| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/attestation/attestation_policy_observer.h" | 5 #include "chrome/browser/chromeos/attestation/attestation_policy_observer.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/callback.h" | 10 #include "base/callback.h" |
| (...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 165 | 165 |
| 166 // Start a dbus call to check if an Enterprise Machine Key already exists. | 166 // Start a dbus call to check if an Enterprise Machine Key already exists. |
| 167 base::Closure on_does_exist = | 167 base::Closure on_does_exist = |
| 168 base::Bind(&AttestationPolicyObserver::GetExistingCertificate, | 168 base::Bind(&AttestationPolicyObserver::GetExistingCertificate, |
| 169 weak_factory_.GetWeakPtr()); | 169 weak_factory_.GetWeakPtr()); |
| 170 base::Closure on_does_not_exist = | 170 base::Closure on_does_not_exist = |
| 171 base::Bind(&AttestationPolicyObserver::GetNewCertificate, | 171 base::Bind(&AttestationPolicyObserver::GetNewCertificate, |
| 172 weak_factory_.GetWeakPtr()); | 172 weak_factory_.GetWeakPtr()); |
| 173 cryptohome_client_->TpmAttestationDoesKeyExist( | 173 cryptohome_client_->TpmAttestationDoesKeyExist( |
| 174 KEY_DEVICE, | 174 KEY_DEVICE, |
| 175 std::string(), // Not used. |
| 175 kEnterpriseMachineKey, | 176 kEnterpriseMachineKey, |
| 176 base::Bind(DBusBoolRedirectCallback, | 177 base::Bind(DBusBoolRedirectCallback, |
| 177 on_does_exist, | 178 on_does_exist, |
| 178 on_does_not_exist, | 179 on_does_not_exist, |
| 179 base::Bind(&AttestationPolicyObserver::Reschedule, | 180 base::Bind(&AttestationPolicyObserver::Reschedule, |
| 180 weak_factory_.GetWeakPtr()), | 181 weak_factory_.GetWeakPtr()), |
| 181 FROM_HERE)); | 182 FROM_HERE)); |
| 182 } | 183 } |
| 183 | 184 |
| 184 void AttestationPolicyObserver::GetNewCertificate() { | 185 void AttestationPolicyObserver::GetNewCertificate() { |
| 185 // We can reuse the dbus callback handler logic. | 186 // We can reuse the dbus callback handler logic. |
| 186 attestation_flow_->GetCertificate( | 187 attestation_flow_->GetCertificate( |
| 187 PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, | 188 PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, |
| 188 std::string(), // Not used. | 189 std::string(), // Not used. |
| 189 std::string(), // Not used. | 190 std::string(), // Not used. |
| 190 true, // Force a new key to be generated. | 191 true, // Force a new key to be generated. |
| 191 base::Bind(DBusStringCallback, | 192 base::Bind(DBusStringCallback, |
| 192 base::Bind(&AttestationPolicyObserver::UploadCertificate, | 193 base::Bind(&AttestationPolicyObserver::UploadCertificate, |
| 193 weak_factory_.GetWeakPtr()), | 194 weak_factory_.GetWeakPtr()), |
| 194 base::Bind(&AttestationPolicyObserver::Reschedule, | 195 base::Bind(&AttestationPolicyObserver::Reschedule, |
| 195 weak_factory_.GetWeakPtr()), | 196 weak_factory_.GetWeakPtr()), |
| 196 FROM_HERE, | 197 FROM_HERE, |
| 197 DBUS_METHOD_CALL_SUCCESS)); | 198 DBUS_METHOD_CALL_SUCCESS)); |
| 198 } | 199 } |
| 199 | 200 |
| 200 void AttestationPolicyObserver::GetExistingCertificate() { | 201 void AttestationPolicyObserver::GetExistingCertificate() { |
| 201 cryptohome_client_->TpmAttestationGetCertificate( | 202 cryptohome_client_->TpmAttestationGetCertificate( |
| 202 KEY_DEVICE, | 203 KEY_DEVICE, |
| 204 std::string(), // Not used. |
| 203 kEnterpriseMachineKey, | 205 kEnterpriseMachineKey, |
| 204 base::Bind(DBusStringCallback, | 206 base::Bind(DBusStringCallback, |
| 205 base::Bind(&AttestationPolicyObserver::CheckCertificateExpiry, | 207 base::Bind(&AttestationPolicyObserver::CheckCertificateExpiry, |
| 206 weak_factory_.GetWeakPtr()), | 208 weak_factory_.GetWeakPtr()), |
| 207 base::Bind(&AttestationPolicyObserver::Reschedule, | 209 base::Bind(&AttestationPolicyObserver::Reschedule, |
| 208 weak_factory_.GetWeakPtr()), | 210 weak_factory_.GetWeakPtr()), |
| 209 FROM_HERE)); | 211 FROM_HERE)); |
| 210 } | 212 } |
| 211 | 213 |
| 212 void AttestationPolicyObserver::CheckCertificateExpiry( | 214 void AttestationPolicyObserver::CheckCertificateExpiry( |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 250 // Already uploaded... nothing more to do. | 252 // Already uploaded... nothing more to do. |
