Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(202)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chromeos/attestation/attestation_flow.h

Issue 27044004: Added multi-profile support for attestation on chromeos. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebase Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chromeos/attestation/OWNERS ('k') | chromeos/attestation/attestation_flow.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_ 5 #ifndef CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_
6 #define CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_ 6 #define CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
61 61
62 // Gets an attestation certificate for a hardware-protected key. If a key for 62 // Gets an attestation certificate for a hardware-protected key. If a key for
63 // the given profile does not exist, it will be generated and a certificate 63 // the given profile does not exist, it will be generated and a certificate
64 // request will be made to the Chrome OS Privacy CA to issue a certificate for 64 // request will be made to the Chrome OS Privacy CA to issue a certificate for
65 // the key. If the key already exists and |force_new_key| is false, the 65 // the key. If the key already exists and |force_new_key| is false, the
66 // existing certificate is returned. 66 // existing certificate is returned.
67 // 67 //
68 // Parameters 68 // Parameters
69 // certificate_profile - Specifies what kind of certificate should be 69 // certificate_profile - Specifies what kind of certificate should be
70 // requested from the CA. 70 // requested from the CA.
71 // user_email - The canonical email address of the currently active user. 71 // user_id - Identifies the currently active user. For normal GAIA users
72 // This is ignored when not using the content protection 72 // this is a canonical email address. This is ignored when using
73 // profile. 73 // the enterprise machine cert profile.
74 // request_origin - For content protection profiles, certificate requests 74 // request_origin - For content protection profiles, certificate requests
75 // are origin-specific. This string must uniquely identify 75 // are origin-specific. This string must uniquely identify
76 // the origin of the request. 76 // the origin of the request.
77 // force_new_key - If set to true, a new key will be generated even if a key 77 // force_new_key - If set to true, a new key will be generated even if a key
78 // already exists for the profile. The new key will replace 78 // already exists for the profile. The new key will replace
79 // the existing key on success. 79 // the existing key on success.
80 // callback - A callback which will be called when the operation completes. 80 // callback - A callback which will be called when the operation completes.
81 // On success |result| will be true and |data| will contain the 81 // On success |result| will be true and |data| will contain the
82 // PCA-issued certificate chain in PEM format. 82 // PCA-issued certificate chain in PEM format.
83 virtual void GetCertificate(AttestationCertificateProfile certificate_profile, 83 virtual void GetCertificate(AttestationCertificateProfile certificate_profile,
84 const std::string& user_email, 84 const std::string& user_id,
85 const std::string& request_origin, 85 const std::string& request_origin,
86 bool force_new_key, 86 bool force_new_key,
87 const CertificateCallback& callback); 87 const CertificateCallback& callback);
88 88
89 private: 89 private:
90 // Asynchronously initiates the attestation enrollment flow. 90 // Asynchronously initiates the attestation enrollment flow.
91 // 91 //
92 // Parameters 92 // Parameters
93 // on_failure - Called if any failure occurs. 93 // on_failure - Called if any failure occurs.
94 // next_task - Called on successful enrollment. 94 // next_task - Called on successful enrollment.
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
135 const base::Closure& next_task, 135 const base::Closure& next_task,
136 bool success, 136 bool success,
137 cryptohome::MountError not_used); 137 cryptohome::MountError not_used);
138 138
139 // Asynchronously initiates the certificate request flow. Attestation 139 // Asynchronously initiates the certificate request flow. Attestation
140 // enrollment must complete successfully before this operation can succeed. 140 // enrollment must complete successfully before this operation can succeed.
141 // 141 //
142 // Parameters 142 // Parameters
143 // certificate_profile - Specifies what kind of certificate should be 143 // certificate_profile - Specifies what kind of certificate should be
144 // requested from the CA. 144 // requested from the CA.
145 // user_email - The active user's canonical email. 145 // user_id - Identifies the active user.
146 // request_origin - An identifier for the origin of this request. 146 // request_origin - An identifier for the origin of this request.
147 // generate_new_key - If set to true a new key is generated. 147 // generate_new_key - If set to true a new key is generated.
148 // callback - Called when the operation completes. 148 // callback - Called when the operation completes.
149 void StartCertificateRequest( 149 void StartCertificateRequest(
150 const AttestationCertificateProfile certificate_profile, 150 const AttestationCertificateProfile certificate_profile,
151 const std::string& user_email, 151 const std::string& user_id,
152 const std::string& request_origin, 152 const std::string& request_origin,
153 bool generate_new_key, 153 bool generate_new_key,
154 const CertificateCallback& callback); 154 const CertificateCallback& callback);
155 155
156 // Called when the attestation daemon has finished creating a certificate 156 // Called when the attestation daemon has finished creating a certificate
157 // request for the Privacy CA. The request is asynchronously forwarded as-is 157 // request for the Privacy CA. The request is asynchronously forwarded as-is
158 // to the PCA. 158 // to the PCA.
