| Index: chromeos/attestation/attestation_flow.cc
|
| diff --git a/chromeos/attestation/attestation_flow.cc b/chromeos/attestation/attestation_flow.cc
|
| index 2fba76152b95cea5e5d9c4d1579c1ae0bcb5c915..9b22b659f54f6c934441eef92b50b040420bfa0b 100644
|
| --- a/chromeos/attestation/attestation_flow.cc
|
| +++ b/chromeos/attestation/attestation_flow.cc
|
| @@ -59,36 +59,27 @@ AttestationKeyType GetKeyTypeForProfile(
|
| case PROFILE_ENTERPRISE_MACHINE_CERTIFICATE:
|
| return KEY_DEVICE;
|
| case PROFILE_ENTERPRISE_USER_CERTIFICATE:
|
| + case PROFILE_CONTENT_PROTECTION_CERTIFICATE:
|
| return KEY_USER;
|
| }
|
| NOTREACHED();
|
| return KEY_USER;
|
| }
|
|
|
| -std::string GetKeyNameForProfile(
|
| - AttestationCertificateProfile profile) {
|
| +std::string GetKeyNameForProfile(AttestationCertificateProfile profile,
|
| + const std::string& origin) {
|
| switch (profile) {
|
| case PROFILE_ENTERPRISE_MACHINE_CERTIFICATE:
|
| return kEnterpriseMachineKey;
|
| case PROFILE_ENTERPRISE_USER_CERTIFICATE:
|
| return kEnterpriseUserKey;
|
| + case PROFILE_CONTENT_PROTECTION_CERTIFICATE:
|
| + return std::string(kContentProtectionKeyPrefix) + origin;
|
| }
|
| NOTREACHED();
|
| return "";
|
| }
|
|
|
| -int GetCertificateOptionsForProfile(
|
| - AttestationCertificateProfile profile) {
|
| - switch (profile) {
|
| - case PROFILE_ENTERPRISE_MACHINE_CERTIFICATE:
|
| - return CERTIFICATE_INCLUDE_STABLE_ID | CERTIFICATE_INCLUDE_DEVICE_STATE;
|
| - case PROFILE_ENTERPRISE_USER_CERTIFICATE:
|
| - return CERTIFICATE_INCLUDE_DEVICE_STATE;
|
| - }
|
| - NOTREACHED();
|
| - return CERTIFICATE_OPTION_NONE;
|
| -}
|
| -
|
| } // namespace
|
|
|
| AttestationFlow::AttestationFlow(cryptohome::AsyncMethodCaller* async_caller,
|
| @@ -105,6 +96,8 @@ AttestationFlow::~AttestationFlow() {
|
|
|
| void AttestationFlow::GetCertificate(
|
| AttestationCertificateProfile certificate_profile,
|
| + const std::string& user_email,
|
| + const std::string& request_origin,
|
| bool force_new_key,
|
| const CertificateCallback& callback) {
|
| // If this device has not enrolled with the Privacy CA, we need to do that
|
| @@ -113,6 +106,8 @@ void AttestationFlow::GetCertificate(
|
| &AttestationFlow::StartCertificateRequest,
|
| weak_factory_.GetWeakPtr(),
|
| certificate_profile,
|
| + user_email,
|
| + request_origin,
|
| force_new_key,
|
| callback);
|
| base::Closure on_enroll_failure = base::Bind(callback, false, "");
|
| @@ -196,14 +191,19 @@ void AttestationFlow::OnEnrollComplete(const base::Closure& on_failure,
|
|
|
| void AttestationFlow::StartCertificateRequest(
|
| AttestationCertificateProfile certificate_profile,
|
| + const std::string& user_email,
|
| + const std::string& request_origin,
|
| bool generate_new_key,
|
| const CertificateCallback& callback) {
|
| AttestationKeyType key_type = GetKeyTypeForProfile(certificate_profile);
|
| - std::string key_name = GetKeyNameForProfile(certificate_profile);
|
| + std::string key_name = GetKeyNameForProfile(certificate_profile,
|
| + request_origin);
|
| if (generate_new_key) {
|
| // Get the attestation service to create a Privacy CA certificate request.
|
| async_caller_->AsyncTpmAttestationCreateCertRequest(
|
| - GetCertificateOptionsForProfile(certificate_profile),
|
| + certificate_profile,
|
| + user_email,
|
| + request_origin,
|
| base::Bind(&AttestationFlow::SendCertificateRequestToPCA,
|
| weak_factory_.GetWeakPtr(),
|
| key_type,
|
| @@ -223,6 +223,8 @@ void AttestationFlow::StartCertificateRequest(
|
| &AttestationFlow::StartCertificateRequest,
|
| weak_factory_.GetWeakPtr(),
|
| certificate_profile,
|
| + user_email,
|
| + request_origin,
|
| true,
|
| callback);
|
| cryptohome_client_->TpmAttestationDoesKeyExist(
|
|
|
Chromium Code Reviews
Issue 20873002:
Added support for the content protection profile to AttestationFlow. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src