Pin Chrome's shortcut to the Win10 Start menu on install and OS upgrade.
[chromium-blink-merge.git] / chromeos / attestation / attestation_flow.h
bloba6c6cd22d39fde66a7300358bfdfc7e3838de8e7
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_
6 #define CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_
8 #include <string>
10 #include "base/basictypes.h"
11 #include "base/callback_forward.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/memory/weak_ptr.h"
14 #include "chromeos/attestation/attestation_constants.h"
15 #include "chromeos/chromeos_export.h"
16 #include "chromeos/dbus/dbus_method_call_status.h"
17 #include "third_party/cros_system_api/dbus/service_constants.h"
19 namespace cryptohome {
21 class AsyncMethodCaller;
23 } // namespace cryptohome
25 namespace chromeos {
27 class CryptohomeClient;
29 namespace attestation {
31 // Interface for access to the Privacy CA server.
32 class CHROMEOS_EXPORT ServerProxy {
33 public:
34 typedef base::Callback<void(bool success,
35 const std::string& data)> DataCallback;
36 virtual ~ServerProxy();
37 virtual void SendEnrollRequest(const std::string& request,
38 const DataCallback& on_response) = 0;
39 virtual void SendCertificateRequest(const std::string& request,
40 const DataCallback& on_response) = 0;
41 virtual PrivacyCAType GetType();
44 // Implements the message flow for Chrome OS attestation tasks. Generally this
45 // consists of coordinating messages between the Chrome OS attestation service
46 // and the Chrome OS Privacy CA server. Sample usage:
47 // AttestationFlow flow(AsyncMethodCaller::GetInstance(),
48 // DBusThreadManager::Get().GetCryptohomeClient(),
49 // my_server_proxy.Pass());
50 // AttestationFlow::CertificateCallback callback = base::Bind(&MyCallback);
51 // flow.GetCertificate(ENTERPRISE_USER_CERTIFICATE, false, callback);
52 class CHROMEOS_EXPORT AttestationFlow {
53 public:
54 typedef base::Callback<void(bool success,
55 const std::string& pem_certificate_chain)>
56 CertificateCallback;
58 AttestationFlow(cryptohome::AsyncMethodCaller* async_caller,
59 CryptohomeClient* cryptohome_client,
60 scoped_ptr<ServerProxy> server_proxy);
61 virtual ~AttestationFlow();
63 // Gets an attestation certificate for a hardware-protected key. If a key for
64 // the given profile does not exist, it will be generated and a certificate
65 // request will be made to the Chrome OS Privacy CA to issue a certificate for
66 // the key. If the key already exists and |force_new_key| is false, the
67 // existing certificate is returned.
69 // Parameters
70 // certificate_profile - Specifies what kind of certificate should be
71 // requested from the CA.
72 // user_id - Identifies the currently active user. For normal GAIA users
73 // this is a canonical email address. This is ignored when using
74 // the enterprise machine cert profile.
75 // request_origin - For content protection profiles, certificate requests
76 // are origin-specific. This string must uniquely identify
77 // the origin of the request.
78 // force_new_key - If set to true, a new key will be generated even if a key
79 // already exists for the profile. The new key will replace
80 // the existing key on success.
81 // callback - A callback which will be called when the operation completes.
82 // On success |result| will be true and |data| will contain the
83 // PCA-issued certificate chain in PEM format.
84 virtual void GetCertificate(AttestationCertificateProfile certificate_profile,
85 const std::string& user_id,
86 const std::string& request_origin,
87 bool force_new_key,
88 const CertificateCallback& callback);
90 private:
91 // Asynchronously initiates the attestation enrollment flow.
93 // Parameters
94 // on_failure - Called if any failure occurs.
95 // next_task - Called on successful enrollment.
96 void StartEnroll(const base::Closure& on_failure,
97 const base::Closure& next_task);
99 // Called when the attestation daemon has finished creating an enrollment
100 // request for the Privacy CA. The request is asynchronously forwarded as-is
101 // to the PCA.
103 // Parameters
104 // on_failure - Called if any failure occurs.
105 // next_task - Called on successful enrollment.