159 // 159 //
160 // Parameters 160 // Parameters
161 // key_type - The type of the key for which a certificate is requested. 161 // key_type - The type of the key for which a certificate is requested.
162 // user_id - Identifies the active user.
162 // key_name - The name of the key for which a certificate is requested. 163 // key_name - The name of the key for which a certificate is requested.
163 // callback - Called when the operation completes. 164 // callback - Called when the operation completes.
164 // success - The status of request creation. 165 // success - The status of request creation.
165 // data - The request data for the Privacy CA. 166 // data - The request data for the Privacy CA.
166 void SendCertificateRequestToPCA(AttestationKeyType key_type, 167 void SendCertificateRequestToPCA(AttestationKeyType key_type,
168 const std::string& user_id,
167 const std::string& key_name, 169 const std::string& key_name,
168 const CertificateCallback& callback, 170 const CertificateCallback& callback,
169 bool success, 171 bool success,
170 const std::string& data); 172 const std::string& data);
171 173
172 // Called when the Privacy CA responds to a certificate request. The response 174 // Called when the Privacy CA responds to a certificate request. The response
173 // is asynchronously forwarded as-is to the attestation daemon in order to 175 // is asynchronously forwarded as-is to the attestation daemon in order to
174 // complete the operation. 176 // complete the operation.
175 // 177 //
176 // Parameters 178 // Parameters
177 // key_type - The type of the key for which a certificate is requested. 179 // key_type - The type of the key for which a certificate is requested.
180 // user_id - Identifies the active user.
178 // key_name - The name of the key for which a certificate is requested. 181 // key_name - The name of the key for which a certificate is requested.
179 // callback - Called when the operation completes. 182 // callback - Called when the operation completes.
180 // success - The status of the Privacy CA operation. 183 // success - The status of the Privacy CA operation.
181 // data - The response data from the Privacy CA. 184 // data - The response data from the Privacy CA.
182 void SendCertificateResponseToDaemon(AttestationKeyType key_type, 185 void SendCertificateResponseToDaemon(AttestationKeyType key_type,
186 const std::string& user_id,
183 const std::string& key_name, 187 const std::string& key_name,
184 const CertificateCallback& callback, 188 const CertificateCallback& callback,
185 bool success, 189 bool success,
186 const std::string& data); 190 const std::string& data);
187 191
188 // Gets an existing certificate from the attestation daemon. 192 // Gets an existing certificate from the attestation daemon.
189 // 193 //
190 // Parameters 194 // Parameters
191 // key_type - The type of the key for which a certificate is requested. 195 // key_type - The type of the key for which a certificate is requested.
196 // user_id - Identifies the active user.
192 // key_name - The name of the key for which a certificate is requested. 197 // key_name - The name of the key for which a certificate is requested.
193 // callback - Called when the operation completes. 198 // callback - Called when the operation completes.
194 void GetExistingCertificate(AttestationKeyType key_type, 199 void GetExistingCertificate(AttestationKeyType key_type,
200 const std::string& user_id,
195 const std::string& key_name, 201 const std::string& key_name,
196 const CertificateCallback& callback); 202 const CertificateCallback& callback);
197 203
198 cryptohome::AsyncMethodCaller* async_caller_; 204 cryptohome::AsyncMethodCaller* async_caller_;
199 CryptohomeClient* cryptohome_client_; 205 CryptohomeClient* cryptohome_client_;
200 scoped_ptr<ServerProxy> server_proxy_; 206 scoped_ptr<ServerProxy> server_proxy_;
201 207
202 base::WeakPtrFactory<AttestationFlow> weak_factory_; 208 base::WeakPtrFactory<AttestationFlow> weak_factory_;
203 209
204 DISALLOW_COPY_AND_ASSIGN(AttestationFlow); 210 DISALLOW_COPY_AND_ASSIGN(AttestationFlow);
205 }; 211 };
206 212
207 } // namespace attestation 213 } // namespace attestation
208 } // namespace chromeos 214 } // namespace chromeos
209 215
210 #endif // CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_ 216 #endif // CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_
OLDNEW
« no previous file with comments | « chromeos/attestation/OWNERS ('k') | chromeos/attestation/attestation_flow.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698