Roll src/third_party/WebKit d9c6159:8139f33 (svn 201974:201975)
[chromium-blink-merge.git] / chromeos / dbus / cryptohome_client.h
blob8f9a5dc433f05b945b1b6e265755924fb763c9aa
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_
6 #define CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_
8 #include <string>
9 #include <vector>
11 #include "base/basictypes.h"
12 #include "base/callback.h"
13 #include "chromeos/attestation/attestation_constants.h"
14 #include "chromeos/chromeos_export.h"
15 #include "chromeos/dbus/dbus_client.h"
16 #include "chromeos/dbus/dbus_method_call_status.h"
18 namespace cryptohome {
20 class AccountIdentifier;
21 class AddKeyRequest;
22 class AuthorizationRequest;
23 class BaseReply;
24 class CheckKeyRequest;
25 class FlushAndSignBootAttributesRequest;
26 class GetBootAttributeRequest;
27 class GetKeyDataRequest;
28 class MountRequest;
29 class RemoveKeyRequest;
30 class SetBootAttributeRequest;
31 class UpdateKeyRequest;
33 } // namespace cryptohome
35 namespace chromeos {
37 // CryptohomeClient is used to communicate with the Cryptohome service.
38 // All method should be called from the origin thread (UI thread) which
39 // initializes the DBusThreadManager instance.
40 class CHROMEOS_EXPORT CryptohomeClient : public DBusClient {
41 public:
42 // Constant that will be passed to AsyncMethodCallback to indicate that
43 // cryptohome is not ready yet.
44 static const int kNotReadyAsyncId;
46 // A callback to handle AsyncCallStatus signals.
47 typedef base::Callback<void(int async_id,
48 bool return_status,
49 int return_code)>
50 AsyncCallStatusHandler;
51 // A callback to handle AsyncCallStatusWithData signals.
52 typedef base::Callback<void(int async_id,
53 bool return_status,
54 const std::string& data)>
55 AsyncCallStatusWithDataHandler;
56 // A callback to handle responses of AsyncXXX methods.
57 typedef base::Callback<void(int async_id)> AsyncMethodCallback;
58 // A callback for GetSystemSalt().
59 typedef base::Callback<void(
60 DBusMethodCallStatus call_status,
61 const std::vector<uint8>& system_salt)> GetSystemSaltCallback;
62 // A callback for WaitForServiceToBeAvailable().
63 typedef base::Callback<void(bool service_is_ready)>
64 WaitForServiceToBeAvailableCallback;
65 // A callback to handle responses of Pkcs11GetTpmTokenInfo method. The result
66 // of the D-Bus call is in |call_status|. On success, |label| holds the
67 // PKCS #11 token label. This is not useful in practice to identify a token
68 // but may be meaningful to a user. The |user_pin| can be used with the
69 // C_Login PKCS #11 function but is not necessary because tokens are logged in
70 // for the duration of a signed-in session. The |slot| corresponds to a
71 // CK_SLOT_ID for the PKCS #11 API and reliably identifies the token for the
72 // duration of the signed-in session.
73 typedef base::Callback<void(
74 DBusMethodCallStatus call_status,
75 const std::string& label,
76 const std::string& user_pin,
77 int slot)> Pkcs11GetTpmTokenInfoCallback;
78 // A callback for methods which return both a bool result and data.
79 typedef base::Callback<void(DBusMethodCallStatus call_status,
80 bool result,
81 const std::string& data)> DataMethodCallback;
83 // A callback for methods which return both a bool and a protobuf as reply.
84 typedef base::Callback<
85 void(DBusMethodCallStatus call_status,
86 bool result,
87 const cryptohome::BaseReply& reply)> ProtobufMethodCallback;
89 ~CryptohomeClient() override;
91 // Factory function, creates a new instance and returns ownership.
92 // For normal usage, access the singleton via DBusThreadManager::Get().
93 static CryptohomeClient* Create();
95 // Returns the sanitized |username| that the stub implementation would return.
96 static std::string GetStubSanitizedUsername(const std::string& username);
98 // Sets AsyncCallStatus signal handlers.
99 // |handler| is called when results for AsyncXXX methods are returned.
100 // Cryptohome service will process the calls in a first-in-first-out manner
101 // when they are made in parallel.