| 251 return; | 253 return; |
| 252 } | 254 } |
| 253 UploadCertificate(certificate); | 255 UploadCertificate(certificate); |
| 254 } | 256 } |
| 255 | 257 |
| 256 void AttestationPolicyObserver::GetKeyPayload( | 258 void AttestationPolicyObserver::GetKeyPayload( |
| 257 base::Callback<void(const std::string&)> callback) { | 259 base::Callback<void(const std::string&)> callback) { |
| 258 cryptohome_client_->TpmAttestationGetKeyPayload( | 260 cryptohome_client_->TpmAttestationGetKeyPayload( |
| 259 KEY_DEVICE, | 261 KEY_DEVICE, |
| 262 std::string(), // Not used. |
| 260 kEnterpriseMachineKey, | 263 kEnterpriseMachineKey, |
| 261 base::Bind(DBusStringCallback, | 264 base::Bind(DBusStringCallback, |
| 262 callback, | 265 callback, |
| 263 base::Bind(&AttestationPolicyObserver::Reschedule, | 266 base::Bind(&AttestationPolicyObserver::Reschedule, |
| 264 weak_factory_.GetWeakPtr()), | 267 weak_factory_.GetWeakPtr()), |
| 265 FROM_HERE)); | 268 FROM_HERE)); |
| 266 } | 269 } |
| 267 | 270 |
| 268 void AttestationPolicyObserver::OnUploadComplete(bool status) { | 271 void AttestationPolicyObserver::OnUploadComplete(bool status) { |
| 269 if (!status) | 272 if (!status) |
| 270 return; | 273 return; |
| 271 LOG(INFO) << "Enterprise Machine Certificate uploaded to DMServer."; | 274 LOG(INFO) << "Enterprise Machine Certificate uploaded to DMServer."; |
| 272 GetKeyPayload(base::Bind(&AttestationPolicyObserver::MarkAsUploaded, | 275 GetKeyPayload(base::Bind(&AttestationPolicyObserver::MarkAsUploaded, |
| 273 weak_factory_.GetWeakPtr())); | 276 weak_factory_.GetWeakPtr())); |
| 274 } | 277 } |
| 275 | 278 |
| 276 void AttestationPolicyObserver::MarkAsUploaded(const std::string& key_payload) { | 279 void AttestationPolicyObserver::MarkAsUploaded(const std::string& key_payload) { |
| 277 AttestationKeyPayload payload_pb; | 280 AttestationKeyPayload payload_pb; |
| 278 if (!key_payload.empty()) | 281 if (!key_payload.empty()) |
| 279 payload_pb.ParseFromString(key_payload); | 282 payload_pb.ParseFromString(key_payload); |
| 280 payload_pb.set_is_certificate_uploaded(true); | 283 payload_pb.set_is_certificate_uploaded(true); |
| 281 std::string new_payload; | 284 std::string new_payload; |
| 282 if (!payload_pb.SerializeToString(&new_payload)) { | 285 if (!payload_pb.SerializeToString(&new_payload)) { |
| 283 LOG(WARNING) << "Failed to serialize key payload."; | 286 LOG(WARNING) << "Failed to serialize key payload."; |
| 284 return; | 287 return; |
| 285 } | 288 } |
| 286 cryptohome_client_->TpmAttestationSetKeyPayload( | 289 cryptohome_client_->TpmAttestationSetKeyPayload( |
| 287 KEY_DEVICE, | 290 KEY_DEVICE, |
| 291 std::string(), // Not used. |
| 288 kEnterpriseMachineKey, | 292 kEnterpriseMachineKey, |
| 289 new_payload, | 293 new_payload, |
| 290 base::Bind(DBusBoolRedirectCallback, | 294 base::Bind(DBusBoolRedirectCallback, |
| 291 base::Closure(), | 295 base::Closure(), |
| 292 base::Closure(), | 296 base::Closure(), |
| 293 base::Closure(), | 297 base::Closure(), |
| 294 FROM_HERE)); | 298 FROM_HERE)); |
| 295 } | 299 } |
| 296 | 300 |
| 297 void AttestationPolicyObserver::Reschedule() { | 301 void AttestationPolicyObserver::Reschedule() { |
| 298 if (++num_retries_ < kRetryLimit) { | 302 if (++num_retries_ < kRetryLimit) { |
| 299 content::BrowserThread::PostDelayedTask( | 303 content::BrowserThread::PostDelayedTask( |
| 300 content::BrowserThread::UI, FROM_HERE, | 304 content::BrowserThread::UI, FROM_HERE, |
| 301 base::Bind(&AttestationPolicyObserver::Start, | 305 base::Bind(&AttestationPolicyObserver::Start, |
| 302 weak_factory_.GetWeakPtr()), | 306 weak_factory_.GetWeakPtr()), |
| 303 base::TimeDelta::FromSeconds(retry_delay_)); | 307 base::TimeDelta::FromSeconds(retry_delay_)); |
| 304 } else { | 308 } else { |
| 305 LOG(WARNING) << "AttestationPolicyObserver: Retry limit exceeded."; | 309 LOG(WARNING) << "AttestationPolicyObserver: Retry limit exceeded."; |
| 306 } | 310 } |
| 307 } | 311 } |
| 308 | 312 |
| 309 } // namespace attestation | 313 } // namespace attestation |
| 310 } // namespace chromeos | 314 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 27044004:
Added multi-profile support for attestation on chromeos. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src