Wait for the attestation to be ready (TPM being prepared for attestation) before trying to enroll.

chromeos/attestation/attestation_flow.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_
 #define CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_
 
 #include <memory>
 #include <string>
 
 #include "base/callback_forward.h"
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
+#include "base/time/time.h"
 #include "chromeos/attestation/attestation_constants.h"
 #include "chromeos/chromeos_export.h"
 #include "chromeos/dbus/dbus_method_call_status.h"
 #include "third_party/cros_system_api/dbus/service_constants.h"
 
 class AccountId;
 
+namespace base {
+

[achuithb, 2016/12/05 19:53:59]

remove newline

+class TickClock;
+

[achuithb, 2016/12/05 19:53:59]

remove newline

+}  // namespace base

[achuithb, 2016/12/05 19:53:59]

drop comment.

+
 namespace cryptohome {
 
 class AsyncMethodCaller;
 
 }  // namespace cryptohome
 
 namespace chromeos {
 
 class CryptohomeClient;
 
@@ skipping 10 matching lines @@
   virtual void SendCertificateRequest(const std::string& request,
                                       const DataCallback& on_response) = 0;
   virtual PrivacyCAType GetType();
 };
 
 // Implements the message flow for Chrome OS attestation tasks.  Generally this
 // consists of coordinating messages between the Chrome OS attestation service
 // and the Chrome OS Privacy CA server.  Sample usage:
 //    AttestationFlow flow(AsyncMethodCaller::GetInstance(),
 //                         DBusThreadManager::Get().GetCryptohomeClient(),
-//                         std::move(my_server_proxy));
+//                         std::move(my_server_proxy),
+//                         base::TimeDelta::Max());
 //    AttestationFlow::CertificateCallback callback = base::Bind(&MyCallback);
 //    flow.GetCertificate(ENTERPRISE_USER_CERTIFICATE, false, callback);
 class CHROMEOS_EXPORT AttestationFlow {
  public:
   typedef base::Callback<void(bool success,
                               const std::string& pem_certificate_chain)>
       CertificateCallback;
 
   // Returns the attestation key type for a given |certificate_profile|.
   //
@@ skipping 10 matching lines @@
   //   certificate_profile - Specifies what kind of certificate the key is for.
   //   request_origin - For content protection profiles, certificate requests
   //                    are origin-specific.  This string must uniquely identify
   //                    the origin of the request.
   static std::string GetKeyNameForProfile(
       AttestationCertificateProfile certificate_profile,
       const std::string& request_origin);
 
   AttestationFlow(cryptohome::AsyncMethodCaller* async_caller,
                   CryptohomeClient* cryptohome_client,
-                  std::unique_ptr<ServerProxy> server_proxy);
+                  std::unique_ptr<ServerProxy> server_proxy,
+                  base::TimeDelta preparedness_timeout);
   virtual ~AttestationFlow();
 
   // Gets an attestation certificate for a hardware-protected key.  If a key for
   // the given profile does not exist, it will be generated and a certificate
   // request will be made to the Chrome OS Privacy CA to issue a certificate for
   // the key.  If the key already exists and |force_new_key| is false, the
   // existing certificate is returned.
   //
+  // If the TPM has not been prepared for attestation yet, this method will poll
+  // the attestation preparedness within the flow's |preparedness_timeout|.
+  // There is no guarantee than a retry will be made if the timeout is too
+  // short (e.g. less than 10 seconds).

[achuithb, 2016/12/05 19:53:59]

It's unusual to reference a param defined in one function in the comments of
another function like this. Is there a way you can move this verbiage to a
function comment for the ctor?

+  //
   // Parameters
   //   certificate_profile - Specifies what kind of certificate should be
   //                         requested from the CA.
   //   account_id - Identifies the currently active user. This is ignored when
   //                using the enterprise machine cert profile.
   //   request_origin - For content protection profiles, certificate requests
   //                    are origin-specific.  This string must uniquely identify
   //                    the origin of the request.
   //   force_new_key - If set to true, a new key will be generated even if a key
   //                   already exists for the profile.  The new key will replace
   //                   the existing key on success.
   //   callback - A callback which will be called when the operation completes.
   //              On success |result| will be true and |data| will contain the
   //              PCA-issued certificate chain in PEM format.
   virtual void GetCertificate(AttestationCertificateProfile certificate_profile,
                               const AccountId& account_id,
                               const std::string& request_origin,
                               bool force_new_key,
                               const CertificateCallback& callback);
 
+  // Sets the tick clock for tests.
+  void SetTickClockForTest(base::TickClock* tick_clock);
+
  private:
+  struct RetryData;
+
   // Asynchronously initiates the attestation enrollment flow.
+  // If attestation is not ready yet, retry as needed.
   //
   // Parameters
   //   on_failure - Called if any failure occurs.
+  //   next_task - Called on successful enrollment.
+  void InitiateEnroll(const base::Closure& on_failure,
+                      const base::Closure& next_task);
+
+  // Asynchronously tries to initiate the attestation enrollment flow.
+  // If attestation is not ready yet, retry as needed.
+  //
+  // Parameters
+  //   retry_data - Data to manage retries.
+  //   on_failure - Called if any failure occurs.
+  //   next_task - Called on successful enrollment.
+  void TryInitiateEnroll(RetryData* retry_data,
+                         const base::Closure& on_failure,
+                         const base::Closure& next_task);
+
+  // Called when atestation is not prepared yet, to re-initiate enrollment

[achuithb, 2016/12/05 19:53:59]

attestation spelling

+  // after a delay.
+  //
+  // Parameters
+  //   on_failure - Called if any failure occurs.
+  //   next_task - Called on successful enrollment.
+  void RetryInitiateEnroll(const base::Closure& on_failure,
+                           const base::Closure& next_task);
+
+  // Called when attestation is prepared, to start the actual enrollment flow.
+  //
+  // Parameters
+  //   on_failure - Called if any failure occurs.
   //   next_task - Called on successful enrollment.
   void StartEnroll(const base::Closure& on_failure,
                    const base::Closure& next_task);
 
   // Called when the attestation daemon has finished creating an enrollment
   // request for the Privacy CA.  The request is asynchronously forwarded as-is
   // to the PCA.
   //
   // Parameters
   //   on_failure - Called if any failure occurs.
@@ skipping 90 matching lines @@
   // Parameters
   //   key_type - The type of the key for which a certificate is requested.
   //   account_id - Identifies the active user.
   //   key_name - The name of the key for which a certificate is requested.
   //   callback - Called when the operation completes.
   void GetExistingCertificate(AttestationKeyType key_type,
                               const AccountId& account_id,
                               const std::string& key_name,
                               const CertificateCallback& callback);
 
+  // Handles retries. If |retry_data| indicates that we are done retrying,
+  // runs |on_giving_up|, otherwise runs |on_retrying| after a delay.
+  void StillRetrying(RetryData* retry_data,
+                     const base::Closure& on_giving_up,
+                     const base::Closure& on_retrying);
+  // Handles the end of retries. Deletes |retry_data| and runs |continuation|.
+  void DoneRetrying(RetryData* retry_data, const base::Closure& continuation);
+
   cryptohome::AsyncMethodCaller* async_caller_;
   CryptohomeClient* cryptohome_client_;
   std::unique_ptr<ServerProxy> server_proxy_;
 
+  base::TimeDelta preparedness_timeout_;
+  base::TickClock* tick_clock_ = nullptr;
+
   base::WeakPtrFactory<AttestationFlow> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(AttestationFlow);
 };
 
 }  // namespace attestation
 }  // namespace chromeos
 
 #endif  // CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_