102 virtual void SetAsyncCallStatusHandlers(
103 const AsyncCallStatusHandler& handler,
104 const AsyncCallStatusWithDataHandler& data_handler) = 0;
106 // Resets AsyncCallStatus signal handlers.
107 virtual void ResetAsyncCallStatusHandlers() = 0;
109 // Runs the callback as soon as the service becomes available.
110 virtual void WaitForServiceToBeAvailable(
111 const WaitForServiceToBeAvailableCallback& callback) = 0;
113 // Calls IsMounted method and returns true when the call succeeds.
114 virtual void IsMounted(const BoolDBusMethodCallback& callback) = 0;
116 // Calls Unmount method and returns true when the call succeeds.
117 // This method blocks until the call returns.
118 virtual bool Unmount(bool* success) = 0;
120 // Calls AsyncCheckKey method. |callback| is called after the method call
121 // succeeds.
122 virtual void AsyncCheckKey(const std::string& username,
123 const std::string& key,
124 const AsyncMethodCallback& callback) = 0;
126 // Calls AsyncMigrateKey method. |callback| is called after the method call
127 // succeeds.
128 virtual void AsyncMigrateKey(const std::string& username,
129 const std::string& from_key,
130 const std::string& to_key,
131 const AsyncMethodCallback& callback) = 0;
133 // Calls AsyncRemove method. |callback| is called after the method call
134 // succeeds.
135 virtual void AsyncRemove(const std::string& username,
136 const AsyncMethodCallback& callback) = 0;
138 // Calls GetSystemSalt method. |callback| is called after the method call
139 // succeeds.
140 virtual void GetSystemSalt(const GetSystemSaltCallback& callback) = 0;
142 // Calls GetSanitizedUsername method. |callback| is called after the method
143 // call succeeds.
144 virtual void GetSanitizedUsername(
145 const std::string& username,
146 const StringDBusMethodCallback& callback) = 0;
148 // Same as GetSanitizedUsername() but blocks until a reply is received, and
149 // returns the sanitized username synchronously. Returns an empty string if
150 // the method call fails.
151 // This may only be called in situations where blocking the UI thread is
152 // considered acceptable (e.g. restarting the browser after a crash or after
153 // a flag change).
154 virtual std::string BlockingGetSanitizedUsername(
155 const std::string& username) = 0;
157 // Calls the AsyncMount method to asynchronously mount the cryptohome for
158 // |username|, using |key| to unlock it. For supported |flags|, see the
159 // documentation of AsyncMethodCaller::AsyncMount().
160 // |callback| is called after the method call succeeds.
161 virtual void AsyncMount(const std::string& username,
162 const std::string& key,
163 int flags,
164 const AsyncMethodCallback& callback) = 0;
166 // Calls the AsyncAddKey method to asynchronously add another |new_key| for
167 // |username|, using |key| to unlock it first.
168 // |callback| is called after the method call succeeds.
169 virtual void AsyncAddKey(const std::string& username,
170 const std::string& key,
171 const std::string& new_key,
172 const AsyncMethodCallback& callback) = 0;
174 // Calls AsyncMountGuest method. |callback| is called after the method call
175 // succeeds.
176 virtual void AsyncMountGuest(const AsyncMethodCallback& callback) = 0;
178 // Calls the AsyncMount method to asynchronously mount the cryptohome for
179 // |public_mount_id|. For supported |flags|, see the documentation of
180 // AsyncMethodCaller::AsyncMount(). |callback| is called after the method
181 // call succeeds.
182 virtual void AsyncMountPublic(const std::string& public_mount_id,
183 int flags,
184 const AsyncMethodCallback& callback) = 0;
186 // Calls TpmIsReady method.
187 virtual void TpmIsReady(const BoolDBusMethodCallback& callback) = 0;
189 // Calls TpmIsEnabled method.
190 virtual void TpmIsEnabled(const BoolDBusMethodCallback& callback) = 0;
192 // Calls TpmIsEnabled method and returns true when the call succeeds.
193 // This method blocks until the call returns.
194 // TODO(hashimoto): Remove this method. crbug.com/141006
195 virtual bool CallTpmIsEnabledAndBlock(bool* enabled) = 0;
197 // Calls TpmGetPassword method.
198 virtual void TpmGetPassword(const StringDBusMethodCallback& callback) = 0;
200 // Calls TpmIsOwned method.
