1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_ATTESTATION_ATTESTATION_POLICY_OBSERVER_H_ 6 #define CHROME_BROWSER_CHROMEOS_ATTESTATION_ATTESTATION_POLICY_OBSERVER_H_ 7 8 #include <string> 9 10 #include "base/basictypes.h" 11 #include "base/callback.h" 12 #include "base/memory/scoped_ptr.h" 13 #include "base/memory/weak_ptr.h" 14 #include "content/public/browser/notification_observer.h" 15 16 namespace policy { 17 class CloudPolicyClient; 18 } 19 20 namespace chromeos { 21 22 class CrosSettings; 23 class CryptohomeClient; 24 25 namespace attestation { 26 27 class AttestationFlow; 28 29 // A class which observes policy changes and triggers device attestation work if 30 // necessary. 31 class AttestationPolicyObserver : public content::NotificationObserver { 32 public: 33 // The observer immediately connects with CrosSettings to listen for policy 34 // changes. The CloudPolicyClient is used to upload the device certificate to 35 // the server if one is created in response to policy changes; it must be in 36 // the registered state. This class does not take ownership of 37 // |policy_client|. 38 explicit AttestationPolicyObserver(policy::CloudPolicyClient* policy_client); 39 40 // A constructor which allows custom CryptohomeClient and AttestationFlow 41 // implementations. Useful for testing. 42 AttestationPolicyObserver(policy::CloudPolicyClient* policy_client, 43 CryptohomeClient* cryptohome_client, 44 AttestationFlow* attestation_flow); 45 46 virtual ~AttestationPolicyObserver(); 47 48 // content::NotificationObserver: 49 virtual void Observe(int type, 50 const content::NotificationSource& source, 51 const content::NotificationDetails& details) OVERRIDE; 52 53 // Sets the retry delay in seconds; useful in testing. 54 void set_retry_delay(int retry_delay) { 55 retry_delay_ = retry_delay; 56 } 57 58 private: 59 // Checks attestation policy and starts any necessary work. 60 void Start(); 61 62 // Gets a new certificate for the Enterprise Machine Key (EMK). 63 void GetNewCertificate(); 64 65 // Gets the existing EMK certificate and sends it to CheckCertificateExpiry. 66 void GetExistingCertificate(); 67 68 // Checks if the given certificate is expired and, if so, get a new one. 69 void CheckCertificateExpiry(const std::string& certificate); 70 71 // Uploads a certificate to the policy server. 72 void UploadCertificate(const std::string& certificate); 73 74 // Checks if a certificate has already been uploaded and, if not, upload. 75 void CheckIfUploaded(const std::string& certificate, 76 const std::string& key_payload); 77 78 // Gets the payload associated with the EMK and sends it to |callback|. 79 void GetKeyPayload(base::Callback<void(const std::string&)> callback); 80 81 // Called when a certificate upload operation completes. On success, |status| 82 // will be true. 83 void OnUploadComplete(bool status); 84 85 // Marks a key as uploaded in the payload proto. 86 void MarkAsUploaded(const std::string& key_payload); 87 88 // Reschedules a policy check (i.e. a call to Start) for a later time. 89 // TODO(dkrahn): A better solution would be to wait for a dbus signal which 90 // indicates the system is ready to process this task. See crbug.com/256845. 91 void Reschedule(); 92 93 CrosSettings* cros_settings_; 94 policy::CloudPolicyClient* policy_client_; 95 CryptohomeClient* cryptohome_client_; 96 AttestationFlow* attestation_flow_; 97 scoped_ptr<AttestationFlow> default_attestation_flow_; 98 int num_retries_; 99 int retry_delay_; 100 101 // Note: This should remain the last member so it'll be destroyed and 102 // invalidate the weak pointers before any other members are destroyed. 103 base::WeakPtrFactory<AttestationPolicyObserver> weak_factory_; 104 105 DISALLOW_COPY_AND_ASSIGN(AttestationPolicyObserver); 106 }; 107 108 } // namespace attestation 109 } // namespace chromeos 110 111 #endif // CHROME_BROWSER_CHROMEOS_ATTESTATION_ATTESTATION_POLICY_OBSERVER_H_ 112