLOG(1) << "Platform verification denied because content protection "
-            << "identifiers have been disabled by the user.";
-    return false;
-  }
-
-  // Check the user preference for this origin.
-  bool enabled_for_origin = false;
-  bool found =
-      GetOriginPref(delegate_->GetContentSettings(web_contents),
-                    delegate_->GetURL(web_contents), &enabled_for_origin);
-  if (found && !enabled_for_origin) {
-    VLOG(1) << "Platform verification denied because the origin has been "
-            << "blocked by the user.";
-    return false;
-  }
   return true;
 }
 
-bool PlatformVerificationFlow::UpdateSettings(
-    content::WebContents* web_contents,
-    ConsentResponse consent_response) {
-  PrefService* pref_service = delegate_->GetPrefs(web_contents);
-  if (!pref_service) {
-    LOG(ERROR) << "Failed to get user prefs.";
-    return false;
-  }
+bool PlatformVerificationFlow::IsPermittedByUser(
+    content::WebContents* web_contents) {
+  ProtectedMediaIdentifierPermissionContext* permission_context =
+      ProtectedMediaIdentifierPermissionContextFactory::GetForProfile(
+          Profile::FromBrowserContext(web_contents->GetBrowserContext()));
 
-  if (consent_response == CONSENT_RESPONSE_ALLOW) {
-    pref_service->SetBoolean(prefs::kRAConsentGranted, true);
-  }
+  // TODO(xhwang): Using delegate_->GetURL() here is not right. The platform

[ddorwin, 2015/03/12 00:28:32]

What URL does this give us? GLCURL below gets us the top-level origin. Your
comment is saying delegate_ is not the requesting frame, right?

+  // verification may be requested by a frame from a different origin. This will
+  // be solved when http://crbug.com/454847 is fixed.
+  const GURL& requesting_origin = delegate_->GetURL(web_contents).GetOrigin();
 
-  RecordOriginConsent(delegate_->GetContentSettings(web_contents),
-                      delegate_->GetURL(web_contents),
-                      (consent_response == CONSENT_RESPONSE_ALLOW));
-  return true;
+  GURL embedding_origin = web_contents->GetLastCommittedURL().GetOrigin();
+
+  ContentSetting content_setting = permission_context->GetPermissionStatus(
+      requesting_origin, embedding_origin);
+
+  return content_setting == CONTENT_SETTING_ALLOW;
 }
 
 bool PlatformVerificationFlow::GetOriginPref(
     HostContentSettingsMap* content_settings,
     const GURL& url,
     bool* pref_value) {
   CHECK(content_settings);
   CHECK(url.is_valid());
   ContentSetting setting = content_settings->GetContentSetting(
       url,
       url,
       CONTENT_SETTINGS_TYPE_PROTECTED_MEDIA_IDENTIFIER,
       std::string());
   if (setting != CONTENT_SETTING_ALLOW && setting != CONTENT_SETTING_BLOCK)
     return false;
   if (pref_value)
     *pref_value = (setting == CONTENT_SETTING_ALLOW);
   return true;
 }
 
-void PlatformVerificationFlow::RecordOriginConsent(

[xhwang, 2015/03/11 23:01:17]

These are now handled by ProtectedMediaIdentifierPermissionContext.

-    HostContentSettingsMap* content_settings,
-    const GURL& url,
-    bool allow_origin) {
-  CHECK(content_settings);
-  CHECK(url.is_valid());
-  // Build a pattern to represent scheme and host.
-  scoped_ptr<ContentSettingsPattern::BuilderInterface> builder(
-      ContentSettingsPattern::CreateBuilder(false));
-  builder->WithScheme(url.scheme())
-         ->WithDomainWildcard()
-         ->WithHost(url.host())
-         ->WithPathWildcard();
-  if (!url.port().empty())
-    builder->WithPort(url.port());
-  else if (url.SchemeIs(url::kHttpsScheme))
-    builder->WithPort(kDefaultHttpsPort);
-  else if (url.SchemeIs(url::kHttpScheme))
-    builder->WithPortWildcard();
-  ContentSettingsPattern pattern = builder->Build();
-  if (pattern.IsValid()) {
-    ContentSetting setting =
-        allow_origin ? CONTENT_SETTING_ALLOW : CONTENT_SETTING_BLOCK;
-    content_settings->SetContentSetting(
-        pattern,
-        pattern,
-        CONTENT_SETTINGS_TYPE_PROTECTED_MEDIA_IDENTIFIER,
-        std::string(),
-        setting);
-  } else {
-    LOG(WARNING) << "Not recording action: invalid URL pattern";
-  }
-}
-
 bool PlatformVerificationFlow::IsExpired(const std::string& certificate) {
   scoped_refptr<net::X509Certificate> x509(
       net::X509Certificate::CreateFromBytes(certificate.data(),
                                             certificate.length()));
   if (!x509.get() || x509->valid_expiry().is_null()) {
     LOG(WARNING) << "Failed to parse certificate, cannot check expiry.";
     return false;
   }
   return (base::Time::Now() > x509->valid_expiry());
 }
 
 }  // namespace attestation
 }  // namespace chromeos