Chromium Code Reviews Chromium Code Reviews
Issue 1001723002:
media: Refactor PlatformVerificationFlow. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_ATTESTATION_PLATFORM_VERIFICATION_FLOW_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_ATTESTATION_PLATFORM_VERIFICATION_FLOW_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_ATTESTATION_PLATFORM_VERIFICATION_FLOW_H_ | 6 #define CHROME_BROWSER_CHROMEOS_ATTESTATION_PLATFORM_VERIFICATION_FLOW_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 67 SUCCESS, // The operation succeeded. | 67 SUCCESS, // The operation succeeded. |
| 68 INTERNAL_ERROR, // The operation failed unexpectedly. | 68 INTERNAL_ERROR, // The operation failed unexpectedly. |
| 69 PLATFORM_NOT_VERIFIED, // The platform cannot be verified. For example: | 69 PLATFORM_NOT_VERIFIED, // The platform cannot be verified. For example: |
| 70 // - It is not a Chrome device. | 70 // - It is not a Chrome device. |
| 71 // - It is not running a verified OS image. | 71 // - It is not running a verified OS image. |
| 72 USER_REJECTED, // The user explicitly rejected the operation. | 72 USER_REJECTED, // The user explicitly rejected the operation. |
| 73 POLICY_REJECTED, // The operation is not allowed by policy/settings. | 73 POLICY_REJECTED, // The operation is not allowed by policy/settings. |
| 74 TIMEOUT, // The operation timed out. | 74 TIMEOUT, // The operation timed out. |
| 75 }; | 75 }; |
| 76 | 76 |
| 77 enum ConsentResponse { | |
| 78 CONSENT_RESPONSE_NONE, | |
| 79 CONSENT_RESPONSE_ALLOW, | |
| 80 CONSENT_RESPONSE_DENY, | |
| 81 }; | |
| 82 | |
| 83 // An interface which allows settings and UI to be abstracted for testing | 77 // An interface which allows settings and UI to be abstracted for testing |
| 84 // purposes. For normal operation the default implementation should be used. | 78 // purposes. For normal operation the default implementation should be used. |
| 85 class Delegate { | 79 class Delegate { |
| 86 public: | 80 public: |
| 87 virtual ~Delegate() {} | 81 virtual ~Delegate() {} |
| 88 | 82 |
| 89 // This callback will be called when a user has given a |response| to a | |
| 90 // consent request of the specified |type|. | |
| 91 typedef base::Callback<void(ConsentResponse response)> ConsentCallback; | |
| 92 | |
| 93 // Invokes consent UI within the context of |web_contents| and calls | |
| 94 // |callback| when the user responds. | |
| 95 // |requesting_origin| or the extension/app name will be shown on the prompt | |
| 96 // if the request comes from a web page or an extension/app, respectively. | |
| 97 virtual void ShowConsentPrompt(content::WebContents* web_contents, | |
| 98 const GURL& requesting_origin, | |
| 99 const ConsentCallback& callback) = 0; | |
| 100 | |
| 101 // Gets prefs associated with the given |web_contents|. If no prefs are | 83 // Gets prefs associated with the given |web_contents|. If no prefs are |
| 102 // associated with |web_contents| then NULL is returned. | 84 // associated with |web_contents| then NULL is returned. |
| 103 virtual PrefService* GetPrefs(content::WebContents* web_contents) = 0; | 85 virtual PrefService* GetPrefs(content::WebContents* web_contents) = 0; |
| 104 | 86 |
| 105 // Gets the URL associated with the given |web_contents|. | 87 // Gets the URL associated with the given |web_contents|. |
| 106 virtual const GURL& GetURL(content::WebContents* web_contents) = 0; | 88 virtual const GURL& GetURL(content::WebContents* web_contents) = 0; |
| 107 | 89 |
| 108 // Gets the user associated with the given |web_contents|. NULL may be | 90 // Gets the user associated with the given |web_contents|. NULL may be |
| 109 // returned. | 91 // returned. |
| 110 virtual const user_manager::User* GetUser( | 92 virtual const user_manager::User* GetUser( |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 178 ~ChallengeContext(); | 160 ~ChallengeContext(); |
| 179 | 161 |
| 180 content::WebContents* web_contents; | 162 content::WebContents* web_contents; |
| 181 std::string service_id; | 163 std::string service_id; |
| 182 std::string challenge; | 164 std::string challenge; |
| 183 ChallengeCallback callback; | 165 ChallengeCallback callback; |
| 184 }; | 166 }; |
| 185 | 167 |
| 186 ~PlatformVerificationFlow(); | 168 ~PlatformVerificationFlow(); |
| 187 | 169 |
| 188 // Checks whether the device has already been enrolled for attestation. The | 170 // Checks whether the device has already been enrolled for attestation. The |
|
ddorwin
2015/03/12 00:28:32
Is this comment still accurate?
