| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/attestation/attestation_flow.h" | 5 #include "chromeos/attestation/attestation_flow.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "chromeos/cryptohome/async_method_caller.h" | 8 #include "chromeos/cryptohome/async_method_caller.h" |
| 9 #include "chromeos/dbus/cryptohome_client.h" | 9 #include "chromeos/dbus/cryptohome_client.h" |
| 10 | 10 |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 89 cryptohome_client_(cryptohome_client), | 89 cryptohome_client_(cryptohome_client), |
| 90 server_proxy_(server_proxy.Pass()), | 90 server_proxy_(server_proxy.Pass()), |
| 91 weak_factory_(this) { | 91 weak_factory_(this) { |
| 92 } | 92 } |
| 93 | 93 |
| 94 AttestationFlow::~AttestationFlow() { | 94 AttestationFlow::~AttestationFlow() { |
| 95 } | 95 } |
| 96 | 96 |
| 97 void AttestationFlow::GetCertificate( | 97 void AttestationFlow::GetCertificate( |
| 98 AttestationCertificateProfile certificate_profile, | 98 AttestationCertificateProfile certificate_profile, |
| 99 const std::string& user_email, | 99 const std::string& user_id, |
| 100 const std::string& request_origin, | 100 const std::string& request_origin, |
| 101 bool force_new_key, | 101 bool force_new_key, |
| 102 const CertificateCallback& callback) { | 102 const CertificateCallback& callback) { |
| 103 // If this device has not enrolled with the Privacy CA, we need to do that | 103 // If this device has not enrolled with the Privacy CA, we need to do that |
| 104 // first. Once enrolled we can proceed with the certificate request. | 104 // first. Once enrolled we can proceed with the certificate request. |
| 105 base::Closure do_cert_request = base::Bind( | 105 base::Closure do_cert_request = base::Bind( |
| 106 &AttestationFlow::StartCertificateRequest, | 106 &AttestationFlow::StartCertificateRequest, |
| 107 weak_factory_.GetWeakPtr(), | 107 weak_factory_.GetWeakPtr(), |
| 108 certificate_profile, | 108 certificate_profile, |
| 109 user_email, | 109 user_id, |
| 110 request_origin, | 110 request_origin, |
| 111 force_new_key, | 111 force_new_key, |
| 112 callback); | 112 callback); |
| 113 base::Closure on_enroll_failure = base::Bind(callback, false, ""); | 113 base::Closure on_enroll_failure = base::Bind(callback, false, ""); |
| 114 base::Closure do_enroll = base::Bind(&AttestationFlow::StartEnroll, | 114 base::Closure do_enroll = base::Bind(&AttestationFlow::StartEnroll, |
| 115 weak_factory_.GetWeakPtr(), | 115 weak_factory_.GetWeakPtr(), |
| 116 on_enroll_failure, | 116 on_enroll_failure, |
| 117 do_cert_request); | 117 do_cert_request); |
| 118 cryptohome_client_->TpmAttestationIsEnrolled(base::Bind( | 118 cryptohome_client_->TpmAttestationIsEnrolled(base::Bind( |
| 119 &DBusBoolRedirectCallback, | 119 &DBusBoolRedirectCallback, |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 184 return; | 184 return; |
| 185 } | 185 } |
| 186 | 186 |
| 187 // Enrollment has successfully completed, we can move on to whatever is next. | 187 // Enrollment has successfully completed, we can move on to whatever is next. |
| 188 if (!next_task.is_null()) | 188 if (!next_task.is_null()) |
| 189 next_task.Run(); | 189 next_task.Run(); |
| 190 } | 190 } |
| 191 | 191 |
| 192 void AttestationFlow::StartCertificateRequest( | 192 void AttestationFlow::StartCertificateRequest( |
| 193 AttestationCertificateProfile certificate_profile, | 193 AttestationCertificateProfile certificate_profile, |
