Device registration using an enrollment certificate from the PCA.

chrome/browser/chromeos/policy/device_cloud_policy_initializer.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_INITIALIZER_H_
 #define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_INITIALIZER_H_
 
 #include <bitset>
 #include <memory>
 #include <string>
 
 #include "base/callback_forward.h"
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h"
 #include "components/policy/core/common/cloud/cloud_policy_client.h"
 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
 #include "components/policy/core/common/cloud/cloud_policy_store.h"
+#include "components/policy/core/common/cloud/signing_service.h"
 
 class PrefService;
 
 namespace base {
 class SequencedTaskRunner;
 }
 
 namespace chromeos {
-class CryptohomeClient;
+namespace attestation {
+class AttestationFlow;
+}
 }
 
 namespace cryptohome {
 class AsyncMethodCaller;
 }
 
 namespace policy {
 
 class DeviceCloudPolicyManagerChromeOS;
 class DeviceCloudPolicyStoreChromeOS;
@@ skipping 13 matching lines @@
   // |background_task_runner| is used to execute long-running background tasks
   // that may involve file I/O.
   DeviceCloudPolicyInitializer(
       PrefService* local_state,
       DeviceManagementService* enterprise_service,
       const scoped_refptr<base::SequencedTaskRunner>& background_task_runner,
       EnterpriseInstallAttributes* install_attributes,
       ServerBackedStateKeysBroker* state_keys_broker,
       DeviceCloudPolicyStoreChromeOS* device_store,
       DeviceCloudPolicyManagerChromeOS* manager,
-      cryptohome::AsyncMethodCaller* async_caller,
-      chromeos::CryptohomeClient* cryptohome_client);
+      cryptohome::AsyncMethodCaller* async_method_caller,
+      std::unique_ptr<chromeos::attestation::AttestationFlow> attestation_flow);
 
   ~DeviceCloudPolicyInitializer() override;
 
   virtual void Init();
   virtual void Shutdown();
 
   // Starts enrollment or re-enrollment. Once the enrollment process completes,
   // |enrollment_callback| is invoked and gets passed the status of the
   // operation.
   // |allowed_modes| specifies acceptable DEVICE_MODE_* constants for
@@ skipping 14 matching lines @@
   // enrollment recovery, or already-present install attributes. Note that
   // |config.management_domain| may be non-empty even if |config.mode| is
   // MODE_NONE.
   EnrollmentConfig GetPrescribedEnrollmentConfig() const;
 
   // CloudPolicyStore::Observer:
   void OnStoreLoaded(CloudPolicyStore* store) override;
   void OnStoreError(CloudPolicyStore* store) override;
 
  private:
+  // Signing class using the enrollment certificate's TPM-bound key to
+  // sign data.
+  class TpmEnrollmentKeySigningService : public policy::SigningService {
+   public:
+    TpmEnrollmentKeySigningService(
+        cryptohome::AsyncMethodCaller* async_method_caller);
+    ~TpmEnrollmentKeySigningService();
+
+    void SignData(const std::string& data,

[pastarmovj, 2016/08/29 11:51:35]

Please add a comment : policy::SigningService implementation or something like
that for the functions that are implementing the interface.

[The one and only Dr. Crash, 2016/08/29 19:55:32]

That is what the override keyword is for IMO. I improved the comment to mention
the interface. I considered calling the interface
policy::SigningServiceInterface but it would be an odd name considering the
enrollment/login code has plenty of interfaces that are not called *Interface at
all. 

+                  const SigningCallback& callback) override;
+
+   private:
+    void OnDataSigned(const std::string& data,
+                      const SigningCallback& callback,
+                      bool success,
+                      const std::string& signed_data);
+
+    cryptohome::AsyncMethodCaller* async_method_caller_;
+
+    // Used to create tasks which run delayed on the UI thread.
+    base::WeakPtrFactory<TpmEnrollmentKeySigningService> weak_ptr_factory_;
+  };
+
   // Handles completion signaled by |enrollment_handler_|.
   void EnrollmentCompleted(const EnrollmentCallback& enrollment_callback,
                            EnrollmentStatus status);
 
   // Creates a new CloudPolicyClient.
   std::unique_ptr<CloudPolicyClient> CreateClient(
       DeviceManagementService* device_management_service);
 
   void TryToCreateClient();
   void StartConnection(std::unique_ptr<CloudPolicyClient> client);
 
   PrefService* local_state_;
   DeviceManagementService* enterprise_service_;
   scoped_refptr<base::SequencedTaskRunner> background_task_runner_;
   EnterpriseInstallAttributes* install_attributes_;
   ServerBackedStateKeysBroker* state_keys_broker_;
   DeviceCloudPolicyStoreChromeOS* device_store_;
   DeviceCloudPolicyManagerChromeOS* manager_;
-  cryptohome::AsyncMethodCaller* async_method_caller_;
-  chromeos::CryptohomeClient* cryptohome_client_;
-  bool is_initialized_;
+  std::unique_ptr<chromeos::attestation::AttestationFlow> attestation_flow_;
+  bool is_initialized_ = false;
 
   // Non-NULL if there is an enrollment operation pending.
   std::unique_ptr<EnrollmentHandlerChromeOS> enrollment_handler_;
 
   ServerBackedStateKeysBroker::Subscription state_keys_update_subscription_;
 
+  // Our signing service.
+  TpmEnrollmentKeySigningService signing_service_;
+
+  // Used to create tasks which run delayed on the UI thread.
+  base::WeakPtrFactory<DeviceCloudPolicyInitializer> weak_ptr_factory_;

[pastarmovj, 2016/08/29 11:51:35]

Do you need this weak pointer? I think you only need the one in the inner class?

[The one and only Dr. Crash, 2016/08/29 19:55:32]

You are right, I do not need it anymore. Removed.

+
   DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyInitializer);
 };
 
 }  // namespace policy
 
 #endif  // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_INITIALIZER_H_