Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1295)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc

Issue 1685103003: Copy challenge*Key methods to enterprise.platformKeys. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h ('K') | « chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h ('k') | chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc » ('j') | chrome/common/extensions/api/enterprise_platform_keys.idl » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc
diff --git a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc
index 04e1f324cbbd4c9b2e664bfcb36adca2f1a58fc3..8676f8e52d1de0c2af390b646ac85ec9f94597b9 100644
--- a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc
+++ b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc
@@ -17,6 +17,7 @@
#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
#include "chrome/browser/chromeos/settings/cros_settings.h"
+#include "chrome/browser/extensions/chrome_extension_function_details.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/signin/signin_manager_factory.h"
#include "chrome/common/extensions/api/enterprise_platform_keys_private.h"
@@ -107,8 +108,8 @@ void EPKPChallengeKeyBase::GetDeviceAttestationEnabled(
chromeos::CrosSettings* settings = chromeos::CrosSettings::Get();
chromeos::CrosSettingsProvider::TrustedStatus status =
settings->PrepareTrustedValues(
- base::Bind(&EPKPChallengeKeyBase::GetDeviceAttestationEnabled, this,
- callback));
+ base::Bind(&EPKPChallengeKeyBase::GetDeviceAttestationEnabled,
+ base::Unretained(this), callback));
bool value = false;
switch (status) {
@@ -135,8 +136,8 @@ bool EPKPChallengeKeyBase::IsEnterpriseDevice() const {
bool EPKPChallengeKeyBase::IsExtensionWhitelisted() const {
const base::ListValue* list =
- GetProfile()->GetPrefs()->GetList(prefs::kAttestationExtensionWhitelist);
- base::StringValue value(extension_->id());
+ profile_->GetPrefs()->GetList(prefs::kAttestationExtensionWhitelist);
+ base::StringValue value(extension_id_);
return list->Find(value) != list->end();
}
@@ -164,7 +165,7 @@ std::string EPKPChallengeKeyBase::GetEnterpriseDomain() const {
std::string EPKPChallengeKeyBase::GetUserEmail() const {
SigninManagerBase* signin_manager =
- SigninManagerFactory::GetForProfile(GetProfile());
+ SigninManagerFactory::GetForProfile(profile_);
if (!signin_manager)
return std::string();
@@ -189,8 +190,9 @@ void EPKPChallengeKeyBase::PrepareKey(
certificate_profile,
require_user_consent,
callback);
- cryptohome_client_->TpmAttestationIsPrepared(base::Bind(
- &EPKPChallengeKeyBase::IsAttestationPreparedCallback, this, context));
+ cryptohome_client_->TpmAttestationIsPrepared(
+ base::Bind(&EPKPChallengeKeyBase::IsAttestationPreparedCallback,
+ base::Unretained(this), context));
}
void EPKPChallengeKeyBase::IsAttestationPreparedCallback(
@@ -207,8 +209,9 @@ void EPKPChallengeKeyBase::IsAttestationPreparedCallback(
}
// Attestation is available, see if the key we need already exists.
cryptohome_client_->TpmAttestationDoesKeyExist(
- context.key_type, context.user_id, context.key_name, base::Bind(
- &EPKPChallengeKeyBase::DoesKeyExistCallback, this, context));
+ context.key_type, context.user_id, context.key_name,
+ base::Bind(&EPKPChallengeKeyBase::DoesKeyExistCallback,
+ base::Unretained(this), context));
}
void EPKPChallengeKeyBase::DoesKeyExistCallback(
@@ -229,8 +232,8 @@ void EPKPChallengeKeyBase::DoesKeyExistCallback(
// We should ask the user explicitly before sending any private
// information to PCA.
AskForUserConsent(
- base::Bind(&EPKPChallengeKeyBase::AskForUserConsentCallback, this,
- context));
+ base::Bind(&EPKPChallengeKeyBase::AskForUserConsentCallback,
+ base::Unretained(this), context));
} else {
// User consent is not required. Skip to the next step.