| |
| 189 // arguments to ChallengePlatformKey are in |context| and | 171 // arguments to ChallengePlatformKey are in |context| and |
| 190 // |attestation_prepared| specifies whether attestation has been prepared on | 172 // |attestation_prepared| specifies whether attestation has been prepared on |
| 191 // this device. | 173 // this device. |
| 192 void CheckEnrollment(const ChallengeContext& context, | 174 void OnAttestationPrepared(const ChallengeContext& context, |
| 193 bool attestation_prepared); | 175 bool attestation_prepared); |
| 194 | |
| 195 // Checks whether we need to prompt the user for consent before proceeding and | |
| 196 // invokes the consent UI if so. The arguments to ChallengePlatformKey are | |
| 197 // in |context| and |attestation_enrolled| specifies whether attestation has | |
| 198 // been enrolled for this device. | |
| 199 void CheckConsent(const ChallengeContext& context, | |
| 200 bool attestation_enrolled); | |
| 201 | |
| 202 // A callback called when the user has given their consent response. The | |
| 203 // arguments to ChallengePlatformKey are in |context|. |consent_required| and | |
| 204 // |consent_response| indicate whether consent was required and user response, | |
| 205 // respectively. If the response indicates that the operation should proceed, | |
| 206 // this method invokes a certificate request. | |
| 207 void OnConsentResponse(const ChallengeContext& context, | |
| 208 bool consent_required, | |
| 209 ConsentResponse consent_response); | |
| 210 | 176 |
| 211 // Initiates the flow to get a platform key certificate. The arguments to | 177 // Initiates the flow to get a platform key certificate. The arguments to |
| 212 // ChallengePlatformKey are in |context|. |user_id| identifies the user for | 178 // ChallengePlatformKey are in |context|. |user_id| identifies the user for |
| 213 // which to get a certificate. If |force_new_key| is true then any existing | 179 // which to get a certificate. If |force_new_key| is true then any existing |
| 214 // key for the same user and service will be ignored and a new key will be | 180 // key for the same user and service will be ignored and a new key will be |
| 215 // generated and certified. | 181 // generated and certified. |
| 216 void GetCertificate(const ChallengeContext& context, | 182 void GetCertificate(const ChallengeContext& context, |
| 217 const std::string& user_id, | 183 const std::string& user_id, |
| 218 bool force_new_key); | 184 bool force_new_key); |
| 219 | 185 |
| (...skipping 21 matching lines...) Expand all Loading... | |
| 241 // |certificate| is the platform certificate for the key which signed the | 207 // |certificate| is the platform certificate for the key which signed the |
| 242 // |challenge|. The arguments to ChallengePlatformKey are in |context|. | 208 // |challenge|. The arguments to ChallengePlatformKey are in |context|. |
| 243 // |operation_success| is true iff the challenge signing operation was | 209 // |operation_success| is true iff the challenge signing operation was |
| 244 // successful. If it was successful, |response_data| holds the challenge | 210 // successful. If it was successful, |response_data| holds the challenge |
| 245 // response and the method will invoke |context.callback|. | 211 // response and the method will invoke |context.callback|. |
