| Index: chromeos/attestation/attestation_flow.h
|
| diff --git a/chromeos/attestation/attestation_flow.h b/chromeos/attestation/attestation_flow.h
|
| index 76049d76fb6b9077dc7863239351556e171534c9..2c59f3baee212d26d22ef5264d5ea97545a18568 100644
|
| --- a/chromeos/attestation/attestation_flow.h
|
| +++ b/chromeos/attestation/attestation_flow.h
|
| @@ -11,6 +11,7 @@
|
| #include "base/callback_forward.h"
|
| #include "base/memory/scoped_ptr.h"
|
| #include "base/memory/weak_ptr.h"
|
| +#include "chromeos/attestation/attestation_constants.h"
|
| #include "chromeos/chromeos_export.h"
|
| #include "chromeos/dbus/dbus_method_call_status.h"
|
| #include "third_party/cros_system_api/dbus/service_constants.h"
|
| @@ -41,12 +42,12 @@ class CHROMEOS_EXPORT ServerProxy {
|
|
|
| // Implements the message flow for Chrome OS attestation tasks. Generally this
|
| // consists of coordinating messages between the Chrome OS attestation service
|
| -// and the Privacy CA server. Sample usage:
|
| +// and the Chrome OS Privacy CA server. Sample usage:
|
| // AttestationFlow flow(AsyncMethodCaller::GetInstance(),
|
| // DBusThreadManager::Get().GetCryptohomeClient(),
|
| -// my_server_proxy);
|
| -// CertificateCallback callback = base::Bind(&MyCallback);
|
| -// flow.GetCertificate("attest-ent-machine", callback);
|
| +// my_server_proxy.Pass());
|
| +// AttestationFlow::CertificateCallback callback = base::Bind(&MyCallback);
|
| +// flow.GetCertificate(ENTERPRISE_USER_CERTIFICATE, false, callback);
|
| class CHROMEOS_EXPORT AttestationFlow {
|
| public:
|
| typedef base::Callback<void(bool success,
|
| @@ -58,25 +59,26 @@ class CHROMEOS_EXPORT AttestationFlow {
|
| scoped_ptr<ServerProxy> server_proxy);
|
| virtual ~AttestationFlow();
|
|
|
| - // Asynchronously gets an attestation certificate bound to the given name.
|
| - // If no certificate has been associated with the name, a new certificate is
|
| - // issued.
|
| + // Gets an attestation certificate for a hardware-protected key. If a key for
|
| + // the given profile does not exist, it will be generated and a certificate
|
| + // request will be made to the Chrome OS Privacy CA to issue a certificate for
|
| + // the key. If the key already exists and |force_new_key| is false, the
|
| + // existing certificate is returned.
|
| //
|
| // Parameters
|
| - // name - The name of the key for which to retrieve a certificate. The
|
| - // following key names are available:
|
| - // "attest-ent-machine" - The enterprise machine key.
|
| - // "attest-ent-user" - An enterprise user key for the current user.
|
| - // "content-[origin]" - A content protection key bound to a
|
| - // specific origin for the current user.
|
| + // certificate_profile - Specifies what kind of certificate should be
|
| + // requested from the CA.
|
| + // force_new_key - If set to true, a new key will be generated even if a key
|
| + // already exists for the profile. The new key will replace
|
| + // the existing key on success.
|
| // callback - A callback which will be called when the operation completes.
|
| - virtual void GetCertificate(const std::string& name,
|
| + // On success |result| will be true and |data| will contain the
|
| + // PCA-issued certificate chain in PEM format.
|
| + virtual void GetCertificate(AttestationCertificateProfile certificate_profile,
|
| + bool force_new_key,
|
| const CertificateCallback& callback);
|
|
|
| private:
|
| - // The key name defined for the special-purpose Enterprise Machine Key.
|
| - static const char kEnterpriseMachineKey[];
|
| -
|
| // Asynchronously initiates the attestation enrollment flow.
|
| //
|
| // Parameters
|
| @@ -130,21 +132,27 @@ class CHROMEOS_EXPORT AttestationFlow {
|
| // enrollment must complete successfully before this operation can succeed.
|
| //
|
| // Parameters
|
| - // name - The name of the key for which a certificate is requested.
|
| + // certificate_profile - Specifies what kind of certificate should be
|
| + // requested from the CA.
|
| + // generate_new_key - If set to true a new key is generated.
|
| // callback - Called when the operation completes.
|
| - void StartCertificateRequest(const std::string& name,
|
| - const CertificateCallback& callback);
|
| + void StartCertificateRequest(
|
| + const AttestationCertificateProfile certificate_profile,
|
| + bool generate_new_key,
|
| + const CertificateCallback& callback);
|
|
|
| // Called when the attestation daemon has finished creating a certificate
|
| // request for the Privacy CA. The request is asynchronously forwarded as-is
|
| // to the PCA.
|
| //
|
| // Parameters
|
| - // name - The name of the key for which a certificate is requested.
|
| + // key_type - The type of the key for which a certificate is requested.
|
| + // key_name - The name of the key for which a certificate is requested.
|
| // callback - Called when the operation completes.
|
| // success - The status of request creation.
|
| // data - The request data for the Privacy CA.
|
| - void SendCertificateRequestToPCA(const std::string& name,
|
| + void SendCertificateRequestToPCA(AttestationKeyType key_type,
|
| + const std::string& key_name,
|
| const CertificateCallback& callback,
|
| bool success,
|
| const std::string& data);
|
| @@ -154,20 +162,33 @@ class CHROMEOS_EXPORT AttestationFlow {
|
| // complete the operation.
|
| //
|
| // Parameters
|
| - // name - The name of the key for which a certificate is requested.
|
| + // key_type - The type of the key for which a certificate is requested.
|
| + // key_name - The name of the key for which a certificate is requested.
|
| // callback - Called when the operation completes.
|
| // success - The status of the Privacy CA operation.
|
| // data - The response data from the Privacy CA.
|
| - void SendCertificateResponseToDaemon(const std::string& name,
|
| + void SendCertificateResponseToDaemon(AttestationKeyType key_type,
|
| + const std::string& key_name,
|
| const CertificateCallback& callback,
|
| bool success,
|
| const std::string& data);
|
|
|
| - base::WeakPtrFactory<AttestationFlow> weak_factory_;
|
| + // Gets an existing certificate from the attestation daemon.
|
| + //
|
| + // Parameters
|
| + // key_type - The type of the key for which a certificate is requested.
|
| + // key_name - The name of the key for which a certificate is requested.
|
| + // callback - Called when the operation completes.
|
| + void GetExistingCertificate(AttestationKeyType key_type,
|
| + const std::string& key_name,
|
| + const CertificateCallback& callback);
|
| +
|
| cryptohome::AsyncMethodCaller* async_caller_;
|
| CryptohomeClient* cryptohome_client_;
|
| scoped_ptr<ServerProxy> server_proxy_;
|
|
|
| + base::WeakPtrFactory<AttestationFlow> weak_factory_;
|
| +
|
| DISALLOW_COPY_AND_ASSIGN(AttestationFlow);
|
| };
|
|
|
|
|
Chromium Code Reviews
Issue 14305009:
Enhanced and refactored the AttestationFlow interface. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src