AskForUserConsentCallback(context, true);
@@ -256,12 +259,11 @@ void EPKPChallengeKeyBase::AskForUserConsentCallback(
// Generate a new key and have it signed by PCA.
attestation_flow_->GetCertificate(
- context.certificate_profile,
- context.user_id,
+ context.certificate_profile, context.user_id,
std::string(), // Not used.
- true, // Force a new key to be generated.
- base::Bind(&EPKPChallengeKeyBase::GetCertificateCallback, this,
- context.callback));
+ true, // Force a new key to be generated.
+ base::Bind(&EPKPChallengeKeyBase::GetCertificateCallback,
+ base::Unretained(this), context.callback));
}
void EPKPChallengeKeyBase::GetCertificateCallback(
@@ -302,48 +304,48 @@ EPKPChallengeMachineKey::EPKPChallengeMachineKey(
EPKPChallengeMachineKey::~EPKPChallengeMachineKey() {
}
-bool EPKPChallengeMachineKey::RunAsync() {
- scoped_ptr<api_epkp::ChallengeMachineKey::Params>
- params(api_epkp::ChallengeMachineKey::Params::Create(*args_));
- EXTENSION_FUNCTION_VALIDATE(params.get());
+void EPKPChallengeMachineKey::Run(
+ scoped_refptr<UIThreadExtensionFunction> caller,
+ const ChallengeKeyCallback& callback,
+ const std::string& encoded_challenge) {
+ callback_ = callback;
+ profile_ = ChromeExtensionFunctionDetails(caller.get()).GetProfile();
+ extension_id_ = caller->extension_id();
std::string challenge;
- if (!base::Base64Decode(params->challenge, &challenge)) {
- SetError(kChallengeBadBase64Error);
- return false;
+ if (!base::Base64Decode(encoded_challenge, &challenge)) {
+ callback_.Run(false, kChallengeBadBase64Error);
+ return;
}
// Check if the device is enterprise enrolled.
if (!IsEnterpriseDevice()) {
- SetError(kNonEnterpriseDeviceError);
- return false;
+ callback_.Run(false, kNonEnterpriseDeviceError);
+ return;
}
// Check if the extension is whitelisted in the user policy.
if (!IsExtensionWhitelisted()) {
- SetError(kExtensionNotWhitelistedError);
- return false;
+ callback_.Run(false, kExtensionNotWhitelistedError);
+ return;
}
// Check if the user domain is the same as the enrolled enterprise domain.
if (!IsUserManaged()) {
- SetError(kUserNotManaged);
- return false;
+ callback_.Run(false, kUserNotManaged);
+ return;
}
// Check if RA is enabled in the device policy.
GetDeviceAttestationEnabled(
base::Bind(&EPKPChallengeMachineKey::GetDeviceAttestationEnabledCallback,
- this, challenge));
-
- return true;
+ base::Unretained(this), challenge));
}
void EPKPChallengeMachineKey::GetDeviceAttestationEnabledCallback(
const std::string& challenge, bool enabled) {
if (!enabled) {
- SetError(kDevicePolicyDisabledError);
- SendResponse(false);
+ callback_.Run(false, kDevicePolicyDisabledError);
return;
}
@@ -352,15 +354,15 @@ void EPKPChallengeMachineKey::GetDeviceAttestationEnabledCallback(
kKeyName,
chromeos::attestation::PROFILE_ENTERPRISE_MACHINE_CERTIFICATE,
false, // user consent is not required.
- base::Bind(&EPKPChallengeMachineKey::PrepareKeyCallback, this,
- challenge));
+ base::Bind(&EPKPChallengeMachineKey::PrepareKeyCallback,
+ base::Unretained(this), challenge));
}
void EPKPChallengeMachineKey::PrepareKeyCallback(
const std::string& challenge, PrepareKeyResult result) {
if (result != PREPARE_KEY_OK) {
- SetError(base::StringPrintf(kGetCertificateFailedError, result));
- SendResponse(false);
+ callback_.Run(false,
+ base::StringPrintf(kGetCertificateFailedError, result));
return;
}
@@ -368,27 +370,22 @@ void EPKPChallengeMachineKey::PrepareKeyCallback(
async_caller_->TpmAttestationSignEnterpriseChallenge(
chromeos::attestation::KEY_DEVICE,
std::string(), // Not used.
