summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordkrahn@google.com <dkrahn@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2013-08-14 22:15:59 +0000
committerdkrahn@google.com <dkrahn@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2013-08-14 22:15:59 +0000
commit64494c3febd59f7c78f672e35ab60b705ce66017 (patch)
tree844fea96e9b9af21c5b176f157ba0e50044ff87c
parent93f90980f27779675775113bc681021d020dd142 (diff)
downloadchromium_src-64494c3febd59f7c78f672e35ab60b705ce66017.zip
chromium_src-64494c3febd59f7c78f672e35ab60b705ce66017.tar.gz
chromium_src-64494c3febd59f7c78f672e35ab60b705ce66017.tar.bz2
Added support for the content protection profile to AttestationFlow.
This change moves all attestation certificate requests to the new CreateCertRequestByProfile dbus method. BUG=chromium:260504 TEST=unit, manual Review URL: https://chromiumcodereview.appspot.com/20873002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@217673 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat
-rw-r--r--WATCHLISTS3
-rw-r--r--chrome/browser/chromeos/attestation/attestation_policy_observer.cc2
-rw-r--r--chrome/browser/chromeos/attestation/attestation_policy_observer_unittest.cc4
-rw-r--r--chrome/browser/extensions/api/enterprise_platform_keys_private/OWNERS2
-rw-r--r--chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc2
-rw-r--r--chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc18
-rw-r--r--chromeos/attestation/attestation_constants.cc1
-rw-r--r--chromeos/attestation/attestation_constants.h17
-rw-r--r--chromeos/attestation/attestation_flow.cc34
-rw-r--r--chromeos/attestation/attestation_flow.h12
-rw-r--r--chromeos/attestation/attestation_flow_unittest.cc55
-rw-r--r--chromeos/attestation/mock_attestation_flow.h4
-rw-r--r--chromeos/cryptohome/async_method_caller.cc8
-rw-r--r--chromeos/cryptohome/async_method_caller.h13
-rw-r--r--chromeos/cryptohome/mock_async_method_caller.cc4
-rw-r--r--chromeos/cryptohome/mock_async_method_caller.h9
-rw-r--r--chromeos/dbus/cryptohome_client.cc15
-rw-r--r--chromeos/dbus/cryptohome_client.h18
-rw-r--r--chromeos/dbus/cryptohome_client_stub.cc4
-rw-r--r--chromeos/dbus/cryptohome_client_stub.h4
-rw-r--r--chromeos/dbus/fake_cryptohome_client.cc4
-rw-r--r--chromeos/dbus/fake_cryptohome_client.h4
-rw-r--r--chromeos/dbus/mock_cryptohome_client.h9
23 files changed, 152 insertions, 94 deletions
diff --git a/WATCHLISTS b/WATCHLISTS
index b9c1b36..0fc2a55 100644
--- a/WATCHLISTS
+++ b/WATCHLISTS
@@ -156,7 +156,8 @@
},
'chromeos_attestation': {
'filepath': 'chromeos/attestation/|'\
- 'chrome/browser/chromeos/attestation/',
+ 'chrome/browser/chromeos/attestation/|'\
+ 'chrome/browser/extensions/api/enterprise_platform_keys_private/',
},
'chromeos_calculator': {
'filepath': 'chrome/common/extensions/docs/examples/apps/calculator/',
diff --git a/chrome/browser/chromeos/attestation/attestation_policy_observer.cc b/chrome/browser/chromeos/attestation/attestation_policy_observer.cc
index 04df748..d28dc3f 100644
--- a/chrome/browser/chromeos/attestation/attestation_policy_observer.cc
+++ b/chrome/browser/chromeos/attestation/attestation_policy_observer.cc
@@ -189,6 +189,8 @@ void AttestationPolicyObserver::GetNewCertificate() {
// We can reuse the dbus callback handler logic.
attestation_flow_->GetCertificate(
PROFILE_ENTERPRISE_MACHINE_CERTIFICATE,
+ std::string(), // Not used.
