Device enterprise registration with a certificate.

components/policy/core/common/cloud/cloud_policy_client.h

Index: components/policy/core/common/cloud/cloud_policy_client.h
diff --git a/components/policy/core/common/cloud/cloud_policy_client.h b/components/policy/core/common/cloud/cloud_policy_client.h
index 2fb9f4bdc5c24a312649adeb212d321c6e072943..a826674bbc21e99181237539e86eba2e81b9f46d 100644
--- a/components/policy/core/common/cloud/cloud_policy_client.h
+++ b/components/policy/core/common/cloud/cloud_policy_client.h
@@ -24,6 +24,10 @@
 #include "components/policy/policy_export.h"
 #include "policy/proto/device_management_backend.pb.h"
 
+namespace cryptohome {
+class AsyncMethodCaller;
+}
+
 namespace net {
 class URLRequestContextGetter;
 }
@@ -79,16 +83,29 @@ class POLICY_EXPORT CloudPolicyClient {
     virtual void OnClientError(CloudPolicyClient* client) = 0;
   };
 
+  // Data signing interface.
+  class POLICY_EXPORT SigningService {
+   public:
+    using SigningCallback = base::Callback<void(bool success,
+        enterprise_management::SignedData signed_data)>;
+
+    // Signs |data| and calls |callback| with the signed data.
+    virtual void SignData(const std::string& data,
+                          const SigningCallback& callback) = 0;
+  };
+
   // |provider| and |service| are weak pointers and it's the caller's
   // responsibility to keep them valid for the lifetime of CloudPolicyClient.
   // |verification_key_hash| contains an identifier telling the DMServer which
-  // verification key to use.
+  // verification key to use. The |signing_service| is used to sign sensitive
+  // requests.
   CloudPolicyClient(
       const std::string& machine_id,
       const std::string& machine_model,
       const std::string& verification_key_hash,
       DeviceManagementService* service,
-      scoped_refptr<net::URLRequestContextGetter> request_context);
+      scoped_refptr<net::URLRequestContextGetter> request_context,
+      SigningService* signing_service);
   virtual ~CloudPolicyClient();
 
   // Sets the DMToken, thereby establishing a registration with the server. A
@@ -107,6 +124,17 @@ class POLICY_EXPORT CloudPolicyClient {
       const std::string& requisition,
       const std::string& current_state_key);
 
+  // Attempts to register with the device management service using a
+  // registration certificate. Results in a registration change or
+  // error notification.
+  virtual void RegisterWithCertificate(
+      enterprise_management::DeviceRegisterRequest::Type registration_type,
+      enterprise_management::DeviceRegisterRequest::Flavor flavor,
+      const std::string& pem_certificate_chain,
+      const std::string& client_id,
+      const std::string& requisition,
+      const std::string& current_state_key);
+
   // Sets information about a policy invalidation. Subsequent fetch operations
   // will use the given info, and callers can use fetched_invalidation_version
   // to determine which version of policy was fetched.
@@ -269,6 +297,10 @@ class POLICY_EXPORT CloudPolicyClient {
   // Callback for retries of registration requests.
   void OnRetryRegister(DeviceManagementRequestJob* job);
 
+  // Callback for siganture of requests.
+  void OnRegisterWithCertificateRequestSigned(bool success,
+      enterprise_management::SignedData signed_data);
+
   // Callback for registration requests.
   void OnRegisterCompleted(
       DeviceManagementStatus status,
@@ -358,24 +390,27 @@ class POLICY_EXPORT CloudPolicyClient {
   std::vector<std::string> state_keys_to_upload_;
 
   std::string dm_token_;
-  DeviceMode device_mode_;
+  DeviceMode device_mode_ = DEVICE_MODE_NOT_SET;
   std::string client_id_;
-  bool submit_machine_id_;
+  bool submit_machine_id_ = false;
   base::Time last_policy_timestamp_;
-  int public_key_version_;
-  bool public_key_version_valid_;
+  int public_key_version_ = -1;
+  bool public_key_version_valid_ = false;
   std::string robot_api_auth_code_;
 
   // Information for the latest policy invalidation received.
-  int64_t invalidation_version_;
+  int64_t invalidation_version_ = 0;
   std::string invalidation_payload_;
 
   // The invalidation version used for the most recent fetch operation.
-  int64_t fetched_invalidation_version_;
+  int64_t fetched_invalidation_version_ = 0;
 
   // Used for issuing requests to the cloud.
   DeviceManagementService* service_;

[achuithb, 2016/08/24 21:46:18]

= nullptr

[The one and only Dr. Crash, 2016/08/24 22:17:52]

Done.

 
+  // Used for signing requests.
+  SigningService* signing_service_;

[achuithb, 2016/08/24 21:46:17]

= nullptr;

[The one and only Dr. Crash, 2016/08/24 22:17:52]

Done.

+
   // Only one outstanding policy fetch is allowed, so this is tracked in
   // its own member variable.
   std::unique_ptr<DeviceManagementRequestJob> policy_fetch_request_job_;
@@ -386,12 +421,17 @@ class POLICY_EXPORT CloudPolicyClient {
 
   // The policy responses returned by the last policy fetch operation.
   ResponseMap responses_;
-  DeviceManagementStatus status_;
+  DeviceManagementStatus status_ = DM_STATUS_SUCCESS;
 
   base::ObserverList<Observer, true> observers_;
   scoped_refptr<net::URLRequestContextGetter> request_context_;
 
  private:
+  void SetClientId(const std::string& client_id);
+
+  // Used to create tasks which run delayed on the UI thread.
+  base::WeakPtrFactory<CloudPolicyClient> weak_ptr_factory_;
+
   DISALLOW_COPY_AND_ASSIGN(CloudPolicyClient);
 };