| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ | 6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ |
| 7 | 7 |
| 8 #include <memory> | 8 #include <memory> |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| (...skipping 10 matching lines...) Expand all Loading... |
| 21 #include "components/policy/core/common/cloud/cloud_policy_store.h" | 21 #include "components/policy/core/common/cloud/cloud_policy_store.h" |
| 22 #include "google_apis/gaia/gaia_oauth_client.h" | 22 #include "google_apis/gaia/gaia_oauth_client.h" |
| 23 #include "policy/proto/device_management_backend.pb.h" | 23 #include "policy/proto/device_management_backend.pb.h" |
| 24 | 24 |
| 25 namespace base { | 25 namespace base { |
| 26 class SequencedTaskRunner; | 26 class SequencedTaskRunner; |
| 27 } | 27 } |
| 28 | 28 |
| 29 namespace chromeos { | 29 namespace chromeos { |
| 30 class CryptohomeClient; | 30 class CryptohomeClient; |
| 31 |
| 32 namespace attestation { |
| 33 class AttestationFlow; |
| 34 } |
| 31 } | 35 } |
| 32 | 36 |
| 33 namespace cryptohome { | 37 namespace cryptohome { |
| 34 class AsyncMethodCaller; | 38 class AsyncMethodCaller; |
| 35 } | 39 } |
| 36 | 40 |
| 37 namespace policy { | 41 namespace policy { |
| 38 | 42 |
| 39 class DeviceCloudPolicyStoreChromeOS; | 43 class DeviceCloudPolicyStoreChromeOS; |
| 40 class ServerBackedStateKeysBroker; | 44 class ServerBackedStateKeysBroker; |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 118 STEP_VALIDATION, // Policy validation. | 122 STEP_VALIDATION, // Policy validation. |
| 119 STEP_ROBOT_AUTH_FETCH, // Fetching device API auth code. | 123 STEP_ROBOT_AUTH_FETCH, // Fetching device API auth code. |
| 120 STEP_ROBOT_AUTH_REFRESH, // Fetching device API refresh token. | 124 STEP_ROBOT_AUTH_REFRESH, // Fetching device API refresh token. |
| 121 STEP_LOCK_DEVICE, // Writing installation-time attributes. | 125 STEP_LOCK_DEVICE, // Writing installation-time attributes. |
| 122 STEP_STORE_TOKEN_AND_ID, // Storing DM token and virtual device ID. | 126 STEP_STORE_TOKEN_AND_ID, // Storing DM token and virtual device ID. |
| 123 STEP_STORE_ROBOT_AUTH, // Encrypting & writing robot refresh token. | 127 STEP_STORE_ROBOT_AUTH, // Encrypting & writing robot refresh token. |
| 124 STEP_STORE_POLICY, // Storing policy and API refresh token. | 128 STEP_STORE_POLICY, // Storing policy and API refresh token. |
| 125 STEP_FINISHED, // Enrollment process finished, no further action. | 129 STEP_FINISHED, // Enrollment process finished, no further action. |
| 126 }; | 130 }; |
| 127 | 131 |
| 128 // Handles the response to the attestation flow requesting a registration | 132 // Handles the response to a request for server-backed state keys. |
| 129 // certificate. | 133 void HandleStateKeysResult(const std::vector<std::string>& state_keys); |
| 134 |
| 135 // Starts attestation based enrollment flow. |
| 136 void StartAttestationBasedEnrollmentFlow(); |
| 137 |
| 138 // Handles the response to a request for a registration certificate. |
| 130 void HandleRegistrationCertificateResult( | 139 void HandleRegistrationCertificateResult( |
| 131 bool success, | 140 bool success, |
| 132 const std::string& pem_certificate_chain); | 141 const std::string& pem_certificate_chain); |
| 133 // Handles the response to a request for server-backed state keys. | |
| 134 void HandleStateKeysResult(const std::vector<std::string>& state_keys); | |
| 135 | 142 |
| 136 // Starts registration if the store is initialized. | 143 // Starts registration if the store is initialized. |