| 246 void OnChallengeReady(const ChallengeContext& context, | 212 void OnChallengeReady(const ChallengeContext& context, |
| 247 const std::string& certificate, | 213 const std::string& certificate, |
| 248 bool operation_success, | 214 bool operation_success, |
| 249 const std::string& response_data); | 215 const std::string& response_data); |
| 250 | 216 |
| 251 // Checks whether policy or profile settings associated with |web_contents| | 217 // Checks whether attestation for content protection is allowed by policy. |
| 252 // have attestation for content protection explicitly disabled. | 218 bool IsAttestationAllowedByPolicy(); |
| 253 bool IsAttestationEnabled(content::WebContents* web_contents); | |
| 254 | 219 |
| 255 // Updates user settings for the profile associated with |web_contents| based | 220 // Checks whether attestation is permitted by user. |
| 256 // on the |consent_response| to the request of type |consent_type|. | 221 bool IsPermittedByUser(content::WebContents* web_contents); |
| 257 bool UpdateSettings(content::WebContents* web_contents, | |
| 258 ConsentResponse consent_response); | |
| 259 | 222 |
| 260 // Finds the origin-specific consent pref in |content_settings| for |url|. If | 223 // Finds the origin-specific consent pref in |content_settings| for |url|. If |
| 261 // a pref exists for the origin, returns true and sets |pref_value| if it is | 224 // a pref exists for the origin, returns true and sets |pref_value| if it is |
| 262 // not NULL. | 225 // not NULL. |
| 263 bool GetOriginPref(HostContentSettingsMap* content_settings, | 226 bool GetOriginPref(HostContentSettingsMap* content_settings, |
| 264 const GURL& url, | 227 const GURL& url, |
| 265 bool* pref_value); | 228 bool* pref_value); |
| 266 | 229 |
| 267 // Records the origin-specific consent pref in |content_settings| for |url|. | |
| 268 // The pref will be set to |allow_origin|. | |
| 269 void RecordOriginConsent(HostContentSettingsMap* content_settings, | |
| 270 const GURL& url, | |
| 271 bool allow_origin); | |
| 272 | |
| 273 // Returns true iff |certificate| is an expired X.509 certificate. | 230 // Returns true iff |certificate| is an expired X.509 certificate. |
| 274 bool IsExpired(const std::string& certificate); | 231 bool IsExpired(const std::string& certificate); |
| 275 | 232 |
| 276 AttestationFlow* attestation_flow_; | 233 AttestationFlow* attestation_flow_; |
| 277 scoped_ptr<AttestationFlow> default_attestation_flow_; | 234 scoped_ptr<AttestationFlow> default_attestation_flow_; |
| 278 cryptohome::AsyncMethodCaller* async_caller_; | 235 cryptohome::AsyncMethodCaller* async_caller_; |
| 279 CryptohomeClient* cryptohome_client_; | 236 CryptohomeClient* cryptohome_client_; |
| 280 Delegate* delegate_; | 237 Delegate* delegate_; |
| 281 scoped_ptr<Delegate> default_delegate_; | 238 scoped_ptr<Delegate> default_delegate_; |
| 282 base::TimeDelta timeout_delay_; | 239 base::TimeDelta timeout_delay_; |
| 283 | 240 |
| 284 DISALLOW_COPY_AND_ASSIGN(PlatformVerificationFlow); | 241 DISALLOW_COPY_AND_ASSIGN(PlatformVerificationFlow); |
| 285 }; | 242 }; |
| 286 | 243 |
| 287 } // namespace attestation | 244 } // namespace attestation |
| 288 } // namespace chromeos | 245 } // namespace chromeos |
| 289 | 246 |
| 290 #endif // CHROME_BROWSER_CHROMEOS_ATTESTATION_PLATFORM_VERIFICATION_FLOW_H_ | 247 #endif // CHROME_BROWSER_CHROMEOS_ATTESTATION_PLATFORM_VERIFICATION_FLOW_H_ |
| OLD | NEW |
