| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/attestation/attestation_flow.h" | 5 #include "chromeos/attestation/attestation_flow.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "chromeos/cryptohome/async_method_caller.h" | 10 #include "chromeos/cryptohome/async_method_caller.h" |
| 11 #include "chromeos/cryptohome/cryptohome_parameters.h" |
| 11 #include "chromeos/dbus/cryptohome_client.h" | 12 #include "chromeos/dbus/cryptohome_client.h" |
| 13 #include "components/signin/core/account_id/account_id.h" |
| 12 | 14 |
| 13 namespace chromeos { | 15 namespace chromeos { |
| 14 namespace attestation { | 16 namespace attestation { |
| 15 | 17 |
| 16 namespace { | 18 namespace { |
| 17 | 19 |
| 18 // Redirects to one of three callbacks based on a boolean value and dbus call | 20 // Redirects to one of three callbacks based on a boolean value and dbus call |
| 19 // status. | 21 // status. |
| 20 // | 22 // |
| 21 // Parameters | 23 // Parameters |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 90 : async_caller_(async_caller), | 92 : async_caller_(async_caller), |
| 91 cryptohome_client_(cryptohome_client), | 93 cryptohome_client_(cryptohome_client), |
| 92 server_proxy_(std::move(server_proxy)), | 94 server_proxy_(std::move(server_proxy)), |
| 93 weak_factory_(this) {} | 95 weak_factory_(this) {} |
| 94 | 96 |
| 95 AttestationFlow::~AttestationFlow() { | 97 AttestationFlow::~AttestationFlow() { |
| 96 } | 98 } |
| 97 | 99 |
| 98 void AttestationFlow::GetCertificate( | 100 void AttestationFlow::GetCertificate( |
| 99 AttestationCertificateProfile certificate_profile, | 101 AttestationCertificateProfile certificate_profile, |
| 100 const std::string& user_id, | 102 const AccountId& account_id, |
| 101 const std::string& request_origin, | 103 const std::string& request_origin, |
| 102 bool force_new_key, | 104 bool force_new_key, |
| 103 const CertificateCallback& callback) { | 105 const CertificateCallback& callback) { |
| 104 // If this device has not enrolled with the Privacy CA, we need to do that | 106 // If this device has not enrolled with the Privacy CA, we need to do that |
| 105 // first. Once enrolled we can proceed with the certificate request. | 107 // first. Once enrolled we can proceed with the certificate request. |
| 106 base::Closure do_cert_request = base::Bind( | 108 base::Closure do_cert_request = base::Bind( |
| 107 &AttestationFlow::StartCertificateRequest, | 109 &AttestationFlow::StartCertificateRequest, weak_factory_.GetWeakPtr(), |
| 108 weak_factory_.GetWeakPtr(), | 110 certificate_profile, account_id, request_origin, force_new_key, callback); |
| 109 certificate_profile, | |
| 110 user_id, | |
| 111 request_origin, | |
| 112 force_new_key, | |
| 113 callback); | |
| 114 base::Closure on_enroll_failure = base::Bind(callback, false, ""); | 111 base::Closure on_enroll_failure = base::Bind(callback, false, ""); |
| 115 base::Closure do_enroll = base::Bind(&AttestationFlow::StartEnroll, | 112 base::Closure do_enroll = base::Bind(&AttestationFlow::StartEnroll, |
| 116 weak_factory_.GetWeakPtr(), | 113 weak_factory_.GetWeakPtr(), |
| 117 on_enroll_failure, | 114 on_enroll_failure, |
| 118 do_cert_request); | 115 do_cert_request); |
| 119 cryptohome_client_->TpmAttestationIsEnrolled(base::Bind( | 116 cryptohome_client_->TpmAttestationIsEnrolled(base::Bind( |
| 120 &DBusBoolRedirectCallback, | 117 &DBusBoolRedirectCallback, |
| 121 do_cert_request, // If enrolled, proceed with cert request. | 118 do_cert_request, // If enrolled, proceed with cert request. |
| 122 do_enroll, // If not enrolled, initiate enrollment. | 119 do_enroll, // If not enrolled, initiate enrollment. |
| 123 on_enroll_failure)); | 120 on_enroll_failure)); |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 187 return; | 184 return; |
| 188 } | 185 } |
| 189 | 186 |
| 190 // Enrollment has successfully completed, we can move on to whatever is next. | 187 // Enrollment has successfully completed, we can move on to whatever is next. |