201 virtual void TpmIsOwned(const BoolDBusMethodCallback& callback) = 0;
203 // Calls TpmIsOwned method and returns true when the call succeeds.
204 // This method blocks until the call returns.
205 // TODO(hashimoto): Remove this method. crbug.com/141012
206 virtual bool CallTpmIsOwnedAndBlock(bool* owned) = 0;
208 // Calls TpmIsBeingOwned method.
209 virtual void TpmIsBeingOwned(const BoolDBusMethodCallback& callback) = 0;
211 // Calls TpmIsBeingOwned method and returns true when the call succeeds.
212 // This method blocks until the call returns.
213 // TODO(hashimoto): Remove this method. crbug.com/141011
214 virtual bool CallTpmIsBeingOwnedAndBlock(bool* owning) = 0;
216 // Calls TpmCanAttemptOwnership method.
217 // This method tells the service that it is OK to attempt ownership.
218 virtual void TpmCanAttemptOwnership(
219 const VoidDBusMethodCallback& callback) = 0;
221 // Calls TpmClearStoredPasswordMethod.
222 virtual void TpmClearStoredPassword(
223 const VoidDBusMethodCallback& callback) = 0;
225 // Calls TpmClearStoredPassword method and returns true when the call
226 // succeeds. This method blocks until the call returns.
227 // TODO(hashimoto): Remove this method. crbug.com/141010
228 virtual bool CallTpmClearStoredPasswordAndBlock() = 0;
230 // Calls Pkcs11IsTpmTokenReady method.
231 virtual void Pkcs11IsTpmTokenReady(
232 const BoolDBusMethodCallback& callback) = 0;
234 // Calls Pkcs11GetTpmTokenInfo method. This method is deprecated, you should
235 // use Pkcs11GetTpmTokenInfoForUser instead. On success |callback| will
236 // receive PKCS #11 token information for the token associated with the user
237 // who originally signed in (i.e. PKCS #11 slot 0).
238 virtual void Pkcs11GetTpmTokenInfo(
239 const Pkcs11GetTpmTokenInfoCallback& callback) = 0;
241 // Calls Pkcs11GetTpmTokenInfoForUser method. On success |callback| will
242 // receive PKCS #11 token information for the user identified by |user_email|.
243 // The |user_email| must be a canonical email address as returned by
244 // user_manager::User::email().
245 virtual void Pkcs11GetTpmTokenInfoForUser(
246 const std::string& user_email,
247 const Pkcs11GetTpmTokenInfoCallback& callback) = 0;
249 // Calls InstallAttributesGet method and returns true when the call succeeds.
250 // This method blocks until the call returns.
251 // The original content of |value| is lost.
252 virtual bool InstallAttributesGet(const std::string& name,
253 std::vector<uint8>* value,
254 bool* successful) = 0;
256 // Calls InstallAttributesSet method and returns true when the call succeeds.
257 // This method blocks until the call returns.
258 virtual bool InstallAttributesSet(const std::string& name,
259 const std::vector<uint8>& value,
260 bool* successful) = 0;
262 // Calls InstallAttributesFinalize method and returns true when the call
263 // succeeds. This method blocks until the call returns.
264 virtual bool InstallAttributesFinalize(bool* successful) = 0;
266 // Calls InstallAttributesIsReady method.
267 virtual void InstallAttributesIsReady(
268 const BoolDBusMethodCallback& callback) = 0;
270 // Calls InstallAttributesIsInvalid method and returns true when the call
271 // succeeds. This method blocks until the call returns.
272 virtual bool InstallAttributesIsInvalid(bool* is_invalid) = 0;
274 // Calls InstallAttributesIsFirstInstall method and returns true when the call
275 // succeeds. This method blocks until the call returns.
276 virtual bool InstallAttributesIsFirstInstall(bool* is_first_install) = 0;
278 // Calls the TpmAttestationIsPrepared dbus method. The callback is called
279 // when the operation completes.
280 virtual void TpmAttestationIsPrepared(
281 const BoolDBusMethodCallback& callback) = 0;
283 // Calls the TpmAttestationIsEnrolled dbus method. The callback is called
284 // when the operation completes.
