Chromium Code Reviews Chromium Code Reviews
Issue 2186623002:
Minimal attestation-based enrollment flow. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/chromeos/login/enrollment/enrollment_screen.cc |
| diff --git a/chrome/browser/chromeos/login/enrollment/enrollment_screen.cc b/chrome/browser/chromeos/login/enrollment/enrollment_screen.cc |
| index 09b46e20989ac864de6936189a069a106e0f1bbf..493527bf840b5f91fac60a0ab56787e055defa38 100644 |
| --- a/chrome/browser/chromeos/login/enrollment/enrollment_screen.cc |
| +++ b/chrome/browser/chromeos/login/enrollment/enrollment_screen.cc |
| @@ -27,6 +27,7 @@ |
| #include "google_apis/gaia/gaia_auth_util.h" |
| using namespace pairing_chromeos; |
| +using policy::EnrollmentConfig; |
| // Do not change the UMA histogram parameters without renaming the histograms! |
| #define UMA_ENROLLMENT_TIME(histogram_name, elapsed_timer) \ |
| @@ -63,9 +64,10 @@ EnrollmentScreen::EnrollmentScreen(BaseScreenDelegate* base_screen_delegate, |
| : BaseScreen(base_screen_delegate), |
| shark_controller_(NULL), |
|
achuithb
2016/08/23 18:16:44
We prefer in-class initialization. Also, change th
The one and only Dr. Crash
2016/08/23 21:24:18
Done.
|
| actor_(actor), |
| + current_auth_(AUTH_OAUTH), |
| + last_auth_(AUTH_OAUTH), |
| enrollment_failed_once_(false), |
| - weak_ptr_factory_(this) { |
| -} |
| + weak_ptr_factory_(this) {} |
| EnrollmentScreen::~EnrollmentScreen() { |
| DCHECK(!enrollment_helper_ || g_browser_process->IsShuttingDown()); |
| @@ -75,14 +77,51 @@ void EnrollmentScreen::SetParameters( |
| const policy::EnrollmentConfig& enrollment_config, |
| pairing_chromeos::ControllerPairingController* shark_controller) { |
| enrollment_config_ = enrollment_config; |
| + switch (enrollment_config_.auth_mechanism) { |
| + case EnrollmentConfig::AUTH_MECHANISM_INTERACTIVE: |
| + current_auth_ = AUTH_OAUTH; |
| + last_auth_ = AUTH_OAUTH; |
| + break; |
| + case EnrollmentConfig::AUTH_MECHANISM_ATTESTATION: |
| + current_auth_ = AUTH_ATTESTATION; |
| + last_auth_ = AUTH_ATTESTATION; |
| + break; |
| + case EnrollmentConfig::AUTH_MECHANISM_BEST_AVAILABLE: |
| + current_auth_ = AUTH_ATTESTATION; |
| + last_auth_ = enrollment_config_.should_enroll_interactively() |
| + ? AUTH_OAUTH |
| + : AUTH_ATTESTATION; |
| + break; |
| + } |
| shark_controller_ = shark_controller; |
| - actor_->SetParameters(this, enrollment_config_); |
| + SetConfig(); |
| +} |
| + |
| +void EnrollmentScreen::SetConfig() { |
| + config_ = enrollment_config_; |
| + if (current_auth_ == AUTH_ATTESTATION) { |
| + config_.mode = enrollment_config_.is_attestation_forced() |
| + ? policy::EnrollmentConfig::MODE_ATTESTATION_FORCED |
| + : policy::EnrollmentConfig::MODE_ATTESTATION; |
| + } |
| + actor_->SetParameters(this, config_); |
| + enrollment_helper_ = nullptr; |
| +} |
| + |
| +bool EnrollmentScreen::AdvanceToNextAuth() { |
| + if (current_auth_ != last_auth_ && current_auth_ == AUTH_ATTESTATION) { |
|
achuithb
2016/08/23 18:16:44
I would reverse this and do an early exit with ret
|
| + current_auth_ = AUTH_OAUTH; |
| + SetConfig(); |
| + return true; |
| + } |
| + return false; |
| } |
| void EnrollmentScreen::CreateEnrollmentHelper() { |
| - DCHECK(!enrollment_helper_); |
| - enrollment_helper_ = EnterpriseEnrollmentHelper::Create( |
| - this, enrollment_config_, enrolling_user_domain_); |
| + if (!enrollment_helper_) { |
| + enrollment_helper_ = EnterpriseEnrollmentHelper::Create( |
| + this, config_, enrolling_user_domain_); |
| + } |
| } |
| void EnrollmentScreen::ClearAuth(const base::Closure& callback) { |
| @@ -96,7 +135,7 @@ void EnrollmentScreen::ClearAuth(const base::Closure& callback) { |
| } |
| void EnrollmentScreen::OnAuthCleared(const base::Closure& callback) { |
| - enrollment_helper_.reset(); |
| + enrollment_helper_ = nullptr; |
| callback.Run(); |
| } |
| @@ -106,6 +145,17 @@ void EnrollmentScreen::PrepareToShow() { |
| void EnrollmentScreen::Show() { |
| UMA(policy::kMetricEnrollmentTriggered); |
| + switch (current_auth_) { |
| + case AUTH_OAUTH: |
| + ShowInteractiveScreen(); |
| + break; |
| + case AUTH_ATTESTATION: |
| + AuthenticateUsingAttestation(); |
| + break; |
| + } |
|
achuithb
2016/08/23 18:16:44
Add default with NOTREACHED() to future proof
The one and only Dr. Crash
2016/08/23 21:24:18
Done.