- kKeyName,
- GetEnterpriseDomain(),
- GetDeviceId(),
- chromeos::attestation::CHALLENGE_OPTION_NONE,
- challenge,
- base::Bind(&EPKPChallengeMachineKey::SignChallengeCallback, this));
+ kKeyName, GetEnterpriseDomain(), GetDeviceId(),
+ chromeos::attestation::CHALLENGE_OPTION_NONE, challenge,
+ base::Bind(&EPKPChallengeMachineKey::SignChallengeCallback,
+ base::Unretained(this)));
}
void EPKPChallengeMachineKey::SignChallengeCallback(
bool success, const std::string& response) {
if (!success) {
- SetError(kSignChallengeFailedError);
- SendResponse(false);
+ callback_.Run(false, kSignChallengeFailedError);
return;
}
std::string encoded_response;
base::Base64Encode(response, &encoded_response);
-
- results_ = api_epkp::ChallengeMachineKey::Results::Create(encoded_response);
- SendResponse(true);
+ callback_.Run(true, encoded_response);
}
// Implementation of ChallengeUserKey()
@@ -425,54 +422,51 @@ void EPKPChallengeUserKey::RegisterProfilePrefs(
registry->RegisterListPref(prefs::kAttestationExtensionWhitelist);
}
-bool EPKPChallengeUserKey::RunAsync() {
- scoped_ptr<api_epkp::ChallengeUserKey::Params> params(
- api_epkp::ChallengeUserKey::Params::Create(*args_));
- EXTENSION_FUNCTION_VALIDATE(params.get());
+void EPKPChallengeUserKey::Run(scoped_refptr<UIThreadExtensionFunction> caller,
+ const ChallengeKeyCallback& callback,
+ const std::string& encoded_challenge,
+ bool register_key) {
+ callback_ = callback;
+ profile_ = ChromeExtensionFunctionDetails(caller.get()).GetProfile();
+ extension_id_ = caller->extension_id();
std::string challenge;
- if (!base::Base64Decode(params->challenge, &challenge)) {
- SetError(kChallengeBadBase64Error);
- return false;
+ if (!base::Base64Decode(encoded_challenge, &challenge)) {
+ callback_.Run(false, kChallengeBadBase64Error);
+ return;
}
// Check if RA is enabled in the user policy.
if (!IsRemoteAttestationEnabledForUser()) {
- SetError(kUserPolicyDisabledError);
- return false;
+ callback_.Run(false, kUserPolicyDisabledError);
+ return;
}
// Check if the extension is whitelisted in the user policy.
if (!IsExtensionWhitelisted()) {
- SetError(kExtensionNotWhitelistedError);
- return false;
+ callback_.Run(false, kExtensionNotWhitelistedError);
+ return;
}
if (IsEnterpriseDevice()) {
// Check if the user domain is the same as the enrolled enterprise domain.
if (!IsUserManaged()) {
- SetError(kUserNotManaged);
- return false;
+ callback_.Run(false, kUserNotManaged);
+ return;
}
// Check if RA is enabled in the device policy.
GetDeviceAttestationEnabled(
base::Bind(&EPKPChallengeUserKey::GetDeviceAttestationEnabledCallback,
- this,
- challenge,
- params->register_key,
+ base::Unretained(this), challenge, register_key,
false)); // user consent is not required.
} else {
// For personal devices, we don't need to check if RA is enabled in the
// device, but we need to ask for user consent if the key does not exist.
- GetDeviceAttestationEnabledCallback(
- challenge,
- params->register_key,
- true, // user consent is required.
- true); // attestation is enabled.
+ GetDeviceAttestationEnabledCallback(challenge, register_key,
+ true, // user consent is required.
+ true); // attestation is enabled.