| 194 const std::string& user_email, | 194 const std::string& user_id, |
| 195 const std::string& request_origin, | 195 const std::string& request_origin, |
| 196 bool generate_new_key, | 196 bool generate_new_key, |
| 197 const CertificateCallback& callback) { | 197 const CertificateCallback& callback) { |
| 198 AttestationKeyType key_type = GetKeyTypeForProfile(certificate_profile); | 198 AttestationKeyType key_type = GetKeyTypeForProfile(certificate_profile); |
| 199 std::string key_name = GetKeyNameForProfile(certificate_profile, | 199 std::string key_name = GetKeyNameForProfile(certificate_profile, |
| 200 request_origin); | 200 request_origin); |
| 201 if (generate_new_key) { | 201 if (generate_new_key) { |
| 202 // Get the attestation service to create a Privacy CA certificate request. | 202 // Get the attestation service to create a Privacy CA certificate request. |
| 203 async_caller_->AsyncTpmAttestationCreateCertRequest( | 203 async_caller_->AsyncTpmAttestationCreateCertRequest( |
| 204 certificate_profile, | 204 certificate_profile, |
| 205 user_email, | 205 user_id, |
| 206 request_origin, | 206 request_origin, |
| 207 base::Bind(&AttestationFlow::SendCertificateRequestToPCA, | 207 base::Bind(&AttestationFlow::SendCertificateRequestToPCA, |
| 208 weak_factory_.GetWeakPtr(), | 208 weak_factory_.GetWeakPtr(), |
| 209 key_type, | 209 key_type, |
| 210 user_id, |
| 210 key_name, | 211 key_name, |
| 211 callback)); | 212 callback)); |
| 212 } else { | 213 } else { |
| 213 // If the key already exists, query the existing certificate. | 214 // If the key already exists, query the existing certificate. |
| 214 base::Closure on_key_exists = base::Bind( | 215 base::Closure on_key_exists = base::Bind( |
| 215 &AttestationFlow::GetExistingCertificate, | 216 &AttestationFlow::GetExistingCertificate, |
| 216 weak_factory_.GetWeakPtr(), | 217 weak_factory_.GetWeakPtr(), |
| 217 key_type, | 218 key_type, |
| 219 user_id, |
| 218 key_name, | 220 key_name, |
| 219 callback); | 221 callback); |
| 220 // If the key does not exist, call this method back with |generate_new_key| | 222 // If the key does not exist, call this method back with |generate_new_key| |
| 221 // set to true. | 223 // set to true. |
| 222 base::Closure on_key_not_exists = base::Bind( | 224 base::Closure on_key_not_exists = base::Bind( |
| 223 &AttestationFlow::StartCertificateRequest, | 225 &AttestationFlow::StartCertificateRequest, |
| 224 weak_factory_.GetWeakPtr(), | 226 weak_factory_.GetWeakPtr(), |
| 225 certificate_profile, | 227 certificate_profile, |
| 226 user_email, | 228 user_id, |
| 227 request_origin, | 229 request_origin, |
| 228 true, | 230 true, |
| 229 callback); | 231 callback); |
| 230 cryptohome_client_->TpmAttestationDoesKeyExist( | 232 cryptohome_client_->TpmAttestationDoesKeyExist( |
| 231 key_type, | 233 key_type, |
| 234 user_id, |
| 232 key_name, | 235 key_name, |
| 233 base::Bind(&DBusBoolRedirectCallback, | 236 base::Bind(&DBusBoolRedirectCallback, |
| 234 on_key_exists, | 237 on_key_exists, |
| 235 on_key_not_exists, | 238 on_key_not_exists, |
| 236 base::Bind(callback, false, ""))); | 239 base::Bind(callback, false, ""))); |
| 237 } | 240 } |
| 238 } | 241 } |
| 239 | 242 |
| 240 void AttestationFlow::SendCertificateRequestToPCA( | 243 void AttestationFlow::SendCertificateRequestToPCA( |
| 241 AttestationKeyType key_type, | 244 AttestationKeyType key_type, |
| 245 const std::string& user_id, |
| 242 const std::string& key_name, | 246 const std::string& key_name, |
