Enhanced and refactored the AttestationFlow interface.

chromeos/attestation/attestation_flow.h

Index: chromeos/attestation/attestation_flow.h
diff --git a/chromeos/attestation/attestation_flow.h b/chromeos/attestation/attestation_flow.h
index 76049d76fb6b9077dc7863239351556e171534c9..b139720cd70517737efa70a7293317bac321de0a 100644
--- a/chromeos/attestation/attestation_flow.h
+++ b/chromeos/attestation/attestation_flow.h
@@ -11,6 +11,7 @@
 #include "base/callback_forward.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
+#include "chromeos/attestation/attestation_constants.h"
 #include "chromeos/chromeos_export.h"
 #include "chromeos/dbus/dbus_method_call_status.h"
 #include "third_party/cros_system_api/dbus/service_constants.h"
@@ -41,12 +42,12 @@ class CHROMEOS_EXPORT ServerProxy {
 
 // Implements the message flow for Chrome OS attestation tasks.  Generally this
 // consists of coordinating messages between the Chrome OS attestation service
-// and the Privacy CA server.  Sample usage:
+// and the Chrome OS Privacy CA server.  Sample usage:
 //    AttestationFlow flow(AsyncMethodCaller::GetInstance(),
 //                         DBusThreadManager::Get().GetCryptohomeClient(),
-//                         my_server_proxy);
-//    CertificateCallback callback = base::Bind(&MyCallback);
-//    flow.GetCertificate("attest-ent-machine", callback);
+//                         my_server_proxy.Pass());
+//    AttestationFlow::CertificateCallback callback = base::Bind(&MyCallback);
+//    flow.GetCertificate(ENTERPRISE_USER_CERTIFICATE, false, callback);
 class CHROMEOS_EXPORT AttestationFlow {
  public:
   typedef base::Callback<void(bool success,
@@ -58,25 +59,26 @@ class CHROMEOS_EXPORT AttestationFlow {
                   scoped_ptr<ServerProxy> server_proxy);
   virtual ~AttestationFlow();
 
-  // Asynchronously gets an attestation certificate bound to the given name.
-  // If no certificate has been associated with the name, a new certificate is
-  // issued.
+  // Gets an attestation certificate for a hardware-protected key.  If a key for
+  // the given profile does not exist, it will be generated and a certificate
+  // request will be made to the Chrome OS Privacy CA to issue a certificate for
+  // the key.  If the key already exists and |force_new_key| is false, the
+  // existing certificate is returned.
   //
   // Parameters
-  //   name - The name of the key for which to retrieve a certificate.  The
-  //          following key names are available:
-  //            "attest-ent-machine" - The enterprise machine key.
-  //            "attest-ent-user" - An enterprise user key for the current user.
-  //            "content-[origin]" - A content protection key bound to a
-  //                                 specific origin for the current user.
+  //   certificate_profile - Specifies what kind of certificate should be
+  //                         requested from the CA.
+  //   force_new_key - If set to true, a new key will be generated even if a key
+  //                   already exists for the profile.  The new key will replace
+  //                   the existing key on success.
   //   callback - A callback which will be called when the operation completes.
-  virtual void GetCertificate(const std::string& name,
+  //              On success |result| will be true and |data| will contain the
+  //              PCA-issued certificate chain in PEM format.
+  virtual void GetCertificate(AttestationCertificateProfile certificate_profile,
+                              bool force_new_key,
                               const CertificateCallback& callback);
 
  private:
-  // The key name defined for the special-purpose Enterprise Machine Key.
-  static const char kEnterpriseMachineKey[];
-
   // Asynchronously initiates the attestation enrollment flow.
   //
   // Parameters
@@ -130,21 +132,27 @@ class CHROMEOS_EXPORT AttestationFlow {
   // enrollment must complete successfully before this operation can succeed.
   //
   // Parameters
-  //   name - The name of the key for which a certificate is requested.
+  //   certificate_profile - Specifies what kind of certificate should be
+  //                         requested from the CA.
+  //   generate_new_key - If set to true a new key is generated.
   //   callback - Called when the operation completes.
-  void StartCertificateRequest(const std::string& name,
-                               const CertificateCallback& callback);
+  void StartCertificateRequest(
+      const AttestationCertificateProfile certificate_profile,
+      bool generate_new_key,
+      const CertificateCallback& callback);
 
   // Called when the attestation daemon has finished creating a certificate
   // request for the Privacy CA.  The request is asynchronously forwarded as-is
   // to the PCA.
   //
   // Parameters
-  //   name - The name of the key for which a certificate is requested.
+  //   key_type - The type of the key for which a certificate is requested.
+  //   key_name - The name of the key for which a certificate is requested.
   //   callback - Called when the operation completes.
   //   success - The status of request creation.
   //   data - The request data for the Privacy CA.
-  void SendCertificateRequestToPCA(const std::string& name,
+  void SendCertificateRequestToPCA(AttestationKeyType key_type,
+                                   const std::string& key_name,
                                    const CertificateCallback& callback,
                                    bool success,
                                    const std::string& data);
@@ -154,20 +162,44 @@ class CHROMEOS_EXPORT AttestationFlow {
   // complete the operation.
   //
   // Parameters
-  //   name - The name of the key for which a certificate is requested.
+  //   key_type - The type of the key for which a certificate is requested.
+  //   key_name - The name of the key for which a certificate is requested.
   //   callback - Called when the operation completes.
   //   success - The status of the Privacy CA operation.
   //   data - The response data from the Privacy CA.
-  void SendCertificateResponseToDaemon(const std::string& name,
+  void SendCertificateResponseToDaemon(AttestationKeyType key_type,
+                                       const std::string& key_name,
                                        const CertificateCallback& callback,
                                        bool success,
                                        const std::string& data);
 
-  base::WeakPtrFactory<AttestationFlow> weak_factory_;
+  // Gets an existing certificate from the attestation daemon.
+  //
+  // Parameters
+  //   key_type - The type of the key for which a certificate is requested.
+  //   key_name - The name of the key for which a certificate is requested.
+  //   callback - Called when the operation completes.
+  void GetExistingCertificate(AttestationKeyType key_type,
+                              const std::string& key_name,
+                              const CertificateCallback& callback);
+
+  // Returns a key type for the given profile.
+  AttestationKeyType GetKeyTypeForProfile(
+      AttestationCertificateProfile profile);
+
+  // Returns a key name for the given profile.
+  std::string GetKeyNameForProfile(AttestationCertificateProfile profile);
+
+  // Returns a combination of certificate options for the given profile.
+  int GetCertificateOptionsForProfile(AttestationCertificateProfile profile);
+

[Mattias Nissler (ping if slow), 2013/04/24 12:57:53]

remove extra blank line

[dkrahn, 2013/04/25 01:06:52]

Done.

+
   cryptohome::AsyncMethodCaller* async_caller_;
   CryptohomeClient* cryptohome_client_;
   scoped_ptr<ServerProxy> server_proxy_;
 
+  base::WeakPtrFactory<AttestationFlow> weak_factory_;
+
   DISALLOW_COPY_AND_ASSIGN(AttestationFlow);
 };