}
-
- return true;
}
void EPKPChallengeUserKey::GetDeviceAttestationEnabledCallback(
@@ -481,59 +475,49 @@ void EPKPChallengeUserKey::GetDeviceAttestationEnabledCallback(
bool require_user_consent,
bool enabled) {
if (!enabled) {
- SetError(kDevicePolicyDisabledError);
- SendResponse(false);
+ callback_.Run(false, kDevicePolicyDisabledError);
return;
}
- PrepareKey(chromeos::attestation::KEY_USER,
- GetUserEmail(),
- kKeyName,
+ PrepareKey(chromeos::attestation::KEY_USER, GetUserEmail(), kKeyName,
chromeos::attestation::PROFILE_ENTERPRISE_USER_CERTIFICATE,
require_user_consent,
- base::Bind(&EPKPChallengeUserKey::PrepareKeyCallback, this,
- challenge, register_key));
+ base::Bind(&EPKPChallengeUserKey::PrepareKeyCallback,
+ base::Unretained(this), challenge, register_key));
}
void EPKPChallengeUserKey::PrepareKeyCallback(const std::string& challenge,
bool register_key,
PrepareKeyResult result) {
if (result != PREPARE_KEY_OK) {
- SetError(base::StringPrintf(kGetCertificateFailedError, result));
- SendResponse(false);
+ callback_.Run(false,
+ base::StringPrintf(kGetCertificateFailedError, result));
return;
}
// Everything is checked. Sign the challenge.
async_caller_->TpmAttestationSignEnterpriseChallenge(
- chromeos::attestation::KEY_USER,
- GetUserEmail(),
- kKeyName,
- GetUserEmail(),
+ chromeos::attestation::KEY_USER, GetUserEmail(), kKeyName, GetUserEmail(),
GetDeviceId(),
- register_key ?
- chromeos::attestation::CHALLENGE_INCLUDE_SIGNED_PUBLIC_KEY :
- chromeos::attestation::CHALLENGE_OPTION_NONE,
- challenge,
- base::Bind(&EPKPChallengeUserKey::SignChallengeCallback, this,
- register_key));
+ register_key ? chromeos::attestation::CHALLENGE_INCLUDE_SIGNED_PUBLIC_KEY
+ : chromeos::attestation::CHALLENGE_OPTION_NONE,
+ challenge, base::Bind(&EPKPChallengeUserKey::SignChallengeCallback,
+ base::Unretained(this), register_key));
}
void EPKPChallengeUserKey::SignChallengeCallback(bool register_key,
bool success,
const std::string& response) {
if (!success) {
- SetError(kSignChallengeFailedError);
- SendResponse(false);
+ callback_.Run(false, kSignChallengeFailedError);
return;
}
if (register_key) {
async_caller_->TpmAttestationRegisterKey(
- chromeos::attestation::KEY_USER,
- GetUserEmail(),
- kKeyName,
- base::Bind(&EPKPChallengeUserKey::RegisterKeyCallback, this, response));
+ chromeos::attestation::KEY_USER, GetUserEmail(), kKeyName,
+ base::Bind(&EPKPChallengeUserKey::RegisterKeyCallback,
+ base::Unretained(this), response));
} else {
RegisterKeyCallback(response, true, cryptohome::MOUNT_ERROR_NONE);
}
@@ -544,20 +528,94 @@ void EPKPChallengeUserKey::RegisterKeyCallback(
bool success,
cryptohome::MountError return_code) {
if (!success || return_code != cryptohome::MOUNT_ERROR_NONE) {
- SetError(kKeyRegistrationFailedError);
- SendResponse(false);
+ callback_.Run(false, kKeyRegistrationFailedError);
return;
}
std::string encoded_response;
base::Base64Encode(response, &encoded_response);
-
- results_ = api_epkp::ChallengeUserKey::Results::Create(encoded_response);
- SendResponse(true);
+ callback_.Run(true, encoded_response);
}
bool EPKPChallengeUserKey::IsRemoteAttestationEnabledForUser() const {
- return GetProfile()->GetPrefs()->GetBoolean(prefs::kAttestationEnabled);
+ return profile_->GetPrefs()->GetBoolean(prefs::kAttestationEnabled);
+}
+
+EnterprisePlatformKeysPrivateChallengeMachineKeyFunction::
+ EnterprisePlatformKeysPrivateChallengeMachineKeyFunction()
+ : default_impl_(new EPKPChallengeMachineKey), impl_(default_impl_.get()) {}
+
+EnterprisePlatformKeysPrivateChallengeMachineKeyFunction::
+ EnterprisePlatformKeysPrivateChallengeMachineKeyFunction(
+ EPKPChallengeMachineKey* impl_for_testing)
+ : impl_(impl_for_testing) {}
+
+EnterprisePlatformKeysPrivateChallengeMachineKeyFunction::
+ ~EnterprisePlatformKeysPrivateChallengeMachineKeyFunction() = default;
+
+ExtensionFunction::ResponseAction
+EnterprisePlatformKeysPrivateChallengeMachineKeyFunction::Run() {
Devlin 2016/02/19 18:05:02 This all seems to be pretty much copy-paste. IIUC
Darren Krahn 2016/02/23 23:39:46 Done.