285 virtual void TpmAttestationIsEnrolled(
286 const BoolDBusMethodCallback& callback) = 0;
288 // Asynchronously creates an attestation enrollment request. The callback
289 // will be called when the dbus call completes. When the operation completes,
290 // the AsyncCallStatusWithDataHandler signal handler is called. The data that
291 // is sent with the signal is an enrollment request to be sent to the Privacy
292 // CA of type |pca_type|. The enrollment is completed by calling
293 // AsyncTpmAttestationEnroll.
294 virtual void AsyncTpmAttestationCreateEnrollRequest(
295 chromeos::attestation::PrivacyCAType pca_type,
296 const AsyncMethodCallback& callback) = 0;
298 // Asynchronously finishes an attestation enrollment operation. The callback
299 // will be called when the dbus call completes. When the operation completes,
300 // the AsyncCallStatusHandler signal handler is called. |pca_response| is the
301 // response to the enrollment request emitted by the Privacy CA of type
302 // |pca_type|.
303 virtual void AsyncTpmAttestationEnroll(
304 chromeos::attestation::PrivacyCAType pca_type,
305 const std::string& pca_response,
306 const AsyncMethodCallback& callback) = 0;
308 // Asynchronously creates an attestation certificate request according to
309 // |certificate_profile|. Some profiles require that the |user_id| of the
310 // currently active user and an identifier of the |request_origin| be
311 // provided. |callback| will be called when the dbus call completes. When
312 // the operation completes, the AsyncCallStatusWithDataHandler signal handler
313 // is called. The data that is sent with the signal is a certificate request
314 // to be sent to the Privacy CA of type |pca_type|. The certificate request
315 // is completed by calling AsyncTpmAttestationFinishCertRequest. The
316 // |user_id| will not be included in the certificate request for the Privacy
317 // CA.
318 virtual void AsyncTpmAttestationCreateCertRequest(
319 chromeos::attestation::PrivacyCAType pca_type,
320 attestation::AttestationCertificateProfile certificate_profile,
321 const std::string& user_id,
322 const std::string& request_origin,
323 const AsyncMethodCallback& callback) = 0;
325 // Asynchronously finishes a certificate request operation. The callback will
326 // be called when the dbus call completes. When the operation completes, the
327 // AsyncCallStatusWithDataHandler signal handler is called. The data that is
328 // sent with the signal is a certificate chain in PEM format. |pca_response|
329 // is the response to the certificate request emitted by the Privacy CA.
330 // |key_type| determines whether the certified key is to be associated with
331 // the current user. |key_name| is a name for the key. If |key_type| is
332 // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored.
333 // For normal GAIA users the |user_id| is a canonical email address.
334 virtual void AsyncTpmAttestationFinishCertRequest(
335 const std::string& pca_response,
336 attestation::AttestationKeyType key_type,
337 const std::string& user_id,
338 const std::string& key_name,
339 const AsyncMethodCallback& callback) = 0;
341 // Checks if an attestation key already exists. If the key specified by
342 // |key_type| and |key_name| exists, then the result sent to the callback will
343 // be true. If |key_type| is KEY_USER, a |user_id| must be provided.
344 // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a
345 // canonical email address.
346 virtual void TpmAttestationDoesKeyExist(
347 attestation::AttestationKeyType key_type,
348 const std::string& user_id,
349 const std::string& key_name,
350 const BoolDBusMethodCallback& callback) = 0;
352 // Gets the attestation certificate for the key specified by |key_type| and
353 // |key_name|. |callback| will be called when the operation completes. If
354 // the key does not exist the callback |result| parameter will be false. If
355 // |key_type| is KEY_USER, a |user_id| must be provided. Otherwise |user_id|
356 // is ignored. For normal GAIA users the |user_id| is a canonical email
357 // address.
358 virtual void TpmAttestationGetCertificate(
359 attestation::AttestationKeyType key_type,
360 const std::string& user_id,
361 const std::string& key_name,
362 const DataMethodCallback& callback) = 0;
364 // Gets the public key for the key specified by |key_type| and |key_name|.
365 // |callback| will be called when the operation completes. If the key does
366 // not exist the callback |result| parameter will be false. If |key_type| is
367 // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored.
368 // For normal GAIA users the |user_id| is a canonical email address.
