OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/extensions/api/enterprise_platform_keys_private/enterpr ise_platform_keys_private_api.h" | 5 #include "chrome/browser/extensions/api/enterprise_platform_keys_private/enterpr ise_platform_keys_private_api.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/base64.h" | 9 #include "base/base64.h" |
10 #include "base/callback.h" | 10 #include "base/callback.h" |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
63 case chromeos::CrosSettingsProvider::TEMPORARILY_UNTRUSTED: | 63 case chromeos::CrosSettingsProvider::TEMPORARILY_UNTRUSTED: |
64 // Do nothing. This function will be called again when the values are | 64 // Do nothing. This function will be called again when the values are |
65 // ready. | 65 // ready. |
66 return; | 66 return; |
67 case chromeos::CrosSettingsProvider::PERMANENTLY_UNTRUSTED: | 67 case chromeos::CrosSettingsProvider::PERMANENTLY_UNTRUSTED: |
68 // If the value cannot be trusted, we assume that the device attestation | 68 // If the value cannot be trusted, we assume that the device attestation |
69 // is false to be on the safe side. | 69 // is false to be on the safe side. |
70 break; | 70 break; |
71 } | 71 } |
72 | 72 |
73 MessageLoop::current()->PostTask(FROM_HERE, base::Bind(callback, value)); | 73 base::MessageLoop::current()->PostTask(FROM_HERE, |
74 base::Bind(callback, value)); | |
74 } | 75 } |
75 | 76 |
76 bool EPKPChallengeKeyBase::IsEnterpriseDevice() const { | 77 bool EPKPChallengeKeyBase::IsEnterpriseDevice() const { |
77 return install_attributes_->IsEnterpriseDevice(); | 78 return install_attributes_->IsEnterpriseDevice(); |
78 } | 79 } |
79 | 80 |
80 std::string EPKPChallengeKeyBase::GetEnterpriseDomain() const { | 81 std::string EPKPChallengeKeyBase::GetEnterpriseDomain() const { |
81 return install_attributes_->GetDomain(); | 82 return install_attributes_->GetDomain(); |
82 } | 83 } |
83 | 84 |
(...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
230 const std::string& domain, | 231 const std::string& domain, |
231 bool enabled) { | 232 bool enabled) { |
232 if (!enabled) { | 233 if (!enabled) { |
233 SetError("Remote attestation is not enabled for your device."); | 234 SetError("Remote attestation is not enabled for your device."); |
234 SendResponse(false); | 235 SendResponse(false); |
235 return; | 236 return; |
236 } | 237 } |
237 | 238 |
238 // If remote attestation is enabled at the device level, we don't need to | 239 // If remote attestation is enabled at the device level, we don't need to |
239 // ask for user consent. | 240 // ask for user consent. |
240 MessageLoop::current()->PostTask( | 241 base::MessageLoop::current()->PostTask( |
241 FROM_HERE, | 242 FROM_HERE, |
242 base::Bind(&EPKPChallengeUserKey::UserConsentCallback, this, | 243 base::Bind(&EPKPChallengeUserKey::UserConsentCallback, |
brettw
2013/04/28 04:26:27
Old wrapping was fine.
| |
243 challenge, register_key, domain, true)); | 244 this, |
245 challenge, | |
246 register_key, | |
247 domain, | |
248 true)); | |
244 } | 249 } |
245 | 250 |
246 void EPKPChallengeUserKey::UserConsentCallback(const std::string& challenge, | 251 void EPKPChallengeUserKey::UserConsentCallback(const std::string& challenge, |
247 bool register_key, | 252 bool register_key, |
248 const std::string& domain, | 253 const std::string& domain, |
249 bool action) { | 254 bool action) { |
250 if (!action) { | 255 if (!action) { |
251 SetError("User rejects the action."); | 256 SetError("User rejects the action."); |
252 SendResponse(false); | 257 SendResponse(false); |
253 return; | 258 return; |
(...skipping 20 matching lines...) Expand all Loading... | |
274 SendResponse(false); | 279 SendResponse(false); |
275 return; | 280 return; |
276 } | 281 } |
277 | 282 |
278 if (register_key) { | 283 if (register_key) { |
279 async_caller_->TpmAttestationRegisterKey( | 284 async_caller_->TpmAttestationRegisterKey( |
280 chromeos::CryptohomeClient::USER_KEY, | 285 chromeos::CryptohomeClient::USER_KEY, |
281 kKeyName, | 286 kKeyName, |
282 base::Bind(&EPKPChallengeUserKey::RegisterKeyCallback, this, response)); | 287 base::Bind(&EPKPChallengeUserKey::RegisterKeyCallback, this, response)); |