+ scoped_ptr<api_epkp::ChallengeMachineKey::Params> params(
+ api_epkp::ChallengeMachineKey::Params::Create(*args_));
+ EXTENSION_FUNCTION_VALIDATE(params);
+ ChallengeKeyCallback callback =
+ base::Bind(&EnterprisePlatformKeysPrivateChallengeMachineKeyFunction::
+ OnChallengedKey,
+ this);
+ base::Closure task = base::Bind(
+ &EPKPChallengeMachineKey::Run, base::Unretained(impl_),
+ scoped_refptr<UIThreadExtensionFunction>(AsUIThreadExtensionFunction()),
+ callback, params->challenge);
+ content::BrowserThread::PostTask(content::BrowserThread::UI, FROM_HERE, task);
+ return RespondLater();
+}
+
+void EnterprisePlatformKeysPrivateChallengeMachineKeyFunction::OnChallengedKey(
+ bool success,
+ const std::string& data) {
+ if (success) {
+ Respond(ArgumentList(api_epkp::ChallengeMachineKey::Results::Create(data)));
+ } else {
+ Respond(Error(data));
+ }
+}
+
+EnterprisePlatformKeysPrivateChallengeUserKeyFunction::
+ EnterprisePlatformKeysPrivateChallengeUserKeyFunction()
+ : default_impl_(new EPKPChallengeUserKey), impl_(default_impl_.get()) {}
+
+EnterprisePlatformKeysPrivateChallengeUserKeyFunction::
+ EnterprisePlatformKeysPrivateChallengeUserKeyFunction(
+ EPKPChallengeUserKey* impl_for_testing)
+ : impl_(impl_for_testing) {}
+
+EnterprisePlatformKeysPrivateChallengeUserKeyFunction::
+ ~EnterprisePlatformKeysPrivateChallengeUserKeyFunction() = default;
+
+ExtensionFunction::ResponseAction
+EnterprisePlatformKeysPrivateChallengeUserKeyFunction::Run() {
+ scoped_ptr<api_epkp::ChallengeUserKey::Params> params(
+ api_epkp::ChallengeUserKey::Params::Create(*args_));
+ EXTENSION_FUNCTION_VALIDATE(params);
+ ChallengeKeyCallback callback = base::Bind(
+ &EnterprisePlatformKeysPrivateChallengeUserKeyFunction::OnChallengedKey,
+ this);
+ base::Closure task = base::Bind(
+ &EPKPChallengeUserKey::Run, base::Unretained(impl_),
+ scoped_refptr<UIThreadExtensionFunction>(AsUIThreadExtensionFunction()),
+ callback, params->challenge, params->register_key);
+ content::BrowserThread::PostTask(content::BrowserThread::UI, FROM_HERE, task);
+ return RespondLater();
+}
+
+void EnterprisePlatformKeysPrivateChallengeUserKeyFunction::OnChallengedKey(
+ bool success,
+ const std::string& data) {
+ if (success) {
+ Respond(ArgumentList(api_epkp::ChallengeUserKey::Results::Create(data)));
+ } else {
+ Respond(Error(data));
+ }
}
} // namespace extensions
« chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h ('K') | « chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h ('k') | chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc » ('j') | chrome/common/extensions/api/enterprise_platform_keys.idl » ('J')

Powered by Google App Engine
This is Rietveld 408576698