369 virtual void TpmAttestationGetPublicKey(
370 attestation::AttestationKeyType key_type,
371 const std::string& user_id,
372 const std::string& key_name,
373 const DataMethodCallback& callback) = 0;
375 // Asynchronously registers an attestation key with the current user's
376 // PKCS #11 token. The |callback| will be called when the dbus call
377 // completes. When the operation completes, the AsyncCallStatusHandler signal
378 // handler is called. |key_type| and |key_name| specify the key to register.
379 // If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise
380 // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical
381 // email address.
382 virtual void TpmAttestationRegisterKey(
383 attestation::AttestationKeyType key_type,
384 const std::string& user_id,
385 const std::string& key_name,
386 const AsyncMethodCallback& callback) = 0;
388 // Asynchronously signs an enterprise challenge with the key specified by
389 // |key_type| and |key_name|. |domain| and |device_id| will be included in
390 // the challenge response. |options| control how the challenge response is
391 // generated. |challenge| must be a valid enterprise attestation challenge.
392 // The |callback| will be called when the dbus call completes. When the
393 // operation completes, the AsyncCallStatusWithDataHandler signal handler is
394 // called. If |key_type| is KEY_USER, a |user_id| must be provided.
395 // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a
396 // canonical email address.
397 virtual void TpmAttestationSignEnterpriseChallenge(
398 attestation::AttestationKeyType key_type,
399 const std::string& user_id,
400 const std::string& key_name,
401 const std::string& domain,
402 const std::string& device_id,
403 attestation::AttestationChallengeOptions options,
404 const std::string& challenge,
405 const AsyncMethodCallback& callback) = 0;
407 // Asynchronously signs a simple challenge with the key specified by
408 // |key_type| and |key_name|. |challenge| can be any set of arbitrary bytes.
409 // A nonce will be appended to the challenge before signing; this method
410 // cannot be used to sign arbitrary data. The |callback| will be called when
411 // the dbus call completes. When the operation completes, the
412 // AsyncCallStatusWithDataHandler signal handler is called. If |key_type| is
413 // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored.
414 // For normal GAIA users the |user_id| is a canonical email address.
415 virtual void TpmAttestationSignSimpleChallenge(
416 attestation::AttestationKeyType key_type,
417 const std::string& user_id,
418 const std::string& key_name,
419 const std::string& challenge,
420 const AsyncMethodCallback& callback) = 0;
422 // Gets the payload associated with the key specified by |key_type| and
423 // |key_name|. The |callback| will be called when the operation completes.
424 // If the key does not exist the callback |result| parameter will be false.
425 // If no payload has been set for the key the callback |result| parameter will
426 // be true and the |data| parameter will be empty. If |key_type| is
427 // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored.
428 // For normal GAIA users the |user_id| is a canonical email address.
429 virtual void TpmAttestationGetKeyPayload(
430 attestation::AttestationKeyType key_type,
431 const std::string& user_id,
432 const std::string& key_name,
433 const DataMethodCallback& callback) = 0;
435 // Sets the |payload| associated with the key specified by |key_type| and
436 // |key_name|. The |callback| will be called when the operation completes.
437 // If the operation succeeds, the callback |result| parameter will be true.
438 // If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise
439 // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical
440 // email address.
441 virtual void TpmAttestationSetKeyPayload(
442 attestation::AttestationKeyType key_type,
443 const std::string& user_id,
444 const std::string& key_name,
445 const std::string& payload,
446 const BoolDBusMethodCallback& callback) = 0;
448 // Deletes certified keys as specified by |key_type| and |key_prefix|. The
449 // |callback| will be called when the operation completes. If the operation
450 // succeeds, the callback |result| parameter will be true. If |key_type| is
451 // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored.
452 // For normal GAIA users the |user_id| is a canonical email address. All keys
453 // where the key name has a prefix matching |key_prefix| will be deleted. All
454 // meta-data associated with the key, including certificates, will also be
455 // deleted.
456 virtual void TpmAttestationDeleteKeys(
457 attestation::AttestationKeyType key_type,
458 const std::string& user_id,
459 const std::string& key_prefix,
460 const BoolDBusMethodCallback& callback) = 0;
462 // Asynchronously calls the GetKeyDataEx method. |callback| will be invoked
463 // with the reply protobuf.
