| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_INITIALIZER_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_INITIALIZER_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_INITIALIZER_H_ | 6 #define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_INITIALIZER_H_ |
| 7 | 7 |
| 8 #include <bitset> | 8 #include <bitset> |
| 9 #include <memory> | 9 #include <memory> |
| 10 #include <string> | 10 #include <string> |
| 11 | 11 |
| 12 #include "base/callback_forward.h" | 12 #include "base/callback_forward.h" |
| 13 #include "base/compiler_specific.h" | 13 #include "base/compiler_specific.h" |
| 14 #include "base/macros.h" | 14 #include "base/macros.h" |
| 15 #include "base/memory/ref_counted.h" | 15 #include "base/memory/ref_counted.h" |
| 16 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" | 16 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" |
| 17 #include "components/policy/core/common/cloud/cloud_policy_client.h" | 17 #include "components/policy/core/common/cloud/cloud_policy_client.h" |
| 18 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | 18 #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
| 19 #include "components/policy/core/common/cloud/cloud_policy_store.h" | 19 #include "components/policy/core/common/cloud/cloud_policy_store.h" |
| 20 #include "components/policy/core/common/cloud/signing_service.h" |
| 20 | 21 |
| 21 class PrefService; | 22 class PrefService; |
| 22 | 23 |
| 23 namespace base { | 24 namespace base { |
| 24 class SequencedTaskRunner; | 25 class SequencedTaskRunner; |
| 25 } | 26 } |
| 26 | 27 |
| 27 namespace chromeos { | 28 namespace chromeos { |
| 28 class CryptohomeClient; | 29 namespace attestation { |
| 30 class AttestationFlow; |
| 31 } |
| 29 } | 32 } |
| 30 | 33 |
| 31 namespace cryptohome { | 34 namespace cryptohome { |
| 32 class AsyncMethodCaller; | 35 class AsyncMethodCaller; |
| 33 } | 36 } |
| 34 | 37 |
| 35 namespace policy { | 38 namespace policy { |
| 36 | 39 |
| 37 class DeviceCloudPolicyManagerChromeOS; | 40 class DeviceCloudPolicyManagerChromeOS; |
| 38 class DeviceCloudPolicyStoreChromeOS; | 41 class DeviceCloudPolicyStoreChromeOS; |
| (...skipping 13 matching lines...) Expand all Loading... |
| 52 // |background_task_runner| is used to execute long-running background tasks | 55 // |background_task_runner| is used to execute long-running background tasks |
| 53 // that may involve file I/O. | 56 // that may involve file I/O. |
| 54 DeviceCloudPolicyInitializer( | 57 DeviceCloudPolicyInitializer( |
| 55 PrefService* local_state, | 58 PrefService* local_state, |
| 56 DeviceManagementService* enterprise_service, | 59 DeviceManagementService* enterprise_service, |
| 57 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner, | 60 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner, |
| 58 EnterpriseInstallAttributes* install_attributes, | 61 EnterpriseInstallAttributes* install_attributes, |
| 59 ServerBackedStateKeysBroker* state_keys_broker, | 62 ServerBackedStateKeysBroker* state_keys_broker, |
| 60 DeviceCloudPolicyStoreChromeOS* device_store, | 63 DeviceCloudPolicyStoreChromeOS* device_store, |
| 61 DeviceCloudPolicyManagerChromeOS* manager, | 64 DeviceCloudPolicyManagerChromeOS* manager, |
| 62 cryptohome::AsyncMethodCaller* async_caller, | 65 cryptohome::AsyncMethodCaller* async_method_caller, |
| 63 chromeos::CryptohomeClient* cryptohome_client); | 66 std::unique_ptr<chromeos::attestation::AttestationFlow> attestation_flow); |
| 64 | 67 |
| 65 ~DeviceCloudPolicyInitializer() override; | 68 ~DeviceCloudPolicyInitializer() override; |
| 66 | 69 |
| 67 virtual void Init(); | 70 virtual void Init(); |
| 68 virtual void Shutdown(); | 71 virtual void Shutdown(); |
| 69 | 72 |
| 70 // Starts enrollment or re-enrollment. Once the enrollment process completes, | 73 // Starts enrollment or re-enrollment. Once the enrollment process completes, |
| 71 // |enrollment_callback| is invoked and gets passed the status of the | 74 // |enrollment_callback| is invoked and gets passed the status of the |
| 72 // operation. | 75 // operation. |
| 73 // |allowed_modes| specifies acceptable DEVICE_MODE_* constants for | 76 // |allowed_modes| specifies acceptable DEVICE_MODE_* constants for |
| (...skipping 14 matching lines...) Expand all Loading... |
| 88 // enrollment recovery, or already-present install attributes. Note that | 91 // enrollment recovery, or already-present install attributes. Note that |
| 89 // |config.management_domain| may be non-empty even if |config.mode| is | 92 // |config.management_domain| may be non-empty even if |config.mode| is |
