| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h" | 5 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| 11 #include "base/callback.h" | 11 #include "base/callback.h" |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/memory/ptr_util.h" | 13 #include "base/memory/ptr_util.h" |
| 14 #include "base/sequenced_task_runner.h" | 14 #include "base/sequenced_task_runner.h" |
| 15 #include "base/values.h" | 15 #include "base/values.h" |
| 16 #include "chrome/browser/browser_process.h" | 16 #include "chrome/browser/browser_process.h" |
| 17 #include "chrome/browser/chromeos/attestation/attestation_ca_client.h" |
| 18 #include "chrome/browser/chromeos/attestation/attestation_signed_data.pb.h" |
| 17 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" | 19 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" |
| 18 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" | 20 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" |
| 19 #include "chrome/browser/chromeos/policy/device_status_collector.h" | 21 #include "chrome/browser/chromeos/policy/device_status_collector.h" |
| 20 #include "chrome/browser/chromeos/policy/enrollment_config.h" | 22 #include "chrome/browser/chromeos/policy/enrollment_config.h" |
| 21 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" | 23 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" |
| 22 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h" | 24 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h" |
| 23 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" | 25 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" |
| 24 #include "chrome/browser/chromeos/policy/server_backed_device_state.h" | 26 #include "chrome/browser/chromeos/policy/server_backed_device_state.h" |
| 25 #include "chrome/common/chrome_content_client.h" | 27 #include "chrome/common/chrome_content_client.h" |
| 26 #include "chrome/common/pref_names.h" | 28 #include "chrome/common/pref_names.h" |
| 29 #include "chromeos/attestation/attestation_flow.h" |
| 27 #include "chromeos/chromeos_switches.h" | 30 #include "chromeos/chromeos_switches.h" |
| 31 #include "chromeos/cryptohome/async_method_caller.h" |
| 32 #include "chromeos/cryptohome/cryptohome_parameters.h" |
| 33 #include "chromeos/dbus/dbus_thread_manager.h" |
| 28 #include "chromeos/system/statistics_provider.h" | 34 #include "chromeos/system/statistics_provider.h" |
| 29 #include "components/policy/core/common/cloud/cloud_policy_core.h" | 35 #include "components/policy/core/common/cloud/cloud_policy_core.h" |
| 30 #include "components/policy/core/common/cloud/device_management_service.h" | 36 #include "components/policy/core/common/cloud/device_management_service.h" |
| 31 #include "components/prefs/pref_service.h" | 37 #include "components/prefs/pref_service.h" |
| 32 #include "net/url_request/url_request_context_getter.h" | 38 #include "net/url_request/url_request_context_getter.h" |
| 33 | 39 |
| 34 namespace policy { | 40 namespace policy { |
| 35 | 41 |
| 36 namespace { | 42 namespace { |
| 37 | 43 |
| (...skipping 13 matching lines...) Expand all Loading... |
| 51 | 57 |
| 52 DeviceCloudPolicyInitializer::DeviceCloudPolicyInitializer( | 58 DeviceCloudPolicyInitializer::DeviceCloudPolicyInitializer( |
| 53 PrefService* local_state, | 59 PrefService* local_state, |
| 54 DeviceManagementService* enterprise_service, | 60 DeviceManagementService* enterprise_service, |
| 55 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner, | 61 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner, |
| 56 EnterpriseInstallAttributes* install_attributes, | 62 EnterpriseInstallAttributes* install_attributes, |
| 57 ServerBackedStateKeysBroker* state_keys_broker, | 63 ServerBackedStateKeysBroker* state_keys_broker, |
| 58 DeviceCloudPolicyStoreChromeOS* device_store, | 64 DeviceCloudPolicyStoreChromeOS* device_store, |
| 59 DeviceCloudPolicyManagerChromeOS* manager, | 65 DeviceCloudPolicyManagerChromeOS* manager, |
| 60 cryptohome::AsyncMethodCaller* async_method_caller, | 66 cryptohome::AsyncMethodCaller* async_method_caller, |
