Update broken references to image assets
[chromium-blink-merge.git] / chromeos / login / auth / extended_authenticator.h
blobd80b20932c5b7855e5f054bc4da8ce4afa1a7b21
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_
6 #define CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_
8 #include <string>
10 #include "base/basictypes.h"
11 #include "base/callback.h"
12 #include "base/compiler_specific.h"
13 #include "base/memory/ref_counted.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "chromeos/chromeos_export.h"
16 #include "chromeos/cryptohome/cryptohome_parameters.h"
18 namespace chromeos {
20 class AuthStatusConsumer;
21 class UserContext;
23 // An interface to interact with cryptohomed: mount home dirs, create new home
24 // dirs, update passwords.
26 // Typical flow:
27 // AuthenticateToMount() calls cryptohomed to perform offline login,
28 // AuthenticateToCreate() calls cryptohomed to create new cryptohome.
29 class CHROMEOS_EXPORT ExtendedAuthenticator
30 : public base::RefCountedThreadSafe<ExtendedAuthenticator> {
31 public:
32 enum AuthState {
33 SUCCESS, // Login succeeded.
34 NO_MOUNT, // No cryptohome exist for user.
35 FAILED_MOUNT, // Failed to mount existing cryptohome - login failed.
36 FAILED_TPM, // Failed to mount/create cryptohome because of TPM error.
39 typedef base::Callback<void(const std::string& result)> ResultCallback;
40 typedef base::Callback<void(const UserContext& context)> ContextCallback;
42 class NewAuthStatusConsumer {
43 public:
44 virtual ~NewAuthStatusConsumer() {}
45 // The current login attempt has ended in failure, with error.
46 virtual void OnAuthenticationFailure(AuthState state) = 0;
49 static scoped_refptr<ExtendedAuthenticator> Create(
50 NewAuthStatusConsumer* consumer);
51 static scoped_refptr<ExtendedAuthenticator> Create(
52 AuthStatusConsumer* consumer);
54 // Updates consumer of the class.
55 virtual void SetConsumer(AuthStatusConsumer* consumer) = 0;
57 // This call will attempt to mount the home dir for the user, key (and key
58 // label) in |context|. If the key is of type KEY_TYPE_PASSWORD_PLAIN, it will
59 // be hashed with the system salt before being passed to cryptohomed. This
60 // call assumes that the home dir already exist for the user and will return
61 // an error otherwise. On success, the user ID hash (used as the mount point)
62 // will be passed to |success_callback|.
63 virtual void AuthenticateToMount(const UserContext& context,
64 const ResultCallback& success_callback) = 0;
66 // This call will attempt to authenticate the user with the key (and key
67 // label) in |context|. No further actions are taken after authentication.
68 virtual void AuthenticateToCheck(const UserContext& context,
69 const base::Closure& success_callback) = 0;
71 // This call will create and mount the home dir for |user_id| with the given
72 // |keys| if the home dir is missing. If the home dir exists already, a mount
73 // attempt will be performed using the first key in |keys| for authentication.
74 // Note that all |keys| should have been transformed from plain text already.
75 // This method does not alter them.
76 virtual void CreateMount(const std::string& user_id,
77 const std::vector<cryptohome::KeyDefinition>& keys,
78 const ResultCallback& success_callback) = 0;
80 // Attempts to add a new |key| for the user identified/authorized by
81 // |context|. If a key with the same label already exists, the behavior
82 // depends on the |replace_existing| flag. If the flag is set, the old key is
83 // replaced. If the flag is not set, an error occurs. It is not allowed to
84 // replace the key used for authorization.
85 virtual void AddKey(const UserContext& context,
86 const cryptohome::KeyDefinition& key,
87 bool replace_existing,
88 const base::Closure& success_callback) = 0;
90 // Attempts to perform an authorized update of the key in |context| with the
91 // new |key|. The update is authorized by providing the |signature| of the
92 // key. The original key must have the |PRIV_AUTHORIZED_UPDATE| privilege to
93 // perform this operation. The key labels in |context| and in |key| should be
94 // the same.
95 virtual void UpdateKeyAuthorized(const UserContext& context,
96 const cryptohome::KeyDefinition& key,
97 const std::string& signature,
98 const base::Closure& success_callback) = 0;
100 // Attempts to remove the key labeled |key_to_remove| for the user identified/
101 // authorized by |context|. It is possible to remove the key used for
102 // authorization, although it should be done with extreme care.
103 virtual void RemoveKey(const UserContext& context,
104 const std::string& key_to_remove,
105 const base::Closure& success_callback) = 0;
107 // Hashes the key in |user_context| with the system salt it its type is
108 // KEY_TYPE_PASSWORD_PLAIN and passes the resulting UserContext to the
109 // |callback|.
110 virtual void TransformKeyIfNeeded(const UserContext& user_context,
111 const ContextCallback& callback) = 0;
113 protected:
114 ExtendedAuthenticator();
115 virtual ~ExtendedAuthenticator();
117 private:
118 friend class base::RefCountedThreadSafe<ExtendedAuthenticator>;
120 DISALLOW_COPY_AND_ASSIGN(ExtendedAuthenticator);
123 } // namespace chromeos
125 #endif // CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_