Added prefs for content protection attestation.

chrome/browser/chromeos/attestation/platform_verification_flow.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_ATTESTATION_PLATFORM_VERIFICATION_FLOW_H_
 #define CHROME_BROWSER_CHROMEOS_ATTESTATION_PLATFORM_VERIFICATION_FLOW_H_
 
 #include <string>
 
 #include "base/basictypes.h"
 #include "base/callback.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
+#include "url/gurl.h"
+
+class PrefService;
 
 namespace content {
 class WebContents;
 }
 
 namespace cryptohome {
 class AsyncMethodCaller;
 }
 
+namespace user_prefs {
+class PrefRegistrySyncable;
+}
+
 namespace chromeos {
 
 class CryptohomeClient;
 class UserManager;
 
 namespace attestation {
 
 class AttestationFlow;
 
 // This class allows platform verification for the content protection use case.
@@ skipping 10 matching lines @@
     PLATFORM_NOT_VERIFIED,  // The platform cannot be verified.  For example:
                             // - It is not a Chrome device.
                             // - It is not running a verified OS image.
     USER_REJECTED,          // The user explicitly rejected the operation.
     POLICY_REJECTED,        // The operation is not allowed by policy/settings.
   };
 
   enum ConsentType {
     CONSENT_TYPE_NONE,         // No consent necessary.
     CONSENT_TYPE_ATTESTATION,  // Consent to use attestation.
-    CONSENT_TYPE_ORIGIN,       // Consent to proceed with an unfamiliar origin.
     CONSENT_TYPE_ALWAYS,       // Consent because 'Always Ask' was requested.
   };
 
   enum ConsentResponse {
     CONSENT_RESPONSE_NONE,
     CONSENT_RESPONSE_ALLOW,
     CONSENT_RESPONSE_DENY,
     CONSENT_RESPONSE_ALWAYS_ASK,
   };
 
   // An interface which allows settings and UI to be abstracted for testing
   // purposes.  For normal operation the default implementation should be used.
   class Delegate {
    public:
     virtual ~Delegate() {}
 
     // This callback will be called when a user has given a |response| to a
     // consent request of the specified |type|.
     typedef base::Callback<void(ConsentResponse response)> ConsentCallback;
 
     // Invokes consent UI of the given |type| within the context of
     // |web_contents| and calls |callback| when the user responds.
     virtual void ShowConsentPrompt(ConsentType type,
                                    content::WebContents* web_contents,
                                    const ConsentCallback& callback) = 0;
-
-    // Returns true if settings indicate that attestation should be disabled.
-    virtual bool IsAttestationDisabled() = 0;
-
-    // Checks if the web origin represented by |web_contents| is unfamiliar and
-    // requires special user consent.
-    virtual bool IsOriginConsentRequired(
-        content::WebContents* web_contents) = 0;
-
-    // Checks if settings indicate that consent is required for the web origin
-    // represented by |web_contents| because the user requested to be prompted.
-    virtual bool IsAlwaysAskRequired(content::WebContents* web_contents) = 0;
-
-    // Updates user settings based on their response to the consent request.
-    virtual bool UpdateSettings(content::WebContents* web_contents,
-                                ConsentType consent_type,
-                                ConsentResponse consent_response) = 0;
   };
 
   // This callback will be called when a challenge operation completes.  If
   // |result| is SUCCESS then |challenge_response| holds the challenge response
   // as specified by the protocol.  The |platform_key_certificate| is for the
   // key which was used to create the challenge response.  This key may be
   // generated on demand and is not guaranteed to persist across multiple calls
   // to this method.  Both the response and the certificate are opaque to
   // the browser; they are intended for validation by an external application or
   // service.
@@ skipping 25 matching lines @@
   // value but it should be time sensitive or associated to some kind of session
   // because its purpose is to prevent certificate replay.  The |callback| will
   // be called when the operation completes.  The duration of the operation can
   // vary depending on system state, hardware capabilities, and interaction with
   // the user.
   void ChallengePlatformKey(content::WebContents* web_contents,
                             const std::string& service_id,
                             const std::string& challenge,
                             const ChallengeCallback& callback);
 
+  static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* prefs);
+
+  void set_testing_prefs(PrefService* testing_prefs) {

[Mattias Nissler (ping if slow), 2013/09/03 14:31:25]

Can we replace these two by just using TestingWebContents and friends?

[Darren Krahn, 2013/09/04 12:35:05]

Ugh... really?  This is likely possible but I think it greatly simplifies the
tests with the WebContents dependency removed.  I haven't used WebContentsTester
before and maybe it's not as bad as it looks at first glance but it looks too
heavy for just tracking a URL and pref map.