283 } else { | 288 } else { |
284 MessageLoop::current()->PostTask( | 289 base::MessageLoop::current()->PostTask( |
285 FROM_HERE, | 290 FROM_HERE, |
286 base::Bind(&EPKPChallengeUserKey::RegisterKeyCallback, this, | 291 base::Bind(&EPKPChallengeUserKey::RegisterKeyCallback, |
287 response, true, cryptohome::MOUNT_ERROR_NONE)); | 292 this, |
brettw
2013/04/28 04:26:27
Ditto
| |
293 response, | |
294 true, | |
295 cryptohome::MOUNT_ERROR_NONE)); | |
288 } | 296 } |
289 } | 297 } |
290 | 298 |
291 void EPKPChallengeUserKey::RegisterKeyCallback( | 299 void EPKPChallengeUserKey::RegisterKeyCallback( |
292 const std::string& response, | 300 const std::string& response, |
293 bool success, | 301 bool success, |
294 cryptohome::MountError return_code) { | 302 cryptohome::MountError return_code) { |
295 if (!success || return_code != cryptohome::MOUNT_ERROR_NONE) { | 303 if (!success || return_code != cryptohome::MOUNT_ERROR_NONE) { |
296 SetError("Key registration failed."); | 304 SetError("Key registration failed."); |
297 SendResponse(false); | 305 SendResponse(false); |
298 return; | 306 return; |
299 } | 307 } |
300 | 308 |
301 std::string encoded_response; | 309 std::string encoded_response; |
302 if (!base::Base64Encode(response, &encoded_response)) { | 310 if (!base::Base64Encode(response, &encoded_response)) { |
303 SetError("Response cannot be encoded in base64."); | 311 SetError("Response cannot be encoded in base64."); |
304 SendResponse(false); | 312 SendResponse(false); |
305 return; | 313 return; |
306 } | 314 } |
307 | 315 |
308 results_ = api_epkp::ChallengeUserKey::Results::Create(encoded_response); | 316 results_ = api_epkp::ChallengeUserKey::Results::Create(encoded_response); |
309 SendResponse(true); | 317 SendResponse(true); |
310 } | 318 } |
311 | 319 |
312 void EPKPChallengeUserKey::AskForUserConsent( | 320 void EPKPChallengeUserKey::AskForUserConsent( |
313 const base::Callback<void(bool)>& callback) { | 321 const base::Callback<void(bool)>& callback) { |
314 // TODO(davidyu): right now we just simply reject the request before we have | 322 // TODO(davidyu): right now we just simply reject the request before we have |
315 // a way to ask for user consent. | 323 // a way to ask for user consent. |
316 MessageLoop::current()->PostTask(FROM_HERE, base::Bind(callback, false)); | 324 base::MessageLoop::current()->PostTask(FROM_HERE, |
325 base::Bind(callback, false)); | |
317 } | 326 } |
318 | 327 |
319 bool EPKPChallengeUserKey::IsExtensionWhitelisted() const { | 328 bool EPKPChallengeUserKey::IsExtensionWhitelisted() const { |
320 const base::ListValue* list = | 329 const base::ListValue* list = |
321 profile()->GetPrefs()->GetList(prefs::kAttestationExtensionWhitelist); | 330 profile()->GetPrefs()->GetList(prefs::kAttestationExtensionWhitelist); |
322 StringValue value(extension_->id()); | 331 StringValue value(extension_->id()); |
323 return list->Find(value) != list->end(); | 332 return list->Find(value) != list->end(); |
324 } | 333 } |
325 | 334 |
326 bool EPKPChallengeUserKey::IsRemoteAttestationEnabledForUser() const { | 335 bool EPKPChallengeUserKey::IsRemoteAttestationEnabledForUser() const { |
327 return profile()->GetPrefs()->GetBoolean(prefs::kAttestationEnabled); | 336 return profile()->GetPrefs()->GetBoolean(prefs::kAttestationEnabled); |
328 } | 337 } |
329 | 338 |
330 std::string EPKPChallengeUserKey::GetUserDomain() const { | 339 std::string EPKPChallengeUserKey::GetUserDomain() const { |
331 SigninManagerBase* signin_manager = | 340 SigninManagerBase* signin_manager = |
332 SigninManagerFactory::GetForProfile(profile()); | 341 SigninManagerFactory::GetForProfile(profile()); |
333 if (!signin_manager) | 342 if (!signin_manager) |
334 return std::string(); | 343 return std::string(); |
335 | 344 |
336 return gaia::ExtractDomainName( | 345 return gaia::ExtractDomainName( |
337 gaia::CanonicalizeEmail(signin_manager->GetAuthenticatedUsername())); | 346 gaia::CanonicalizeEmail(signin_manager->GetAuthenticatedUsername())); |
338 } | 347 } |
339 | 348 |
340 } // namespace extensions | 349 } // namespace extensions |
OLD | NEW |