| 191 if (!next_task.is_null()) | 188 if (!next_task.is_null()) |
| 192 next_task.Run(); | 189 next_task.Run(); |
| 193 } | 190 } |
| 194 | 191 |
| 195 void AttestationFlow::StartCertificateRequest( | 192 void AttestationFlow::StartCertificateRequest( |
| 196 AttestationCertificateProfile certificate_profile, | 193 AttestationCertificateProfile certificate_profile, |
| 197 const std::string& user_id, | 194 const AccountId& account_id, |
| 198 const std::string& request_origin, | 195 const std::string& request_origin, |
| 199 bool generate_new_key, | 196 bool generate_new_key, |
| 200 const CertificateCallback& callback) { | 197 const CertificateCallback& callback) { |
| 201 AttestationKeyType key_type = GetKeyTypeForProfile(certificate_profile); | 198 AttestationKeyType key_type = GetKeyTypeForProfile(certificate_profile); |
| 202 std::string key_name = GetKeyNameForProfile(certificate_profile, | 199 std::string key_name = GetKeyNameForProfile(certificate_profile, |
| 203 request_origin); | 200 request_origin); |
| 204 if (generate_new_key) { | 201 if (generate_new_key) { |
| 205 // Get the attestation service to create a Privacy CA certificate request. | 202 // Get the attestation service to create a Privacy CA certificate request. |
| 206 async_caller_->AsyncTpmAttestationCreateCertRequest( | 203 async_caller_->AsyncTpmAttestationCreateCertRequest( |
| 207 server_proxy_->GetType(), | 204 server_proxy_->GetType(), certificate_profile, |
| 208 certificate_profile, | 205 cryptohome::Identification(account_id), request_origin, |
| 209 user_id, | |
| 210 request_origin, | |
| 211 base::Bind(&AttestationFlow::SendCertificateRequestToPCA, | 206 base::Bind(&AttestationFlow::SendCertificateRequestToPCA, |
| 212 weak_factory_.GetWeakPtr(), | 207 weak_factory_.GetWeakPtr(), key_type, account_id, key_name, |
| 213 key_type, | |
| 214 user_id, | |
| 215 key_name, | |
| 216 callback)); | 208 callback)); |
| 217 } else { | 209 } else { |
| 218 // If the key already exists, query the existing certificate. | 210 // If the key already exists, query the existing certificate. |
| 219 base::Closure on_key_exists = base::Bind( | 211 base::Closure on_key_exists = base::Bind( |
| 220 &AttestationFlow::GetExistingCertificate, | 212 &AttestationFlow::GetExistingCertificate, weak_factory_.GetWeakPtr(), |
| 221 weak_factory_.GetWeakPtr(), | 213 key_type, account_id, key_name, callback); |
| 222 key_type, | |
| 223 user_id, | |
| 224 key_name, | |
| 225 callback); | |
| 226 // If the key does not exist, call this method back with |generate_new_key| | 214 // If the key does not exist, call this method back with |generate_new_key| |
| 227 // set to true. | 215 // set to true. |
| 228 base::Closure on_key_not_exists = base::Bind( | 216 base::Closure on_key_not_exists = base::Bind( |
| 229 &AttestationFlow::StartCertificateRequest, | 217 &AttestationFlow::StartCertificateRequest, weak_factory_.GetWeakPtr(), |
| 230 weak_factory_.GetWeakPtr(), | 218 certificate_profile, account_id, request_origin, true, callback); |
| 231 certificate_profile, | |
| 232 user_id, | |
| 233 request_origin, | |
| 234 true, | |
| 235 callback); | |
| 236 cryptohome_client_->TpmAttestationDoesKeyExist( | 219 cryptohome_client_->TpmAttestationDoesKeyExist( |
| 237 key_type, | 220 key_type, cryptohome::Identification(account_id), key_name, |
| 238 user_id, | 221 base::Bind(&DBusBoolRedirectCallback, on_key_exists, on_key_not_exists, |
| 239 key_name, | 222 base::Bind(callback, false, ""))); |
| 240 base::Bind(&DBusBoolRedirectCallback, | |
| 241 on_key_exists, | |
| 242 on_key_not_exists, | |
| 243 base::Bind(callback, false, ""))); | |
| 244 } | 223 } |
| 245 } | 224 } |
| 246 | 225 |
| 247 void AttestationFlow::SendCertificateRequestToPCA( | 226 void AttestationFlow::SendCertificateRequestToPCA( |
| 248 AttestationKeyType key_type, | 227 AttestationKeyType key_type, |
| 249 const std::string& user_id, | 228 const AccountId& account_id, |