| 243 const CertificateCallback& callback, | 247 const CertificateCallback& callback, |
| 244 bool success, | 248 bool success, |
| 245 const std::string& data) { | 249 const std::string& data) { |
| 246 if (!success) { | 250 if (!success) { |
| 247 LOG(ERROR) << "Attestation: Failed to create certificate request."; | 251 LOG(ERROR) << "Attestation: Failed to create certificate request."; |
| 248 if (!callback.is_null()) | 252 if (!callback.is_null()) |
| 249 callback.Run(false, ""); | 253 callback.Run(false, ""); |
| 250 return; | 254 return; |
| 251 } | 255 } |
| 252 | 256 |
| 253 // Send the request to the Privacy CA. | 257 // Send the request to the Privacy CA. |
| 254 server_proxy_->SendCertificateRequest( | 258 server_proxy_->SendCertificateRequest( |
| 255 data, | 259 data, |
| 256 base::Bind(&AttestationFlow::SendCertificateResponseToDaemon, | 260 base::Bind(&AttestationFlow::SendCertificateResponseToDaemon, |
| 257 weak_factory_.GetWeakPtr(), | 261 weak_factory_.GetWeakPtr(), |
| 258 key_type, | 262 key_type, |
| 263 user_id, |
| 259 key_name, | 264 key_name, |
| 260 callback)); | 265 callback)); |
| 261 } | 266 } |
| 262 | 267 |
| 263 void AttestationFlow::SendCertificateResponseToDaemon( | 268 void AttestationFlow::SendCertificateResponseToDaemon( |
| 264 AttestationKeyType key_type, | 269 AttestationKeyType key_type, |
| 270 const std::string& user_id, |
| 265 const std::string& key_name, | 271 const std::string& key_name, |
| 266 const CertificateCallback& callback, | 272 const CertificateCallback& callback, |
| 267 bool success, | 273 bool success, |
| 268 const std::string& data) { | 274 const std::string& data) { |
| 269 if (!success) { | 275 if (!success) { |
| 270 LOG(ERROR) << "Attestation: Certificate request failed."; | 276 LOG(ERROR) << "Attestation: Certificate request failed."; |
| 271 if (!callback.is_null()) | 277 if (!callback.is_null()) |
| 272 callback.Run(false, ""); | 278 callback.Run(false, ""); |
| 273 return; | 279 return; |
| 274 } | 280 } |
| 275 | 281 |
| 276 // Forward the response to the attestation service to complete the operation. | 282 // Forward the response to the attestation service to complete the operation. |
| 277 async_caller_->AsyncTpmAttestationFinishCertRequest(data, | 283 async_caller_->AsyncTpmAttestationFinishCertRequest(data, |
| 278 key_type, | 284 key_type, |
| 285 user_id, |
| 279 key_name, | 286 key_name, |
| 280 base::Bind(callback)); | 287 base::Bind(callback)); |
| 281 } | 288 } |
| 282 | 289 |
| 283 void AttestationFlow::GetExistingCertificate( | 290 void AttestationFlow::GetExistingCertificate( |
| 284 AttestationKeyType key_type, | 291 AttestationKeyType key_type, |
| 292 const std::string& user_id, |
| 285 const std::string& key_name, | 293 const std::string& key_name, |
| 286 const CertificateCallback& callback) { | 294 const CertificateCallback& callback) { |
| 287 cryptohome_client_->TpmAttestationGetCertificate( | 295 cryptohome_client_->TpmAttestationGetCertificate( |
| 288 key_type, | 296 key_type, |
| 297 user_id, |
| 289 key_name, | 298 key_name, |
| 290 base::Bind(&DBusDataMethodCallback, callback)); | 299 base::Bind(&DBusDataMethodCallback, callback)); |
| 291 } | 300 } |
| 292 | 301 |
| 293 } // namespace attestation | 302 } // namespace attestation |
| 294 } // namespace chromeos | 303 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 27044004:
Added multi-profile support for attestation on chromeos. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src