| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_ |
| 6 #define CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_ |
| 7 |
| 8 #include <string> |
| 9 |
| 10 #include "base/basictypes.h" |
| 11 #include "base/callback_forward.h" |
| 12 #include "base/memory/weak_ptr.h" |
| 13 #include "chromeos/chromeos_export.h" |
| 14 #include "chromeos/dbus/dbus_method_call_status.h" |
| 15 #include "third_party/cros_system_api/dbus/service_constants.h" |
| 16 |
| 17 namespace cryptohome { |
| 18 |
| 19 class AsyncMethodCaller; |
| 20 |
| 21 } // namespace cryptohome |
| 22 |
| 23 namespace chromeos { |
| 24 |
| 25 class CryptohomeClient; |
| 26 |
| 27 namespace attestation { |
| 28 |
| 29 // Interface for access to the Privacy CA server. |
| 30 class CHROMEOS_EXPORT ServerProxy { |
| 31 public: |
| 32 typedef base::Callback<void(bool success, |
| 33 const std::string& data)> DataCallback; |
| 34 virtual ~ServerProxy() {} |
| 35 virtual void SendEnrollRequest(const std::string& request, |
| 36 const DataCallback& on_response) = 0; |
| 37 virtual void SendCertificateRequest(const std::string& request, |
| 38 const DataCallback& on_response) = 0; |
| 39 }; |
| 40 |
| 41 // Implements the message flow for Chrome OS attestation tasks. Generally this |
| 42 // consists of coordinating messages between the Chrome OS attestation service |
| 43 // and the Privacy CA server. Sample usage: |
| 44 // AttestationFlow flow(AsyncMethodCaller::GetInstance(), |
| 45 // DBusThreadManager::Get().GetCryptohomeClient(), |
| 46 // my_server_proxy); |
| 47 // CertificateCallback callback = base::Bind(&MyCallback); |
| 48 // flow.GetCertificate("attest-ent-machine", callback); |
| 49 class CHROMEOS_EXPORT AttestationFlow { |
| 50 public: |
| 51 typedef base::Callback<void(bool success, |
| 52 const std::string& pem_certificate_chain)> |
| 53 CertificateCallback; |
| 54 |
| 55 AttestationFlow(cryptohome::AsyncMethodCaller* async_caller, |
| 56 CryptohomeClient* cryptohome_client, |
| 57 ServerProxy* server_proxy); |
| 58 virtual ~AttestationFlow(); |
| 59 |
| 60 // Asynchronously gets an attestation certificate bound to the given name. |
| 61 // If no certificate has been associated with the name, a new certificate is |
| 62 // issued. |
| 63 // |
| 64 // Parameters |
| 65 // name - The name of the key for which to retrieve a certificate. The |
| 66 // following key names are available: |
| 67 // "attest-ent-machine" - The enterprise machine key. |
| 68 // "attest-ent-user" - An enterprise user key for the current user. |
| 69 // "content-[origin]" - A content protection key bound to a |
| 70 // specific origin for the current user. |
| 71 // callback - A callback which will be called when the operation completes. |
| 72 virtual void GetCertificate(const std::string& name, |
| 73 const CertificateCallback& callback); |
| 74 |
| 75 private: |
| 76 // The key name defined for the special-purpose Enterprise Machine Key. |
| 77 static const char kEnterpriseMachineKey[]; |
| 78 |
| 79 // Asynchronously initiates the attestation enrollment flow. |
| 80 // |
| 81 // Parameters |
| 82 // on_failure - Called if any failure occurs. |
| 83 // next_task - Called on successful enrollment. |
| 84 void StartEnroll(const base::Closure& on_failure, |
| 85 const base::Closure& next_task); |
| 86 |
| 87 // Called when the attestation daemon has finished creating an enrollment |
| 88 // request for the Privacy CA. The request is asynchronously forwarded as-is |
| 89 // to the PCA. |
| 90 // |
| 91 // Parameters |
| 92 // on_failure - Called if any failure occurs. |
| 93 // next_task - Called on successful enrollment. |
| 94 // success - The status of request creation. |
| 95 // data - The request data for the Privacy CA. |
| 96 void SendEnrollRequestToPCA(const base::Closure& on_failure, |
| 97 const base::Closure& next_task, |
| 98 bool success, |
| 99 const std::string& data); |
| 100 |
| 101 // Called when the Privacy CA responds to an enrollment request. The response |
| 102 // is asynchronously forwarded as-is to the attestation daemon in order to |
| 103 // complete the enrollment operation. |
| 104 // |
| 105 // Parameters |
| 106 // on_failure - Called if any failure occurs. |
| 107 // next_task - Called on successful enrollment. |
| 108 // success - The status of the Privacy CA operation. |
| 109 // data - The response data from the Privacy CA. |
| 110 void SendEnrollResponseToDaemon(const base::Closure& on_failure, |
| 111 const base::Closure& next_task, |
| 112 bool success, |
| 113 const std::string& data); |
| 114 |
| 115 // Called when the attestation daemon completes an enrollment operation. If |
| 116 // the operation was successful, the next_task callback is called. |
| 117 // |
| 118 // Parameters |
| 119 // on_failure - Called if any failure occurs. |
| 120 // next_task - Called on successful enrollment. |
| 121 // success - The status of the enrollment operation. |
| 122 // not_used - An artifact of the cryptohome D-Bus interface; ignored. |
| 123 void OnEnrollComplete(const base::Closure& on_failure, |
| 124 const base::Closure& next_task, |
| 125 bool success, |
| 126 cryptohome::MountError not_used); |
| 127 |
| 128 // Asynchronously initiates the certificate request flow. Attestation |
| 129 // enrollment must complete successfully before this operation can succeed. |
| 130 // |
| 131 // Parameters |
| 132 // name - The name of the key for which a certificate is requested. |
| 133 // callback - Called when the operation completes. |
| 134 void StartCertificateRequest(const std::string& name, |
| 135 const CertificateCallback& callback); |
| 136 |
| 137 // Called when the attestation daemon has finished creating a certificate |
| 138 // request for the Privacy CA. The request is asynchronously forwarded as-is |
| 139 // to the PCA. |
| 140 // |
| 141 // Parameters |
| 142 // callback - Called when the operation completes. |
| 143 // success - The status of request creation. |
| 144 // data - The request data for the Privacy CA. |
| 145 void SendCertificateRequestToPCA(const CertificateCallback& callback, |
| 146 bool success, |
| 147 const std::string& data); |
| 148 |
| 149 // Called when the Privacy CA responds to a certificate request. The response |
| 150 // is asynchronously forwarded as-is to the attestation daemon in order to |
| 151 // complete the operation. |
| 152 // |
| 153 // Parameters |
| 154 // callback - Called when the operation completes. |
| 155 // success - The status of the Privacy CA operation. |
| 156 // data - The response data from the Privacy CA. |
| 157 void SendCertificateResponseToDaemon(const CertificateCallback& callback, |
| 158 bool success, |
| 159 const std::string& data); |
| 160 |
| 161 base::WeakPtrFactory<AttestationFlow> weak_factory_; |
| 162 cryptohome::AsyncMethodCaller* async_caller_; |
| 163 CryptohomeClient* cryptohome_client_; |
| 164 ServerProxy* server_proxy_; |
| 165 |
| 166 DISALLOW_COPY_AND_ASSIGN(AttestationFlow); |
| 167 }; |
| 168 |
| 169 } // namespace attestation |
| 170 } // namespace chromeos |
| 171 |
| 172 #endif // CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11932004:
Implemented attestation message flow for Chrome OS. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src