Changed platform verification user consent logic to be per-domain.

chrome/browser/chromeos/attestation/platform_verification_flow.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_ATTESTATION_PLATFORM_VERIFICATION_FLOW_H_
 #define CHROME_BROWSER_CHROMEOS_ATTESTATION_PLATFORM_VERIFICATION_FLOW_H_
 
 #include <string>
 
 #include "base/basictypes.h"
 #include "base/callback.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "url/gurl.h"
 
+class HostContentSettingsMap;
 class PrefService;
 
 namespace content {
 class WebContents;
 }
 
 namespace cryptohome {
 class AsyncMethodCaller;
 }
 
 namespace user_prefs {
 class PrefRegistrySyncable;
 }
 
 namespace chromeos {
 
 class CryptohomeClient;
 class UserManager;
 class User;
 
 namespace attestation {
 
 class AttestationFlow;
+class PlatformVerificationFlowTest;
 
 // This class allows platform verification for the content protection use case.
 // All methods must only be called on the UI thread.  Example:
 //   PlatformVerificationFlow verifier;
 //   PlatformVerificationFlow::Callback callback = base::Bind(&MyCallback);
 //   verifier.ChallengePlatformKey(my_web_contents, "my_id", "some_challenge",
 //                                 callback);
 class PlatformVerificationFlow {
  public:
   enum Result {
     SUCCESS,                // The operation succeeded.
     INTERNAL_ERROR,         // The operation failed unexpectedly.
     PLATFORM_NOT_VERIFIED,  // The platform cannot be verified.  For example:
                             // - It is not a Chrome device.
                             // - It is not running a verified OS image.
     USER_REJECTED,          // The user explicitly rejected the operation.
     POLICY_REJECTED,        // The operation is not allowed by policy/settings.
   };
 
-  enum ConsentType {
-    CONSENT_TYPE_NONE,         // No consent necessary.
-    CONSENT_TYPE_ATTESTATION,  // Consent to use attestation.
-    CONSENT_TYPE_ALWAYS,       // Consent because 'Always Ask' was requested.
-  };
-
   enum ConsentResponse {
     CONSENT_RESPONSE_NONE,
     CONSENT_RESPONSE_ALLOW,
     CONSENT_RESPONSE_DENY,
-    CONSENT_RESPONSE_ALWAYS_ASK,
   };
 
   // An interface which allows settings and UI to be abstracted for testing
   // purposes.  For normal operation the default implementation should be used.
   class Delegate {
    public:
     virtual ~Delegate() {}
 
     // This callback will be called when a user has given a |response| to a
     // consent request of the specified |type|.
     typedef base::Callback<void(ConsentResponse response)> ConsentCallback;
 
-    // Invokes consent UI of the given |type| within the context of
-    // |web_contents| and calls |callback| when the user responds.
-    virtual void ShowConsentPrompt(ConsentType type,
-                                   content::WebContents* web_contents,
+    // Invokes consent UI within the context of |web_contents| and calls
+    // |callback| when the user responds.
+    // Precondition: The last committed URL for |web_contents| has a valid
+    //               origin.
+    virtual void ShowConsentPrompt(content::WebContents* web_contents,
                                    const ConsentCallback& callback) = 0;
   };
 
   // This callback will be called when a challenge operation completes.  If
   // |result| is SUCCESS then |signed_data| holds the data which was signed
   // by the platform key (this is the original challenge appended with a random
   // nonce) and |signature| holds the RSA-PKCS1-v1.5 signature.  The
   // |platform_key_certificate| certifies the key used to generate the
   // signature.  This key may be generated on demand and is not guaranteed to
   // persist across multiple calls to this method.  The browser does not check
@@ skipping 36 matching lines @@
   static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* prefs);
 
   void set_testing_prefs(PrefService* testing_prefs) {
     testing_prefs_ = testing_prefs;
   }
 
   void set_testing_url(const GURL& testing_url) {
     testing_url_ = testing_url;
   }
 
+  void set_testing_content_settings(HostContentSettingsMap* settings) {
+    testing_content_settings_ = settings;
+  }

[Jun Mukai, 2013/10/29 00:26:51]

Could this be private?

[Darren Krahn, 2013/10/29 17:37:30]

Actually, given I needed to 'friend' the test fixture all these methods can be
private.  Done.