| 250 const std::string& key_name, | 229 const std::string& key_name, |
| 251 const CertificateCallback& callback, | 230 const CertificateCallback& callback, |
| 252 bool success, | 231 bool success, |
| 253 const std::string& data) { | 232 const std::string& data) { |
| 254 if (!success) { | 233 if (!success) { |
| 255 LOG(ERROR) << "Attestation: Failed to create certificate request."; | 234 LOG(ERROR) << "Attestation: Failed to create certificate request."; |
| 256 if (!callback.is_null()) | 235 if (!callback.is_null()) |
| 257 callback.Run(false, ""); | 236 callback.Run(false, ""); |
| 258 return; | 237 return; |
| 259 } | 238 } |
| 260 | 239 |
| 261 // Send the request to the Privacy CA. | 240 // Send the request to the Privacy CA. |
| 262 server_proxy_->SendCertificateRequest( | 241 server_proxy_->SendCertificateRequest( |
| 263 data, | 242 data, base::Bind(&AttestationFlow::SendCertificateResponseToDaemon, |
| 264 base::Bind(&AttestationFlow::SendCertificateResponseToDaemon, | 243 weak_factory_.GetWeakPtr(), key_type, account_id, |
| 265 weak_factory_.GetWeakPtr(), | 244 key_name, callback)); |
| 266 key_type, | |
| 267 user_id, | |
| 268 key_name, | |
| 269 callback)); | |
| 270 } | 245 } |
| 271 | 246 |
| 272 void AttestationFlow::SendCertificateResponseToDaemon( | 247 void AttestationFlow::SendCertificateResponseToDaemon( |
| 273 AttestationKeyType key_type, | 248 AttestationKeyType key_type, |
| 274 const std::string& user_id, | 249 const AccountId& account_id, |
| 275 const std::string& key_name, | 250 const std::string& key_name, |
| 276 const CertificateCallback& callback, | 251 const CertificateCallback& callback, |
| 277 bool success, | 252 bool success, |
| 278 const std::string& data) { | 253 const std::string& data) { |
| 279 if (!success) { | 254 if (!success) { |
| 280 LOG(ERROR) << "Attestation: Certificate request failed."; | 255 LOG(ERROR) << "Attestation: Certificate request failed."; |
| 281 if (!callback.is_null()) | 256 if (!callback.is_null()) |
| 282 callback.Run(false, ""); | 257 callback.Run(false, ""); |
| 283 return; | 258 return; |
| 284 } | 259 } |
| 285 | 260 |
| 286 // Forward the response to the attestation service to complete the operation. | 261 // Forward the response to the attestation service to complete the operation. |
| 287 async_caller_->AsyncTpmAttestationFinishCertRequest(data, | 262 async_caller_->AsyncTpmAttestationFinishCertRequest( |
| 288 key_type, | 263 data, key_type, cryptohome::Identification(account_id), key_name, |
| 289 user_id, | 264 base::Bind(callback)); |
| 290 key_name, | |
| 291 base::Bind(callback)); | |
| 292 } | 265 } |
| 293 | 266 |
| 294 void AttestationFlow::GetExistingCertificate( | 267 void AttestationFlow::GetExistingCertificate( |
| 295 AttestationKeyType key_type, | 268 AttestationKeyType key_type, |
| 296 const std::string& user_id, | 269 const AccountId& account_id, |
| 297 const std::string& key_name, | 270 const std::string& key_name, |
| 298 const CertificateCallback& callback) { | 271 const CertificateCallback& callback) { |
| 299 cryptohome_client_->TpmAttestationGetCertificate( | 272 cryptohome_client_->TpmAttestationGetCertificate( |
| 300 key_type, | 273 key_type, cryptohome::Identification(account_id), key_name, |
| 301 user_id, | |
| 302 key_name, | |
| 303 base::Bind(&DBusDataMethodCallback, callback)); | 274 base::Bind(&DBusDataMethodCallback, callback)); |
| 304 } | 275 } |
| 305 | 276 |
| 306 ServerProxy::~ServerProxy() {} | 277 ServerProxy::~ServerProxy() {} |
| 307 | 278 |
| 308 PrivacyCAType ServerProxy::GetType() { | 279 PrivacyCAType ServerProxy::GetType() { |
| 309 return DEFAULT_PCA; | 280 return DEFAULT_PCA; |
| 310 } | 281 } |
| 311 | 282 |
| 312 } // namespace attestation | 283 } // namespace attestation |
| 313 } // namespace chromeos | 284 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1693383003:
ChromeOS cryptohome should be able to use gaia id as user identifier. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master