| 61 chromeos::CryptohomeClient* cryptohome_client) | 67 std::unique_ptr<chromeos::attestation::AttestationFlow> attestation_flow) |
| 62 : local_state_(local_state), | 68 : local_state_(local_state), |
| 63 enterprise_service_(enterprise_service), | 69 enterprise_service_(enterprise_service), |
| 64 background_task_runner_(background_task_runner), | 70 background_task_runner_(background_task_runner), |
| 65 install_attributes_(install_attributes), | 71 install_attributes_(install_attributes), |
| 66 state_keys_broker_(state_keys_broker), | 72 state_keys_broker_(state_keys_broker), |
| 67 device_store_(device_store), | 73 device_store_(device_store), |
| 68 manager_(manager), | 74 manager_(manager), |
| 69 async_method_caller_(async_method_caller), | 75 attestation_flow_(std::move(attestation_flow)), |
| 70 cryptohome_client_(cryptohome_client), | 76 signing_service_(async_method_caller), |
| 71 is_initialized_(false) {} | 77 weak_ptr_factory_(this) {} |
| 72 | 78 |
| 73 DeviceCloudPolicyInitializer::~DeviceCloudPolicyInitializer() { | 79 DeviceCloudPolicyInitializer::~DeviceCloudPolicyInitializer() { |
| 74 DCHECK(!is_initialized_); | 80 DCHECK(!is_initialized_); |
| 75 } | 81 } |
| 76 | 82 |
| 77 void DeviceCloudPolicyInitializer::Init() { | 83 void DeviceCloudPolicyInitializer::Init() { |
| 78 DCHECK(!is_initialized_); | 84 DCHECK(!is_initialized_); |
| 79 | 85 |
| 80 is_initialized_ = true; | 86 is_initialized_ = true; |
| 81 device_store_->AddObserver(this); | 87 device_store_->AddObserver(this); |
| (...skipping 18 matching lines...) Expand all Loading... |
| 100 const EnrollmentConfig& enrollment_config, | 106 const EnrollmentConfig& enrollment_config, |
| 101 const std::string& auth_token, | 107 const std::string& auth_token, |
| 102 const AllowedDeviceModes& allowed_device_modes, | 108 const AllowedDeviceModes& allowed_device_modes, |
| 103 const EnrollmentCallback& enrollment_callback) { | 109 const EnrollmentCallback& enrollment_callback) { |
| 104 DCHECK(is_initialized_); | 110 DCHECK(is_initialized_); |
| 105 DCHECK(!enrollment_handler_); | 111 DCHECK(!enrollment_handler_); |
| 106 | 112 |
| 107 manager_->core()->Disconnect(); | 113 manager_->core()->Disconnect(); |
| 108 enrollment_handler_.reset(new EnrollmentHandlerChromeOS( | 114 enrollment_handler_.reset(new EnrollmentHandlerChromeOS( |
| 109 device_store_, install_attributes_, state_keys_broker_, | 115 device_store_, install_attributes_, state_keys_broker_, |
| 110 async_method_caller_, cryptohome_client_, | 116 attestation_flow_.get(), CreateClient(device_management_service), |
| 111 CreateClient(device_management_service), background_task_runner_, | 117 background_task_runner_, enrollment_config, auth_token, |
| 112 enrollment_config, auth_token, install_attributes_->GetDeviceId(), | 118 install_attributes_->GetDeviceId(), manager_->GetDeviceRequisition(), |
| 113 manager_->GetDeviceRequisition(), allowed_device_modes, | 119 allowed_device_modes, |
| 114 base::Bind(&DeviceCloudPolicyInitializer::EnrollmentCompleted, | 120 base::Bind(&DeviceCloudPolicyInitializer::EnrollmentCompleted, |
| 115 base::Unretained(this), enrollment_callback))); | 121 base::Unretained(this), enrollment_callback))); |
| 116 enrollment_handler_->StartEnrollment(); | 122 enrollment_handler_->StartEnrollment(); |
| 117 } | 123 } |
| 118 | 124 |
| 119 EnrollmentConfig DeviceCloudPolicyInitializer::GetPrescribedEnrollmentConfig() | 125 EnrollmentConfig DeviceCloudPolicyInitializer::GetPrescribedEnrollmentConfig() |
| 120 const { | 126 const { |
| 121 EnrollmentConfig config; | 127 EnrollmentConfig config; |
| 122 | 128 |
| 123 // Authentication through the attestation mechanism is controlled by a | 129 // Authentication through the attestation mechanism is controlled by a |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 245 if (!enrollment_callback.is_null()) | 251 if (!enrollment_callback.is_null()) |
| 246 enrollment_callback.Run(status); | 252 enrollment_callback.Run(status); |
| 247 } | 253 } |
| 248 | 254 |
| 249 std::unique_ptr<CloudPolicyClient> DeviceCloudPolicyInitializer::CreateClient( | 255 std::unique_ptr<CloudPolicyClient> DeviceCloudPolicyInitializer::CreateClient( |
