OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/chromeos/attestation/attestation_policy_observer.h" | |
6 | |
7 #include <string> | |
8 | |
9 #include "base/bind.h" | |
10 #include "chrome/browser/chromeos/attestation/attestation_ca_client.h" | |
11 #include "chrome/browser/chromeos/settings/cros_settings.h" | |
12 #include "chrome/browser/policy/cloud/cloud_policy_client.h" | |
13 #include "chrome/browser/policy/cloud/cloud_policy_manager.h" | |
14 #include "chrome/common/chrome_notification_types.h" | |
15 #include "chromeos/attestation/attestation_flow.h" | |
16 #include "chromeos/cryptohome/async_method_caller.h" | |
17 #include "chromeos/dbus/cryptohome_client.h" | |
18 #include "chromeos/dbus/dbus_method_call_status.h" | |
19 #include "chromeos/dbus/dbus_thread_manager.h" | |
20 #include "content/public/browser/notification_details.h" | |
21 | |
22 using std::string; | |
23 | |
24 namespace { | |
25 | |
26 // A dbus callback which handles a boolean result. | |
27 // | |
28 // Parameters | |
29 // on_true - Called when status=succes and value=true. | |
Mattias Nissler (ping if slow)
2013/04/10 17:31:03
*success
dkrahn
2013/04/12 01:17:29
Done.
| |
30 // on_false - Called when status=success and value=false. | |
31 // status - The dbus operation status. | |
32 // value - The value returned by the dbus operation. | |
33 void DBusBoolRedirectCallback(const base::Closure& on_true, | |
34 const base::Closure& on_false, | |
35 chromeos::DBusMethodCallStatus status, | |
36 bool value) { | |
37 if (status != chromeos::DBUS_METHOD_CALL_SUCCESS) | |
38 return; | |
39 const base::Closure& task = value ? on_true : on_false; | |
40 if (!task.is_null()) | |
41 task.Run(); | |
42 } | |
43 | |
44 // A dbus callback which handles a string result. | |
45 // | |
46 // Parameters | |
47 // on_success - Called when status=succes and result=true. | |
Mattias Nissler (ping if slow)
2013/04/10 17:31:03
*success
dkrahn
2013/04/12 01:17:29
Done.
| |
48 // status - The dbus operation status. | |
49 // result - The result returned by the dbus operation. | |
50 // data - The data returned by the dbus operation. | |
51 void DBusStringCallback(const base::Callback<void(const string&)> on_success, | |
52 chromeos::DBusMethodCallStatus status, | |
53 bool result, | |
54 const string& data) { | |
55 if (status != chromeos::DBUS_METHOD_CALL_SUCCESS || !result) | |
56 return; | |
57 on_success.Run(data); | |
58 } | |
59 | |
60 } // namespace | |
61 | |
62 namespace chromeos { | |
63 namespace attestation { | |
64 | |
65 const char AttestationPolicyObserver::kEnterpriseMachineKey[] = | |
66 "attest-ent-machine"; | |
67 | |
68 AttestationPolicyObserver::AttestationPolicyObserver() | |
69 : ALLOW_THIS_IN_INITIALIZER_LIST(weak_factory_(this)), | |
70 cros_settings_(CrosSettings::Get()), | |
71 policy_client_(NULL), | |
72 cryptohome_client_(NULL), | |
73 attestation_flow_(NULL) {} | |
74 | |
75 AttestationPolicyObserver::~AttestationPolicyObserver() { | |
76 cros_settings_->RemoveSettingsObserver(kDeviceAttestationEnabled, this); | |
77 } | |
78 | |
79 void AttestationPolicyObserver::Connect( | |
80 policy::CloudPolicyClient* policy_client) { | |
81 policy_client_ = policy_client; | |
82 cros_settings_->AddSettingsObserver(kDeviceAttestationEnabled, this); | |
83 Start(); | |
84 } | |
85 | |
86 void AttestationPolicyObserver::Observe( | |
87 int type, | |
88 const content::NotificationSource& source, | |
89 const content::NotificationDetails& details) { | |
90 string* path = content::Details<string>(details).ptr(); | |
91 if (type != chrome::NOTIFICATION_SYSTEM_SETTING_CHANGED || | |
92 *path != kDeviceAttestationEnabled) { | |
93 LOG(WARNING) << "AttestationPolicyObserver: Unexpected event received."; | |
94 return; | |
95 } | |
96 Start(); | |
97 } | |
98 | |
99 void AttestationPolicyObserver::Start() { | |
100 // If attestation is not enabled, there is nothing to do. | |
101 bool enabled = false; | |
102 if (!cros_settings_->GetBoolean(kDeviceAttestationEnabled, &enabled) || | |
103 !enabled) | |
104 return; | |
105 | |
106 // We expect a registered CloudPolicyClient. | |
107 if (!policy_client_->is_registered()) { | |
108 LOG(ERROR) << "AttestationPolicyObserver: Invalid CloudPolicyClient."; | |
109 return; | |
110 } | |
111 | |
112 if (!cryptohome_client_) { | |
Mattias Nissler (ping if slow)
2013/04/10 17:31:03
So if you have curlies here, you want them in line
dkrahn
2013/04/12 01:17:29
Curlies removed...