[Mattias Nissler (ping if slow), 2013/09/04 16:01:44]

I guess my main motivation here is to avoid littering the production code with
just-for-test fields. Maybe a TestWebContents is to big of a hammer for that.
Looking at existing code, we have quite a few users of
ChromeRenderViewHostTestHarness, which actually makes creating TestWebContents
quite simple.

Another idea would be to avoid relying on the WebContents in this class
entirely, and pass in the few things you need (i.e. PrefService and URL).

+    testing_prefs_ = testing_prefs;
+  }
+
+  void set_testing_url(const GURL& testing_url) {
+    testing_url_ = testing_url;
+  }
+
  private:
   // Checks whether we need to prompt the user for consent before proceeding and
   // invokes the consent UI if so.  All parameters are the same as in
   // ChallengePlatformKey except for the additional |attestation_enrolled| which
   // specifies whether attestation has been enrolled for this device.
   void CheckConsent(content::WebContents* web_contents,
                     const std::string& service_id,
                     const std::string& challenge,
                     const ChallengeCallback& callback,
                     bool attestation_enrolled);
@@ skipping 26 matching lines @@
   // |certificate| is the platform certificate for the key which signed the
   // challenge.  |callback| is the same as in ChallengePlatformKey.
   // |operation_success| is true iff the challenge signing operation was
   // successful.  If it was successful, |response_data| holds the challenge
   // response and the method will invoke |callback|.
   void OnChallengeReady(const std::string& certificate,
                         const ChallengeCallback& callback,
                         bool operation_success,
                         const std::string& response_data);
 
+  // Gets prefs associated with the given |web_contents|.  If prefs have been
+  // set explicitly using set_testing_prefs(), then these are always returned.
+  // If no prefs are associated with |web_contents| then NULL is returned.
+  PrefService* GetPrefs(content::WebContents* web_contents);
+
+  // Gets the URL associated with the given |web_contents|.  If a URL as been
+  // set explicitly using set_testing_url(), then this value is always returned.
+  const GURL& GetURL(content::WebContents* web_contents);
+
+  // Checks whether policy or profile settings associated with |web_contents|
+  // have attestation for content protection explicitly disabled.
+  bool IsAttestationEnabled(content::WebContents* web_contents);
+
+  // Checks whether this is the first use on this device for the user associated
+  // with |web_contents|.
+  bool IsFirstUse(content::WebContents* web_contents);
+
+  // Checks if settings indicate that consent is required for the web origin
+  // represented by |web_contents| because the user requested to be prompted.
+  bool IsAlwaysAskRequired(content::WebContents* web_contents);
+
+  // Updates user settings for the profile associated with |web_contents| based
+  // on the |consent_response| to the request of type |consent_type|.
+  bool UpdateSettings(content::WebContents* web_contents,
+                      ConsentType consent_type,
+                      ConsentResponse consent_response);
+
+  // Finds the domain-specific consent pref for the domain associated with
+  // |web_contents|.  If a pref exists for the domain, returns true and sets
+  // |pref_value| if it is not NULL.
+  //
+  // Precondition: A valid PrefService must be available via GetPrefs().
+  bool FindDomainPref(content::WebContents* web_contents, bool* pref_value);
+
+  // Records the domain-specific consent pref for the domain associated with
+  // |web_contents|.  The pref will be set to |allow_domain|.
+  //
+  // Precondition: A valid PrefService must be available via GetPrefs().
+  void RecordDomainConsent(content::WebContents* web_contents,
+                           bool allow_domain);
+
   AttestationFlow* attestation_flow_;
   scoped_ptr<AttestationFlow> default_attestation_flow_;
   cryptohome::AsyncMethodCaller* async_caller_;
   CryptohomeClient* cryptohome_client_;
   UserManager* user_manager_;
   Delegate* delegate_;
   scoped_ptr<Delegate> default_delegate_;
+  PrefService* testing_prefs_;
+  GURL testing_url_;
 
   // Note: This should remain the last member so it'll be destroyed and
   // invalidate the weak pointers before any other members are destroyed.
   base::WeakPtrFactory<PlatformVerificationFlow> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(PlatformVerificationFlow);
 };
 
 }  // namespace attestation
 }  // namespace chromeos
 
 #endif  // CHROME_BROWSER_CHROMEOS_ATTESTATION_PLATFORM_VERIFICATION_FLOW_H_