| 90 // MODE_NONE. | 93 // MODE_NONE. |
| 91 EnrollmentConfig GetPrescribedEnrollmentConfig() const; | 94 EnrollmentConfig GetPrescribedEnrollmentConfig() const; |
| 92 | 95 |
| 93 // CloudPolicyStore::Observer: | 96 // CloudPolicyStore::Observer: |
| 94 void OnStoreLoaded(CloudPolicyStore* store) override; | 97 void OnStoreLoaded(CloudPolicyStore* store) override; |
| 95 void OnStoreError(CloudPolicyStore* store) override; | 98 void OnStoreError(CloudPolicyStore* store) override; |
| 96 | 99 |
| 97 private: | 100 private: |
| 101 // Signing class implemting the policy::SigningService interface to |
| 102 // sign data using the enrollment certificate's TPM-bound key. |
| 103 class TpmEnrollmentKeySigningService : public policy::SigningService { |
| 104 public: |
| 105 TpmEnrollmentKeySigningService( |
| 106 cryptohome::AsyncMethodCaller* async_method_caller); |
| 107 ~TpmEnrollmentKeySigningService(); |
| 108 |
| 109 void SignData(const std::string& data, |
| 110 const SigningCallback& callback) override; |
| 111 |
| 112 private: |
| 113 void OnDataSigned(const std::string& data, |
| 114 const SigningCallback& callback, |
| 115 bool success, |
| 116 const std::string& signed_data); |
| 117 |
| 118 cryptohome::AsyncMethodCaller* async_method_caller_; |
| 119 |
| 120 // Used to create tasks which run delayed on the UI thread. |
| 121 base::WeakPtrFactory<TpmEnrollmentKeySigningService> weak_ptr_factory_; |
| 122 }; |
| 123 |
| 98 // Handles completion signaled by |enrollment_handler_|. | 124 // Handles completion signaled by |enrollment_handler_|. |
| 99 void EnrollmentCompleted(const EnrollmentCallback& enrollment_callback, | 125 void EnrollmentCompleted(const EnrollmentCallback& enrollment_callback, |
| 100 EnrollmentStatus status); | 126 EnrollmentStatus status); |
| 101 | 127 |
| 102 // Creates a new CloudPolicyClient. | 128 // Creates a new CloudPolicyClient. |
| 103 std::unique_ptr<CloudPolicyClient> CreateClient( | 129 std::unique_ptr<CloudPolicyClient> CreateClient( |
| 104 DeviceManagementService* device_management_service); | 130 DeviceManagementService* device_management_service); |
| 105 | 131 |
| 106 void TryToCreateClient(); | 132 void TryToCreateClient(); |
| 107 void StartConnection(std::unique_ptr<CloudPolicyClient> client); | 133 void StartConnection(std::unique_ptr<CloudPolicyClient> client); |
| 108 | 134 |
| 109 PrefService* local_state_; | 135 PrefService* local_state_; |
| 110 DeviceManagementService* enterprise_service_; | 136 DeviceManagementService* enterprise_service_; |
| 111 scoped_refptr<base::SequencedTaskRunner> background_task_runner_; | 137 scoped_refptr<base::SequencedTaskRunner> background_task_runner_; |
| 112 EnterpriseInstallAttributes* install_attributes_; | 138 EnterpriseInstallAttributes* install_attributes_; |
| 113 ServerBackedStateKeysBroker* state_keys_broker_; | 139 ServerBackedStateKeysBroker* state_keys_broker_; |
| 114 DeviceCloudPolicyStoreChromeOS* device_store_; | 140 DeviceCloudPolicyStoreChromeOS* device_store_; |
| 115 DeviceCloudPolicyManagerChromeOS* manager_; | 141 DeviceCloudPolicyManagerChromeOS* manager_; |
| 116 cryptohome::AsyncMethodCaller* async_method_caller_; | 142 std::unique_ptr<chromeos::attestation::AttestationFlow> attestation_flow_; |
| 117 chromeos::CryptohomeClient* cryptohome_client_; | 143 bool is_initialized_ = false; |
| 118 bool is_initialized_; | |
| 119 | 144 |
| 120 // Non-NULL if there is an enrollment operation pending. | 145 // Non-NULL if there is an enrollment operation pending. |
| 121 std::unique_ptr<EnrollmentHandlerChromeOS> enrollment_handler_; | 146 std::unique_ptr<EnrollmentHandlerChromeOS> enrollment_handler_; |
| 122 | 147 |
| 123 ServerBackedStateKeysBroker::Subscription state_keys_update_subscription_; | 148 ServerBackedStateKeysBroker::Subscription state_keys_update_subscription_; |
| 124 | 149 |
| 150 // Our signing service. |
| 151 TpmEnrollmentKeySigningService signing_service_; |
| 152 |
| 125 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyInitializer); | 153 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyInitializer); |
| 126 }; | 154 }; |
| 127 | 155 |
| 128 } // namespace policy | 156 } // namespace policy |
| 129 | 157 |
| 130 #endif // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_INITIALIZER_H_ | 158 #endif // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_INITIALIZER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2276593004:
Device registration using an enrollment certificate from the PCA. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master