| |
113 cryptohome_client_ = DBusThreadManager::Get()->GetCryptohomeClient(); | |
114 } | |
115 | |
116 if (!attestation_flow_) { | |
117 scoped_ptr<ServerProxy> attestation_ca_client(new AttestationCAClient()); | |
118 default_attestation_flow_.reset(new AttestationFlow( | |
119 cryptohome::AsyncMethodCaller::GetInstance(), | |
120 cryptohome_client_, | |
121 attestation_ca_client.Pass())); | |
122 attestation_flow_ = default_attestation_flow_.get(); | |
123 } | |
124 | |
125 // Start a dbus call to check if an Enterprise Machine Key already exists. | |
126 base::Closure on_does_exist = | |
127 base::Bind(&AttestationPolicyObserver::GetExistingCertificate, | |
128 weak_factory_.GetWeakPtr()); | |
129 base::Closure on_does_not_exist = | |
130 base::Bind(&AttestationPolicyObserver::GetNewCertificate, | |
131 weak_factory_.GetWeakPtr()); | |
132 cryptohome_client_->TpmAttestationDoesKeyExist( | |
133 CryptohomeClient::DEVICE_KEY, | |
134 kEnterpriseMachineKey, | |
135 base::Bind(DBusBoolRedirectCallback, on_does_exist, on_does_not_exist)); | |
Mattias Nissler (ping if slow)
2013/04/10 17:31:03
Given you use DBusBoolRedirectCallback only once i
dkrahn
2013/04/12 01:17:29
This will get used again in the next CL :). Also,
Mattias Nissler (ping if slow)
2013/04/12 12:51:43
Fair.
| |
136 } | |
137 | |
138 void AttestationPolicyObserver::GetNewCertificate() { | |
139 // We can reuse the dbus callback handler logic. | |
140 attestation_flow_->GetCertificate( | |
141 kEnterpriseMachineKey, | |
142 base::Bind(DBusStringCallback, | |
143 base::Bind(&AttestationPolicyObserver::UploadCertificate, | |
144 weak_factory_.GetWeakPtr()), | |
145 DBUS_METHOD_CALL_SUCCESS)); | |
146 } | |
147 | |
148 void AttestationPolicyObserver::GetExistingCertificate() { | |
149 cryptohome_client_->TpmAttestationGetCertificate( | |
150 CryptohomeClient::DEVICE_KEY, | |
151 kEnterpriseMachineKey, | |
152 base::Bind(DBusStringCallback, | |
153 base::Bind(&AttestationPolicyObserver::CheckCertificateExpiry, | |
154 weak_factory_.GetWeakPtr()))); | |
155 } | |
156 | |
157 void AttestationPolicyObserver::CheckCertificateExpiry( | |
158 const string& certificate) { | |
159 // TODO(dkrahn): Check if the certificate will expire soon, for now assume no. | |
160 CheckIfUploaded(certificate); | |
161 } | |
162 | |
163 void AttestationPolicyObserver::UploadCertificate(const string& certificate) { | |
164 // TODO(dkrahn): Upload the certificate when supported by policy_client_. | |
Mattias Nissler (ping if slow)
2013/04/10 17:31:03
I think we have that now?
dkrahn
2013/04/12 01:17:29
Yep - coming in the next CL, don't want to squash
Mattias Nissler (ping if slow)
2013/04/12 12:51:43
Nit: then update the comment
dkrahn
2013/04/12 21:12:20
Done.
| |
165 } | |
166 | |
167 void AttestationPolicyObserver::CheckIfUploaded(const string& certificate) { | |
168 // TODO(dkrahn): When supported by the dbus interface, check if we've already | |
169 // uploaded the certificate. | |
170 } | |
171 | |
172 } // namespace attestation | |
173 } // namespace chromeos | |
OLD | NEW |