|
| +} |
| + |
| +void EnrollmentScreen::ShowInteractiveScreen() { |
| ClearAuth(base::Bind(&EnrollmentScreen::ShowSigninScreen, |
| weak_ptr_factory_.GetWeakPtr())); |
| } |
| @@ -119,6 +169,15 @@ std::string EnrollmentScreen::GetName() const { |
| return WizardController::kEnrollmentScreenName; |
| } |
| +void EnrollmentScreen::AuthenticateUsingAttestation() { |
| + VLOG(1) << "Authenticating using attestation."; |
| + elapsed_timer_.reset(new base::ElapsedTimer()); |
| + actor_->Show(); |
| + actor_->ShowEnrollmentSpinnerScreen(); |
| + CreateEnrollmentHelper(); |
| + enrollment_helper_->EnrollUsingAttestation(); |
| +} |
| + |
| void EnrollmentScreen::OnLoginDone(const std::string& user, |
| const std::string& auth_code) { |
| LOG_IF(ERROR, auth_code.empty()) << "Auth code is empty."; |
| @@ -135,19 +194,22 @@ void EnrollmentScreen::OnLoginDone(const std::string& user, |
| } |
| void EnrollmentScreen::OnRetry() { |
| - ClearAuth(base::Bind(&EnrollmentScreen::ShowSigninScreen, |
| - weak_ptr_factory_.GetWeakPtr())); |
| + Show(); |
| } |
| void EnrollmentScreen::OnCancel() { |
| + if (AdvanceToNextAuth()) { |
| + Show(); |
| + return; |
| + } |
| + |
| UMA(policy::kMetricEnrollmentCancelled); |
| if (elapsed_timer_) |
| UMA_ENROLLMENT_TIME(kMetricEnrollmentTimeCancel, elapsed_timer_); |
| const BaseScreenDelegate::ExitCodes exit_code = |
| - enrollment_config_.is_forced() |
| - ? BaseScreenDelegate::ENTERPRISE_ENROLLMENT_BACK |
| - : BaseScreenDelegate::ENTERPRISE_ENROLLMENT_COMPLETED; |
| + config_.is_forced() ? BaseScreenDelegate::ENTERPRISE_ENROLLMENT_BACK |
| + : BaseScreenDelegate::ENTERPRISE_ENROLLMENT_COMPLETED; |
| ClearAuth( |
| base::Bind(&EnrollmentScreen::Finish, base::Unretained(this), exit_code)); |
| } |
| @@ -252,7 +314,7 @@ void EnrollmentScreen::ShowEnrollmentStatusOnSuccess() { |
| } |
| void EnrollmentScreen::UMA(policy::MetricEnrollment sample) { |
| - EnrollmentUMA(sample, enrollment_config_.mode); |
| + EnrollmentUMA(sample, config_.mode); |
| } |
| void EnrollmentScreen::ShowSigninScreen() { |
| @@ -262,6 +324,7 @@ void EnrollmentScreen::ShowSigninScreen() { |
| void EnrollmentScreen::OnAnyEnrollmentError() { |
| enrollment_failed_once_ = true; |
| + // TODO(drcrash): Maybe create multiple metrics for attestation vs oauth? |
|
achuithb
2016/08/23 18:16:44
File a bug and reference it here.
The one and only Dr. Crash
2016/08/23 21:24:18
Done.
|
| if (elapsed_timer_) |
| UMA_ENROLLMENT_TIME(kMetricEnrollmentTimeFailure, elapsed_timer_); |
| } |