464 // GetKeyDataEx returns information about the key specified in |request|. At
465 // present, this does not include any secret information and the call should
466 // not be authenticated (|auth| should be empty).
467 virtual void GetKeyDataEx(
468 const cryptohome::AccountIdentifier& id,
469 const cryptohome::AuthorizationRequest& auth,
470 const cryptohome::GetKeyDataRequest& request,
471 const ProtobufMethodCallback& callback) = 0;
473 // Asynchronously calls CheckKeyEx method. |callback| is called after method
474 // call, and with reply protobuf.
475 // CheckKeyEx just checks if authorization information is valid.
476 virtual void CheckKeyEx(
477 const cryptohome::AccountIdentifier& id,
478 const cryptohome::AuthorizationRequest& auth,
479 const cryptohome::CheckKeyRequest& request,
480 const ProtobufMethodCallback& callback) = 0;
482 // Asynchronously calls MountEx method. |callback| is called after method
483 // call, and with reply protobuf.
484 // MountEx attempts to mount home dir using given authorization, and can
485 // create new home dir if necessary values are specified in |request|.
486 virtual void MountEx(
487 const cryptohome::AccountIdentifier& id,
488 const cryptohome::AuthorizationRequest& auth,
489 const cryptohome::MountRequest& request,
490 const ProtobufMethodCallback& callback) = 0;
492 // Asynchronously calls AddKeyEx method. |callback| is called after method
493 // call, and with reply protobuf.
494 // AddKeyEx adds another key to the given key set. |request| also defines
495 // behavior in case when key with specified label already exist.
496 virtual void AddKeyEx(
497 const cryptohome::AccountIdentifier& id,
498 const cryptohome::AuthorizationRequest& auth,
499 const cryptohome::AddKeyRequest& request,
500 const ProtobufMethodCallback& callback) = 0;
502 // Asynchronously calls UpdateKeyEx method. |callback| is called after method
503 // call, and with reply protobuf. Reply will contain MountReply extension.
504 // UpdateKeyEx replaces key used for authorization, without affecting any
505 // other keys. If specified at home dir creation time, new key may have
506 // to be signed and/or encrypted.
507 virtual void UpdateKeyEx(
508 const cryptohome::AccountIdentifier& id,
509 const cryptohome::AuthorizationRequest& auth,
510 const cryptohome::UpdateKeyRequest& request,
511 const ProtobufMethodCallback& callback) = 0;
513 // Asynchronously calls RemoveKeyEx method. |callback| is called after method
514 // call, and with reply protobuf.
515 // RemoveKeyEx removes key from the given key set.
516 virtual void RemoveKeyEx(const cryptohome::AccountIdentifier& id,
517 const cryptohome::AuthorizationRequest& auth,
518 const cryptohome::RemoveKeyRequest& request,
519 const ProtobufMethodCallback& callback) = 0;
521 // Asynchronously calls GetBootAttribute method. |callback| is called after
522 // method call, and with reply protobuf.
523 // GetBootAttribute gets the value of the specified boot attribute.
524 virtual void GetBootAttribute(
525 const cryptohome::GetBootAttributeRequest& request,
526 const ProtobufMethodCallback& callback) = 0;
528 // Asynchronously calls SetBootAttribute method. |callback| is called after
529 // method call, and with reply protobuf.
530 // SetBootAttribute sets the value of the specified boot attribute. The value
531 // won't be available unitl FlushAndSignBootAttributes() is called.
532 virtual void SetBootAttribute(
533 const cryptohome::SetBootAttributeRequest& request,
534 const ProtobufMethodCallback& callback) = 0;
536 // Asynchronously calls FlushAndSignBootAttributes method. |callback| is
537 // called after method call, and with reply protobuf.
538 // FlushAndSignBootAttributes makes all pending boot attribute settings
539 // available, and have them signed by a special TPM key. This method always
540 // fails after any user, publuc, or guest session starts.
541 virtual void FlushAndSignBootAttributes(
542 const cryptohome::FlushAndSignBootAttributesRequest& request,
543 const ProtobufMethodCallback& callback) = 0;
545 protected:
546 // Create() should be used instead.
547 CryptohomeClient();
549 private:
550 DISALLOW_COPY_AND_ASSIGN(CryptohomeClient);
553 } // namespace chromeos
555 #endif // CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_