Wait for the attestation to be ready (TPM being prepared for attestation) before trying to enroll.

chromeos/attestation/attestation_flow.h

Index: chromeos/attestation/attestation_flow.h
diff --git a/chromeos/attestation/attestation_flow.h b/chromeos/attestation/attestation_flow.h
index 26a7292d60a9d4eab6901f21e268e31b6a799846..06784ffbae021223af3ab4d5a1b7cb1e8432ac42 100644
--- a/chromeos/attestation/attestation_flow.h
+++ b/chromeos/attestation/attestation_flow.h
@@ -11,13 +11,21 @@
 #include "base/callback_forward.h"
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
+#include "base/time/time.h"
 #include "chromeos/attestation/attestation_constants.h"
 #include "chromeos/chromeos_export.h"
 #include "chromeos/dbus/dbus_method_call_status.h"
+#include "net/base/backoff_entry.h"
 #include "third_party/cros_system_api/dbus/service_constants.h"
 
 class AccountId;
 
+namespace base {
+
+class OneShotTimer;
+
+}  // namespace base
+
 namespace cryptohome {
 
 class AsyncMethodCaller;
@@ -48,7 +56,8 @@ class CHROMEOS_EXPORT ServerProxy {
 // and the Chrome OS Privacy CA server.  Sample usage:
 //    AttestationFlow flow(AsyncMethodCaller::GetInstance(),
 //                         DBusThreadManager::Get().GetCryptohomeClient(),
-//                         std::move(my_server_proxy));
+//                         std::move(my_server_proxy),
+//                         base::TimeDelta::Max());
 //    AttestationFlow::CertificateCallback callback = base::Bind(&MyCallback);
 //    flow.GetCertificate(ENTERPRISE_USER_CERTIFICATE, false, callback);
 class CHROMEOS_EXPORT AttestationFlow {
@@ -79,7 +88,8 @@ class CHROMEOS_EXPORT AttestationFlow {
 
   AttestationFlow(cryptohome::AsyncMethodCaller* async_caller,
                   CryptohomeClient* cryptohome_client,
-                  std::unique_ptr<ServerProxy> server_proxy);
+                  std::unique_ptr<ServerProxy> server_proxy,
+                  base::TimeDelta preparedness_timeout);
   virtual ~AttestationFlow();
 
   // Gets an attestation certificate for a hardware-protected key.  If a key for
@@ -108,8 +118,29 @@ class CHROMEOS_EXPORT AttestationFlow {
                               bool force_new_key,
                               const CertificateCallback& callback);
 
+  // Sets the retry timer for tests.
+  void SetRetryTimerForTest(std::unique_ptr<base::OneShotTimer> retry_timer);
+
  private:
   // Asynchronously initiates the attestation enrollment flow.
+  // If attestation is not ready yet, retry as needed.
+  //
+  // Parameters
+  //   on_failure - Called if any failure occurs.
+  //   next_task - Called on successful enrollment.
+  void InitiateEnroll(const base::Closure& on_failure,
+                      const base::Closure& next_task);
+
+  // Called when atestation is not prepared yet, to re-initiate enrollment
+  // after a delay.
+  //
+  // Parameters
+  //   on_failure - Called if any failure occurs.
+  //   next_task - Called on successful enrollment.
+  void RetryInitiateEnroll(const base::Closure& on_failure,
+                           const base::Closure& next_task);
+
+  // Called when attestation is prepared, to start the actual enrollment flow.
   //
   // Parameters
   //   on_failure - Called if any failure occurs.
@@ -227,6 +258,10 @@ class CHROMEOS_EXPORT AttestationFlow {
   CryptohomeClient* cryptohome_client_;
   std::unique_ptr<ServerProxy> server_proxy_;
 
+  base::TimeDelta preparedness_timeout_;
+  std::unique_ptr<base::OneShotTimer> retry_timer_;

[The one and only Dr. Crash, 2016/12/02 06:59:34]

Note that the use we make of all of these is very similar (but not exactly the
same, since we also have a timeout) to remoting's BackoffTimer
(https://cs.chromium.org/chromium/src/remoting/host/backoff_timer.h?dr=C&sq=pa...).

There may be an opportunity for refactoring at some point.

+  net::BackoffEntry retry_backoff_;
+
   base::WeakPtrFactory<AttestationFlow> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(AttestationFlow);