Implemented attestation message flow for Chrome OS.

chromeos/attestation/attestation.cc

Index: chromeos/attestation/attestation.cc
diff --git a/chromeos/attestation/attestation.cc b/chromeos/attestation/attestation.cc
new file mode 100644
index 0000000000000000000000000000000000000000..43c1793b3313c1577bf1272941fdb95ac0e36680
--- /dev/null
+++ b/chromeos/attestation/attestation.cc
@@ -0,0 +1,170 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chromeos/attestation/attestation.h"
+
+#include "base/bind.h"
+#include "chromeos/cryptohome/async_method_caller.h"
+#include "chromeos/dbus/cryptohome_client.h"
+
+

[Mattias Nissler (ping if slow), 2013/01/16 10:39:26]

nit: remove extra blank line.

[dkrahn, 2013/01/17 23:36:24]

Done.

+namespace chromeos {
+namespace attestation {
+
+const char* Attestation::kEnterpriseMachineKey = "attest-ent-machine";

[Mattias Nissler (ping if slow), 2013/01/16 10:39:26]

The type of this should be const char[]

[dkrahn, 2013/01/17 23:36:24]

Done.

+
+Attestation::Attestation(cryptohome::AsyncMethodCaller* async_caller,
+                         CryptohomeClient* cryptohome_client,
+                         ServerProxy* server_proxy)
+    : ALLOW_THIS_IN_INITIALIZER_LIST(weak_factory_(this)),
+      async_caller_(async_caller),
+      cryptohome_client_(cryptohome_client),
+      server_proxy_(server_proxy) {
+}
+
+Attestation::~Attestation() {
+}
+
+void Attestation::GetCertificate(const std::string& name,
+                                 const CertificateCallback& callback) {
+  // If this device has not enrolled with the Privacy CA, we need to do that
+  // first.  Once enrolled we can proceed with the certificate request.
+  base::Closure do_cert_request = base::Bind(
+      &Attestation::StartCertificateRequest,
+      weak_factory_.GetWeakPtr(),
+      name,
+      callback);
+  base::Closure on_enroll_failure = base::Bind(callback, false, "");
+  base::Closure do_enroll = base::Bind(&Attestation::StartEnroll,
+                                       weak_factory_.GetWeakPtr(),
+                                       on_enroll_failure,
+                                       do_cert_request);
+  cryptohome_client_->TpmAttestationIsEnrolled(base::Bind(
+      &Attestation::DBusBoolRedirectCallback,
+      weak_factory_.GetWeakPtr(),
+      do_cert_request,  // If enrolled, proceed with cert request.
+      do_enroll,        // If not enrolled, initiate enrollment.
+      on_enroll_failure));
+}
+
+void Attestation::DBusBoolRedirectCallback(const base::Closure& on_true,

[Mattias Nissler (ping if slow), 2013/01/16 10:39:26]

This function can be a static helper only visible to the implementation file.

[dkrahn, 2013/01/17 23:36:24]

Done.

+                                           const base::Closure& on_false,
+                                           const base::Closure& on_fail,
+                                           DBusMethodCallStatus status,
+                                           bool value) {
+  if (status != DBUS_METHOD_CALL_SUCCESS) {
+    LOG(ERROR) << "Attestation: Failed to query enrollment state.";
+    on_fail.Run();
+    return;
+  }
+  base::Closure task = value ? on_true : on_false;

[Mattias Nissler (ping if slow), 2013/01/16 10:39:26]

declare as reference?

[dkrahn, 2013/01/17 23:36:24]

Was following the callback.h recommendation: "The Callback objects themselves
should be passed by const-reference, and stored by copy."  However, this isn't
exactly 'storing' and a reference would be optimal.  Done.

+  task.Run();
+}
+
+void Attestation::StartEnroll(const base::Closure& on_failure,
+                              const base::Closure& next_task) {
+  // Get the attestation service to create a Privacy CA enrollment request.
+  async_caller_->AsyncTpmAttestationCreateEnrollRequest(base::Bind(
+      &Attestation::OnCreateEnrollRequest,
+      weak_factory_.GetWeakPtr(),
+      on_failure,
+      next_task));
+}
+
+void Attestation::OnCreateEnrollRequest(const base::Closure& on_failure,
+                                        const base::Closure& next_task,
+                                        bool success,
+                                        const std::string& data) {
+  if (!success) {
+    LOG(ERROR) << "Attestation: Failed to create enroll request.";
+    on_failure.Run();
+    return;
+  }
+
+  // Send the request to the Privacy CA.
+  server_proxy_->SendEnrollRequest(
+      data,
+      base::Bind(&Attestation::OnEnrollResponse,
+                 weak_factory_.GetWeakPtr(),
+                 on_failure,
+                 next_task));
+}
+
+void Attestation::OnEnrollResponse(const base::Closure& on_failure,
+                                   const base::Closure& next_task,
+                                   bool success,
+                                   const std::string& data) {
+  if (!success) {
+    LOG(ERROR) << "Attestation: Enroll request failed.";
+    on_failure.Run();
+    return;
+  }
+
+  // Forward the response to the attestation service to complete enrollment.
+  async_caller_->AsyncTpmAttestationEnroll(data,
+                                           base::Bind(
+                                               &Attestation::OnEnrollComplete,
+                                               weak_factory_.GetWeakPtr(),
+                                               on_failure,
+                                               next_task));
+}
+
+void Attestation::OnEnrollComplete(const base::Closure& on_failure,
+                                   const base::Closure& next_task,
+                                   bool success,
+                                   cryptohome::MountError /*not_used*/) {
+  if (!success) {
+    LOG(ERROR) << "Attestation: Failed to complete enrollment.";
+    on_failure.Run();
+    return;
+  }
+
+  // Enrollment has successfully completed, we can move on to whatever is next.
+  next_task.Run();
+}
+
+void Attestation::StartCertificateRequest(const std::string& name,
+                                          const CertificateCallback& callback) {
+  // Get the attestation service to create a Privacy CA certificate request.
+  async_caller_->AsyncTpmAttestationCreateCertRequest(
+      (name == kEnterpriseMachineKey),
+      base::Bind(&Attestation::OnCreateCertificateRequest,
+                 weak_factory_.GetWeakPtr(),
+                 callback));
+}
+
+void Attestation::OnCreateCertificateRequest(
+    const CertificateCallback& callback,
+    bool success,
+    const std::string& data) {
+  if (!success) {
+    LOG(ERROR) << "Attestation: Failed to create certificate request.";
+    callback.Run(false, "");
+    return;
+  }
+
+  // Send the request to the Privacy CA.
+  server_proxy_->SendCertificateRequest(
+      data,
+      base::Bind(&Attestation::OnCertificateResponse,
+                 weak_factory_.GetWeakPtr(),
+                 callback));
+}
+
+void Attestation::OnCertificateResponse(const CertificateCallback& callback,
+                                        bool success,
+                                        const std::string& data) {
+  if (!success) {
+    LOG(ERROR) << "Attestation: Certificate request failed.";
+    callback.Run(false, "");
+    return;
+  }
+
+  // Forward the response to the attestation service to complete the operation.
+  async_caller_->AsyncTpmAttestationFinishCertRequest(data,
+                                                      base::Bind(callback));
+}
+
+}  // namespace attestation
+}  // namespace chromeos