Added support for the content protection profile to AttestationFlow.

chromeos/attestation/attestation_flow.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chromeos/attestation/attestation_flow.h"
 
 #include "base/bind.h"
 #include "chromeos/cryptohome/async_method_caller.h"
 #include "chromeos/dbus/cryptohome_client.h"
 
@@ skipping 41 matching lines @@
   if (!callback.is_null())
     callback.Run(result, data);
 }
 
 AttestationKeyType GetKeyTypeForProfile(
     AttestationCertificateProfile profile) {
   switch (profile) {
     case PROFILE_ENTERPRISE_MACHINE_CERTIFICATE:
       return KEY_DEVICE;
     case PROFILE_ENTERPRISE_USER_CERTIFICATE:
+    case PROFILE_CONTENT_PROTECTION_CERTIFICATE:
       return KEY_USER;
   }
   NOTREACHED();
   return KEY_USER;
 }
 
-std::string GetKeyNameForProfile(
-    AttestationCertificateProfile profile) {
+std::string GetKeyNameForProfile(AttestationCertificateProfile profile,
+                                 const std::string& origin) {
   switch (profile) {
     case PROFILE_ENTERPRISE_MACHINE_CERTIFICATE:
       return kEnterpriseMachineKey;
     case PROFILE_ENTERPRISE_USER_CERTIFICATE:
       return kEnterpriseUserKey;
+    case PROFILE_CONTENT_PROTECTION_CERTIFICATE:
+      return std::string(kContentProtectionKeyPrefix) + origin;
   }
   NOTREACHED();
   return "";
 }
 
-int GetCertificateOptionsForProfile(
-    AttestationCertificateProfile profile) {
-  switch (profile) {
-    case PROFILE_ENTERPRISE_MACHINE_CERTIFICATE:
-      return CERTIFICATE_INCLUDE_STABLE_ID | CERTIFICATE_INCLUDE_DEVICE_STATE;
-    case PROFILE_ENTERPRISE_USER_CERTIFICATE:
-      return CERTIFICATE_INCLUDE_DEVICE_STATE;
-  }
-  NOTREACHED();
-  return CERTIFICATE_OPTION_NONE;
-}
-
 }  // namespace
 
 AttestationFlow::AttestationFlow(cryptohome::AsyncMethodCaller* async_caller,
                                  CryptohomeClient* cryptohome_client,
                                  scoped_ptr<ServerProxy> server_proxy)
     : async_caller_(async_caller),
       cryptohome_client_(cryptohome_client),
       server_proxy_(server_proxy.Pass()),
       weak_factory_(this) {
 }
 
 AttestationFlow::~AttestationFlow() {
 }
 
 void AttestationFlow::GetCertificate(
     AttestationCertificateProfile certificate_profile,
+    const std::string& user_email,
+    const std::string& request_origin,
     bool force_new_key,
     const CertificateCallback& callback) {
   // If this device has not enrolled with the Privacy CA, we need to do that
   // first.  Once enrolled we can proceed with the certificate request.
   base::Closure do_cert_request = base::Bind(
       &AttestationFlow::StartCertificateRequest,
       weak_factory_.GetWeakPtr(),
       certificate_profile,
+      user_email,
+      request_origin,
       force_new_key,
       callback);
   base::Closure on_enroll_failure = base::Bind(callback, false, "");
   base::Closure do_enroll = base::Bind(&AttestationFlow::StartEnroll,
                                        weak_factory_.GetWeakPtr(),
                                        on_enroll_failure,
                                        do_cert_request);
   cryptohome_client_->TpmAttestationIsEnrolled(base::Bind(
       &DBusBoolRedirectCallback,
       do_cert_request,  // If enrolled, proceed with cert request.
@@ skipping 63 matching lines @@
     return;
   }
 
   // Enrollment has successfully completed, we can move on to whatever is next.
   if (!next_task.is_null())
     next_task.Run();
 }
 
 void AttestationFlow::StartCertificateRequest(
     AttestationCertificateProfile certificate_profile,
+    const std::string& user_email,
+    const std::string& request_origin,
     bool generate_new_key,
     const CertificateCallback& callback) {
   AttestationKeyType key_type = GetKeyTypeForProfile(certificate_profile);
-  std::string key_name = GetKeyNameForProfile(certificate_profile);
+  std::string key_name = GetKeyNameForProfile(certificate_profile,
+                                              request_origin);
   if (generate_new_key) {
     // Get the attestation service to create a Privacy CA certificate request.
     async_caller_->AsyncTpmAttestationCreateCertRequest(
-        GetCertificateOptionsForProfile(certificate_profile),
+        certificate_profile,
+        user_email,
+        request_origin,
         base::Bind(&AttestationFlow::SendCertificateRequestToPCA,
                    weak_factory_.GetWeakPtr(),
                    key_type,
                    key_name,
                    callback));
   } else {
     // If the key already exists, query the existing certificate.
     base::Closure on_key_exists = base::Bind(
         &AttestationFlow::GetExistingCertificate,
         weak_factory_.GetWeakPtr(),
         key_type,
         key_name,
         callback);
     // If the key does not exist, call this method back with |generate_new_key|
     // set to true.
     base::Closure on_key_not_exists = base::Bind(
         &AttestationFlow::StartCertificateRequest,
         weak_factory_.GetWeakPtr(),
         certificate_profile,
+        user_email,
+        request_origin,
         true,
         callback);
     cryptohome_client_->TpmAttestationDoesKeyExist(
         key_type,
         key_name,
         base::Bind(&DBusBoolRedirectCallback,
             on_key_exists,
             on_key_not_exists,
             base::Bind(callback, false, "")));
   }
@@ skipping 47 matching lines @@
     const std::string& key_name,
     const CertificateCallback& callback) {
   cryptohome_client_->TpmAttestationGetCertificate(
       key_type,
       key_name,
       base::Bind(&DBusDataMethodCallback, callback));
 }
 
 }  // namespace attestation
 }  // namespace chromeos