| 137 void StartRegistration(); | 144 void StartRegistration(); |
| 138 | 145 |
| 139 // Handles the policy validation result, proceeding with device lock if | 146 // Handles the policy validation result, proceeding with device lock if |
| 140 // successful. | 147 // successful. |
| 141 void HandlePolicyValidationResult(DeviceCloudPolicyValidator* validator); | 148 void HandlePolicyValidationResult(DeviceCloudPolicyValidator* validator); |
| 142 | 149 |
| 143 // Calls InstallAttributes::LockDevice() for enterprise enrollment and | 150 // Calls InstallAttributes::LockDevice() for enterprise enrollment and |
| 144 // DeviceSettingsService::SetManagementSettings() for consumer | 151 // DeviceSettingsService::SetManagementSettings() for consumer |
| (...skipping 21 matching lines...) Expand all Loading... |
| 166 void ReportResult(EnrollmentStatus status); | 173 void ReportResult(EnrollmentStatus status); |
| 167 | 174 |
| 168 DeviceCloudPolicyStoreChromeOS* store_; | 175 DeviceCloudPolicyStoreChromeOS* store_; |
| 169 EnterpriseInstallAttributes* install_attributes_; | 176 EnterpriseInstallAttributes* install_attributes_; |
| 170 ServerBackedStateKeysBroker* state_keys_broker_; | 177 ServerBackedStateKeysBroker* state_keys_broker_; |
| 171 cryptohome::AsyncMethodCaller* async_method_caller_; | 178 cryptohome::AsyncMethodCaller* async_method_caller_; |
| 172 chromeos::CryptohomeClient* cryptohome_client_; | 179 chromeos::CryptohomeClient* cryptohome_client_; |
| 173 std::unique_ptr<CloudPolicyClient> client_; | 180 std::unique_ptr<CloudPolicyClient> client_; |
| 174 scoped_refptr<base::SequencedTaskRunner> background_task_runner_; | 181 scoped_refptr<base::SequencedTaskRunner> background_task_runner_; |
| 175 std::unique_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_; | 182 std::unique_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_; |
| 183 std::unique_ptr<chromeos::attestation::AttestationFlow> attestation_flow_; |
| 176 | 184 |
| 177 EnrollmentConfig enrollment_config_; | 185 EnrollmentConfig enrollment_config_; |
| 178 std::string auth_token_; | 186 std::string auth_token_; |
| 179 std::string client_id_; | 187 std::string client_id_; |
| 180 std::string requisition_; | 188 std::string requisition_; |
| 181 AllowedDeviceModes allowed_device_modes_; | 189 AllowedDeviceModes allowed_device_modes_; |
| 182 EnrollmentCallback completion_callback_; | 190 EnrollmentCallback completion_callback_; |
| 183 | 191 |
| 184 // The current state key provided by |state_keys_broker_|. | 192 // The current state key provided by |state_keys_broker_|. |
| 185 std::string current_state_key_; | 193 std::string current_state_key_; |
| (...skipping 21 matching lines...) Expand all Loading... |
| 207 int lockbox_init_duration_; | 215 int lockbox_init_duration_; |
| 208 | 216 |
| 209 base::WeakPtrFactory<EnrollmentHandlerChromeOS> weak_ptr_factory_; | 217 base::WeakPtrFactory<EnrollmentHandlerChromeOS> weak_ptr_factory_; |
| 210 | 218 |
| 211 DISALLOW_COPY_AND_ASSIGN(EnrollmentHandlerChromeOS); | 219 DISALLOW_COPY_AND_ASSIGN(EnrollmentHandlerChromeOS); |
| 212 }; | 220 }; |
| 213 | 221 |
| 214 } // namespace policy | 222 } // namespace policy |
| 215 | 223 |
| 216 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ | 224 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2186623002:
Minimal attestation-based enrollment flow. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master