106 // success - The status of request creation.
107 // data - The request data for the Privacy CA.
108 void SendEnrollRequestToPCA(const base::Closure& on_failure,
109 const base::Closure& next_task,
110 bool success,
111 const std::string& data);
113 // Called when the Privacy CA responds to an enrollment request. The response
114 // is asynchronously forwarded as-is to the attestation daemon in order to
115 // complete the enrollment operation.
117 // Parameters
118 // on_failure - Called if any failure occurs.
119 // next_task - Called on successful enrollment.
120 // success - The status of the Privacy CA operation.
121 // data - The response data from the Privacy CA.
122 void SendEnrollResponseToDaemon(const base::Closure& on_failure,
123 const base::Closure& next_task,
124 bool success,
125 const std::string& data);
127 // Called when the attestation daemon completes an enrollment operation. If
128 // the operation was successful, the next_task callback is called.
130 // Parameters
131 // on_failure - Called if any failure occurs.
132 // next_task - Called on successful enrollment.
133 // success - The status of the enrollment operation.
134 // not_used - An artifact of the cryptohome D-Bus interface; ignored.
135 void OnEnrollComplete(const base::Closure& on_failure,
136 const base::Closure& next_task,
137 bool success,
138 cryptohome::MountError not_used);
140 // Asynchronously initiates the certificate request flow. Attestation
141 // enrollment must complete successfully before this operation can succeed.
143 // Parameters
144 // certificate_profile - Specifies what kind of certificate should be
145 // requested from the CA.
146 // user_id - Identifies the active user.
147 // request_origin - An identifier for the origin of this request.
148 // generate_new_key - If set to true a new key is generated.
149 // callback - Called when the operation completes.
150 void StartCertificateRequest(
151 const AttestationCertificateProfile certificate_profile,
152 const std::string& user_id,
153 const std::string& request_origin,
154 bool generate_new_key,
155 const CertificateCallback& callback);
157 // Called when the attestation daemon has finished creating a certificate
158 // request for the Privacy CA. The request is asynchronously forwarded as-is
159 // to the PCA.
161 // Parameters
162 // key_type - The type of the key for which a certificate is requested.
163 // user_id - Identifies the active user.
164 // key_name - The name of the key for which a certificate is requested.
165 // callback - Called when the operation completes.
166 // success - The status of request creation.
167 // data - The request data for the Privacy CA.
168 void SendCertificateRequestToPCA(AttestationKeyType key_type,
169 const std::string& user_id,
170 const std::string& key_name,
171 const CertificateCallback& callback,
172 bool success,
173 const std::string& data);
175 // Called when the Privacy CA responds to a certificate request. The response
176 // is asynchronously forwarded as-is to the attestation daemon in order to
177 // complete the operation.
179 // Parameters
180 // key_type - The type of the key for which a certificate is requested.
181 // user_id - Identifies the active user.
182 // key_name - The name of the key for which a certificate is requested.
183 // callback - Called when the operation completes.
184 // success - The status of the Privacy CA operation.
185 // data - The response data from the Privacy CA.
186 void SendCertificateResponseToDaemon(AttestationKeyType key_type,
187 const std::string& user_id,
188 const std::string& key_name,
189 const CertificateCallback& callback,
190 bool success,
191 const std::string& data);
193 // Gets an existing certificate from the attestation daemon.
195 // Parameters
196 // key_type - The type of the key for which a certificate is requested.
197 // user_id - Identifies the active user.
198 // key_name - The name of the key for which a certificate is requested.
199 // callback - Called when the operation completes.
200 void GetExistingCertificate(AttestationKeyType key_type,
201 const std::string& user_id,
202 const std::string& key_name,
203 const CertificateCallback& callback);
205 cryptohome::AsyncMethodCaller* async_caller_;
206 CryptohomeClient* cryptohome_client_;
207 scoped_ptr<ServerProxy> server_proxy_;
209 base::WeakPtrFactory<AttestationFlow> weak_factory_;
211 DISALLOW_COPY_AND_ASSIGN(AttestationFlow);
214 } // namespace attestation
215 } // namespace chromeos
217 #endif // CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_