| 250 DeviceManagementService* device_management_service) { | 256 DeviceManagementService* device_management_service) { |
| 251 return base::MakeUnique<CloudPolicyClient>( | 257 return base::MakeUnique<CloudPolicyClient>( |
| 252 DeviceCloudPolicyManagerChromeOS::GetMachineID(), | 258 DeviceCloudPolicyManagerChromeOS::GetMachineID(), |
| 253 DeviceCloudPolicyManagerChromeOS::GetMachineModel(), | 259 DeviceCloudPolicyManagerChromeOS::GetMachineModel(), |
| 254 kPolicyVerificationKeyHash, device_management_service, | 260 kPolicyVerificationKeyHash, device_management_service, |
| 255 g_browser_process->system_request_context(), | 261 g_browser_process->system_request_context(), &signing_service_); |
| 256 nullptr /* signing_service */); | |
| 257 } | 262 } |
| 258 | 263 |
| 259 void DeviceCloudPolicyInitializer::TryToCreateClient() { | 264 void DeviceCloudPolicyInitializer::TryToCreateClient() { |
| 260 if (!device_store_->is_initialized() || | 265 if (!device_store_->is_initialized() || |
| 261 !device_store_->has_policy() || | 266 !device_store_->has_policy() || |
| 262 state_keys_broker_->pending() || | 267 state_keys_broker_->pending() || |
| 263 enrollment_handler_) { | 268 enrollment_handler_) { |
| 264 return; | 269 return; |
| 265 } | 270 } |
| 266 StartConnection(CreateClient(enterprise_service_)); | 271 StartConnection(CreateClient(enterprise_service_)); |
| 267 } | 272 } |
| 268 | 273 |
| 269 void DeviceCloudPolicyInitializer::StartConnection( | 274 void DeviceCloudPolicyInitializer::StartConnection( |
| 270 std::unique_ptr<CloudPolicyClient> client) { | 275 std::unique_ptr<CloudPolicyClient> client) { |
| 271 if (!manager_->core()->service()) | 276 if (!manager_->core()->service()) |
| 272 manager_->StartConnection(std::move(client), install_attributes_); | 277 manager_->StartConnection(std::move(client), install_attributes_); |
| 273 } | 278 } |
| 274 | 279 |
| 280 DeviceCloudPolicyInitializer::TpmEnrollmentKeySigningService:: |
| 281 TpmEnrollmentKeySigningService( |
| 282 cryptohome::AsyncMethodCaller* async_method_caller) |
| 283 : async_method_caller_(async_method_caller), weak_ptr_factory_(this) {} |
| 284 |
| 285 DeviceCloudPolicyInitializer::TpmEnrollmentKeySigningService:: |
| 286 ~TpmEnrollmentKeySigningService() {} |
| 287 |
| 288 void DeviceCloudPolicyInitializer::TpmEnrollmentKeySigningService::SignData( |
| 289 const std::string& data, |
| 290 const SigningCallback& callback) { |
| 291 const chromeos::attestation::AttestationCertificateProfile cert_profile = |
| 292 chromeos::attestation::PROFILE_ENTERPRISE_ENROLLMENT_CERTIFICATE; |
| 293 const cryptohome::Identification identification; |
| 294 async_method_caller_->TpmAttestationSignSimpleChallenge( |
| 295 chromeos::attestation::AttestationFlow::GetKeyTypeForProfile( |
| 296 cert_profile), |
| 297 identification, |
| 298 chromeos::attestation::AttestationFlow::GetKeyNameForProfile(cert_profile, |
| 299 ""), |
| 300 data, base::Bind(&DeviceCloudPolicyInitializer:: |
| 301 TpmEnrollmentKeySigningService::OnDataSigned, |
| 302 weak_ptr_factory_.GetWeakPtr(), data, callback)); |
| 303 } |
| 304 |
| 305 void DeviceCloudPolicyInitializer::TpmEnrollmentKeySigningService::OnDataSigned( |
| 306 const std::string& data, |
| 307 const SigningCallback& callback, |
| 308 bool success, |
| 309 const std::string& signed_data) { |
| 310 enterprise_management::SignedData em_signed_data; |
| 311 chromeos::attestation::SignedData att_signed_data; |
| 312 if (success && (success = att_signed_data.ParseFromString(signed_data))) { |
| 313 em_signed_data.set_data(att_signed_data.data()); |
| 314 em_signed_data.set_signature(att_signed_data.signature()); |
| 315 em_signed_data.set_extra_data_bytes(att_signed_data.data().size() - |
| 316 data.size()); |
| 317 } |
| 318 callback.Run(success, em_signed_data); |
| 319 } |
| 320 |
| 275 } // namespace policy | 321 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2276593004:
Device registration using an enrollment certificate from the PCA. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master