+
  private:
+  friend class PlatformVerificationFlowTest;
+
   // Checks whether we need to prompt the user for consent before proceeding and
   // invokes the consent UI if so.  All parameters are the same as in
   // ChallengePlatformKey except for the additional |attestation_enrolled| which
   // specifies whether attestation has been enrolled for this device.
   void CheckConsent(content::WebContents* web_contents,
                     const std::string& service_id,
                     const std::string& challenge,
                     const ChallengeCallback& callback,
                     bool attestation_enrolled);
 
   // A callback called when the user has given their consent response.  All
   // parameters are the same as in ChallengePlatformKey except for the
-  // additional |consent_type| and |consent_response| which indicate the consent
-  // type and user response, respectively.  If the response indicates that the
-  // operation should proceed, this method invokes a certificate request.
+  // additional |consent_required| and |consent_response| which indicate that
+  // user interaction was required and the user response, respectively.  If the
+  // response indicates that the operation should proceed, this method invokes a
+  // certificate request.
   void OnConsentResponse(content::WebContents* web_contents,
                          const std::string& service_id,
                          const std::string& challenge,
                          const ChallengeCallback& callback,
-                         ConsentType consent_type,
+                         bool consent_required,
                          ConsentResponse consent_response);
 
   // A callback called when an attestation certificate request operation
   // completes.  |service_id|, |challenge|, and |callback| are the same as in
   // ChallengePlatformKey.  |user_id| identifies the user for which the
   // certificate was requested.  |operation_success| is true iff the certificate
   // request operation succeeded.  |certificate| holds the certificate for the
   // platform key on success.  If the certificate request was successful, this
   // method invokes a request to sign the challenge.
   void OnCertificateReady(const std::string& user_id,
@@ skipping 22 matching lines @@
 
   // Gets the URL associated with the given |web_contents|.  If a URL as been
   // set explicitly using set_testing_url(), then this value is always returned.
   const GURL& GetURL(content::WebContents* web_contents);
 
   // Gets the user associated with the given |web_contents|.  NULL may be
   // returned.  If |web_contents| is NULL (e.g. during testing), then the
   // current active user will be returned.
   User* GetUser(content::WebContents* web_contents);
 
+  // Gets the content settings map associated with the given |web_contents|.  If
+  // |testing_content_settings_| is set, then this is always returned.
+  HostContentSettingsMap* GetContentSettings(
+      content::WebContents* web_contents);
+
   // Checks whether policy or profile settings associated with |web_contents|
   // have attestation for content protection explicitly disabled.
   bool IsAttestationEnabled(content::WebContents* web_contents);
 
-  // Checks whether this is the first use on this device for the user associated
-  // with |web_contents|.
-  bool IsFirstUse(content::WebContents* web_contents);
-
-  // Checks if settings indicate that consent is required for the web origin
-  // represented by |web_contents| because the user requested to be prompted.
-  bool IsAlwaysAskRequired(content::WebContents* web_contents);
-
   // Updates user settings for the profile associated with |web_contents| based
   // on the |consent_response| to the request of type |consent_type|.
   bool UpdateSettings(content::WebContents* web_contents,
-                      ConsentType consent_type,
                       ConsentResponse consent_response);
 
-  // Finds the domain-specific consent pref for the domain associated with
-  // |web_contents|.  If a pref exists for the domain, returns true and sets
-  // |pref_value| if it is not NULL.
-  //
-  // Precondition: A valid PrefService must be available via GetPrefs().
-  bool GetDomainPref(content::WebContents* web_contents, bool* pref_value);
+  // Finds the domain-specific consent pref in |content_settings| for |url|.  If
+  // a pref exists for the domain, returns true and sets |pref_value| if it is
+  // not NULL.
+  bool GetDomainPref(HostContentSettingsMap* content_settings,
+                     const GURL& url,
+                     bool* pref_value);
 
-  // Records the domain-specific consent pref for the domain associated with
-  // |web_contents|.  The pref will be set to |allow_domain|.
-  //
-  // Precondition: A valid PrefService must be available via GetPrefs().
-  void RecordDomainConsent(content::WebContents* web_contents,
+  // Records the domain-specific consent pref in |content_settings| for |url|.
+  // The pref will be set to |allow_domain|.
+  void RecordDomainConsent(HostContentSettingsMap* content_settings,
+                           const GURL& url,
                            bool allow_domain);
 
   AttestationFlow* attestation_flow_;
   scoped_ptr<AttestationFlow> default_attestation_flow_;
   cryptohome::AsyncMethodCaller* async_caller_;
   CryptohomeClient* cryptohome_client_;
   UserManager* user_manager_;
   Delegate* delegate_;
   scoped_ptr<Delegate> default_delegate_;
   PrefService* testing_prefs_;
   GURL testing_url_;
+  HostContentSettingsMap* testing_content_settings_;
 
   // Note: This should remain the last member so it'll be destroyed and
   // invalidate the weak pointers before any other members are destroyed.
   base::WeakPtrFactory<PlatformVerificationFlow> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(PlatformVerificationFlow);
 };
 
 }  // namespace attestation
 }  // namespace chromeos
 
 #endif  // CHROME_BROWSER_CHROMEOS_ATTESTATION_PLATFORM_VERIFICATION_FLOW_H_