1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_ATTESTATION_ATTESTATION_POLICY_OBSERVER_H_ 6 #define CHROME_BROWSER_CHROMEOS_ATTESTATION_ATTESTATION_POLICY_OBSERVER_H_ 7 8 #include <string> 9 10 #include "base/basictypes.h" 11 #include "base/callback.h" 12 #include "base/memory/scoped_ptr.h" 13 #include "base/memory/weak_ptr.h" 14 #include "chrome/browser/chromeos/settings/cros_settings.h" 15 16 namespace policy { 17 class CloudPolicyClient; 18 } 19 20 namespace chromeos { 21 22 class CrosSettings; 23 class CryptohomeClient; 24 25 namespace attestation { 26 27 class AttestationFlow; 28 29 // A class which observes policy changes and triggers device attestation work if 30 // necessary. 31 class AttestationPolicyObserver { 32 public: 33 // The observer immediately connects with CrosSettings to listen for policy 34 // changes. The CloudPolicyClient is used to upload the device certificate to 35 // the server if one is created in response to policy changes; it must be in 36 // the registered state. This class does not take ownership of 37 // |policy_client|. 38 explicit AttestationPolicyObserver(policy::CloudPolicyClient* policy_client); 39 40 // A constructor which allows custom CryptohomeClient and AttestationFlow 41 // implementations. Useful for testing. 42 AttestationPolicyObserver(policy::CloudPolicyClient* policy_client, 43 CryptohomeClient* cryptohome_client, 44 AttestationFlow* attestation_flow); 45 46 ~AttestationPolicyObserver(); 47 48 // Sets the retry delay in seconds; useful in testing. set_retry_delay(int retry_delay)49 void set_retry_delay(int retry_delay) { 50 retry_delay_ = retry_delay; 51 } 52 53 private: 54 // Called when the attestation setting changes. 55 void AttestationSettingChanged(); 56 57 // Checks attestation policy and starts any necessary work. 58 void Start(); 59 60 // Gets a new certificate for the Enterprise Machine Key (EMK). 61 void GetNewCertificate(); 62 63 // Gets the existing EMK certificate and sends it to CheckCertificateExpiry. 64 void GetExistingCertificate(); 65 66 // Checks if the given certificate is expired and, if so, get a new one. 67 void CheckCertificateExpiry(const std::string& certificate); 68 69 // Uploads a certificate to the policy server. 70 void UploadCertificate(const std::string& certificate); 71 72 // Checks if a certificate has already been uploaded and, if not, upload. 73 void CheckIfUploaded(const std::string& certificate, 74 const std::string& key_payload); 75 76 // Gets the payload associated with the EMK and sends it to |callback|. 77 void GetKeyPayload(base::Callback<void(const std::string&)> callback); 78 79 // Called when a certificate upload operation completes. On success, |status| 80 // will be true. 81 void OnUploadComplete(bool status); 82 83 // Marks a key as uploaded in the payload proto. 84 void MarkAsUploaded(const std::string& key_payload); 85 86 // Reschedules a policy check (i.e. a call to Start) for a later time. 87 // TODO(dkrahn): A better solution would be to wait for a dbus signal which 88 // indicates the system is ready to process this task. See crbug.com/256845. 89 void Reschedule(); 90 91 CrosSettings* cros_settings_; 92 policy::CloudPolicyClient* policy_client_; 93 CryptohomeClient* cryptohome_client_; 94 AttestationFlow* attestation_flow_; 95 scoped_ptr<AttestationFlow> default_attestation_flow_; 96 int num_retries_; 97 int retry_delay_; 98 99 scoped_ptr<CrosSettings::ObserverSubscription> attestation_subscription_; 100 101 // Note: This should remain the last member so it'll be destroyed and 102 // invalidate the weak pointers before any other members are destroyed. 103 base::WeakPtrFactory<AttestationPolicyObserver> weak_factory_; 104 105 DISALLOW_COPY_AND_ASSIGN(AttestationPolicyObserver); 106 }; 107 108 } // namespace attestation 109 } // namespace chromeos 110 111 #endif // CHROME_BROWSER_CHROMEOS_ATTESTATION_ATTESTATION_POLICY_OBSERVER_H_ 112