+ std::string(), // Not used.
true, // Force a new key to be generated.
base::Bind(DBusStringCallback,
base::Bind(&AttestationPolicyObserver::UploadCertificate,
diff --git a/chrome/browser/chromeos/attestation/attestation_policy_observer_unittest.cc b/chrome/browser/chromeos/attestation/attestation_policy_observer_unittest.cc
index 44b9173..ec12232 100644
--- a/chrome/browser/chromeos/attestation/attestation_policy_observer_unittest.cc
+++ b/chrome/browser/chromeos/attestation/attestation_policy_observer_unittest.cc
@@ -183,8 +183,8 @@ class AttestationPolicyObserverTest : public ::testing::Test {
// another costly operation and if it gets triggered more than once during
// a single pass this indicates a logical problem in the observer.
if (new_key) {
- EXPECT_CALL(attestation_flow_, GetCertificate(_, _, _))
- .WillOnce(WithArgs<2>(Invoke(CertCallbackSuccess)));
+ EXPECT_CALL(attestation_flow_, GetCertificate(_, _, _, _, _))
+ .WillOnce(WithArgs<4>(Invoke(CertCallbackSuccess)));
}
}
diff --git a/chrome/browser/extensions/api/enterprise_platform_keys_private/OWNERS b/chrome/browser/extensions/api/enterprise_platform_keys_private/OWNERS
new file mode 100644
index 0000000..14072cb
--- /dev/null
+++ b/chrome/browser/extensions/api/enterprise_platform_keys_private/OWNERS
@@ -0,0 +1,2 @@
+mnissler@chromium.org
+
diff --git a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc
index 785016f..3a769b00 100644
--- a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc
+++ b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc
@@ -205,6 +205,8 @@ void EPKPChallengeKeyBase::AskForUserConsentCallback(
// Generate a new key and have it signed by PCA.
attestation_flow_->GetCertificate(
certificate_profile,
+ std::string(), // Not used.
+ std::string(), // Not used.
true, // Force a new key to be generated.
base::Bind(&EPKPChallengeKeyBase::GetCertificateCallback, this,
callback));
diff --git a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc
index 51a0b38..aab40d6 100644
--- a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc
+++ b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc
@@ -95,6 +95,8 @@ void SignChallengeCallbackFalse(
void GetCertificateCallbackTrue(
chromeos::attestation::AttestationCertificateProfile certificate_profile,
+ const std::string& user_email,
+ const std::string& request_origin,
bool force_new_key,
const chromeos::attestation::AttestationFlow::CertificateCallback&
callback) {
@@ -103,6 +105,8 @@ void GetCertificateCallbackTrue(
void GetCertificateCallbackFalse(
chromeos::attestation::AttestationCertificateProfile certificate_profile,
+ const std::string& user_email,
+ const std::string& request_origin,
bool force_new_key,
const chromeos::attestation::AttestationFlow::CertificateCallback&
callback) {
@@ -121,7 +125,7 @@ class EPKPChallengeKeyTestBase : public BrowserWithTestWindowTest {
ON_CALL(mock_async_method_caller_,
TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _))
.WillByDefault(Invoke(SignChallengeCallbackTrue));
- ON_CALL(mock_attestation_flow_, GetCertificate(_, _, _))
+ ON_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _))
.WillByDefault(Invoke(GetCertificateCallbackTrue));
// Set the Enterprise install attributes.
@@ -236,7 +240,7 @@ TEST_F(EPKPChallengeMachineKeyTest, DoesKeyExistDbusFailed) {
}
TEST_F(EPKPChallengeMachineKeyTest, GetCertificateFailed) {
- EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _))
+ EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _))
.WillRepeatedly(Invoke(GetCertificateCallbackFalse));
EXPECT_EQ(base::StringPrintf(
@@ -257,7 +261,7 @@ TEST_F(EPKPChallengeMachineKeyTest, KeyExists) {
EXPECT_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _))
.WillRepeatedly(Invoke(DoesKeyExistCallbackTrue));
// GetCertificate must not be called if the key exists.
- EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _))
+ EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _))
.Times(0);
EXPECT_TRUE(utils::RunFunction(func_.get(), kArgs, browser(), utils::NONE));
@@ -268,7 +272,7 @@ TEST_F(EPKPChallengeMachineKeyTest, Success) {
EXPECT_CALL(mock_attestation_flow_,
GetCertificate(
chromeos::attestation::PROFILE_ENTERPRISE_MACHINE_CERTIFICATE,
- _, _))
+ _, _, _, _))
.Times(1);
// SignEnterpriseChallenge must be called exactly once.
EXPECT_CALL(mock_async_method_caller_,
@@ -356,7 +360,7 @@ TEST_F(EPKPChallengeUserKeyTest, DoesKeyExistDbusFailed) {
}
TEST_F(EPKPChallengeUserKeyTest, GetCertificateFailed) {
- EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _))
+ EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _))
.WillRepeatedly(Invoke(GetCertificateCallbackFalse));
EXPECT_EQ(base::StringPrintf(
@@ -385,7 +389,7 @@ TEST_F(EPKPChallengeUserKeyTest, KeyExists) {
EXPECT_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _))
.WillRepeatedly(Invoke(DoesKeyExistCallbackTrue));
// GetCertificate must not be called if the key exists.
- EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _))
+ EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _))
.Times(0);
EXPECT_TRUE(utils::RunFunction(func_.get(), kArgs, browser(), utils::NONE));
@@ -412,7 +416,7 @@ TEST_F(EPKPChallengeUserKeyTest, Success) {
EXPECT_CALL(mock_attestation_flow_,
GetCertificate(
chromeos::attestation::PROFILE_ENTERPRISE_USER_CERTIFICATE,
- _, _))
+ _, _, _, _))
.Times(1);
// SignEnterpriseChallenge must be called exactly once.
EXPECT_CALL(mock_async_method_caller_,
diff --git a/chromeos/attestation/attestation_constants.cc b/chromeos/attestation/attestation_constants.cc
index 9f3833b..51d4e44 100644
--- a/chromeos/attestation/attestation_constants.cc
+++ b/chromeos/attestation/attestation_constants.cc
@@ -9,6 +9,7 @@ namespace attestation {
const char kEnterpriseMachineKey[] = "attest-ent-machine";
const char kEnterpriseUserKey[] = "attest-ent-user";
+const char kContentProtectionKeyPrefix[] = "attest-cp-";
} // namespace attestation
} // namespace chromeos
diff --git a/chromeos/attestation/attestation_constants.h b/chromeos/attestation/attestation_constants.h
index a704cfc..1429004 100644
--- a/chromeos/attestation/attestation_constants.h
+++ b/chromeos/attestation/attestation_constants.h
@@ -10,17 +10,6 @@
namespace chromeos {
namespace attestation {
-// Options available for customizing an attestation certificate.
-enum AttestationCertificateOptions {
- CERTIFICATE_OPTION_NONE = 0,
- // A stable identifier is simply an identifier that is not affected by device
- // state changes, including device recovery.
- CERTIFICATE_INCLUDE_STABLE_ID = 1,
- // Device state information contains a quoted assertion of whether the device
- // is in verified mode.
- CERTIFICATE_INCLUDE_DEVICE_STATE = 1 << 1,
-};
-
// Key types supported by the Chrome OS attestation subsystem.
enum AttestationKeyType {
// The key will be associated with the device itself and will be available
@@ -48,6 +37,8 @@ enum AttestationCertificateProfile {
// Uses the following certificate options:
// CERTIFICATE_INCLUDE_DEVICE_STATE
PROFILE_ENTERPRISE_USER_CERTIFICATE,
+ // A profile for certificates intended for protected content providers.
+ PROFILE_CONTENT_PROTECTION_CERTIFICATE,
};
// A key name for the Enterprise Machine Key. This key should always be stored
@@ -58,6 +49,10 @@ CHROMEOS_EXPORT extern const char kEnterpriseMachineKey[];
// a USER_KEY.
CHROMEOS_EXPORT extern const char kEnterpriseUserKey[];
+// The key name prefix for content protection keys. This prefix must be
+// appended with an origin-specific identifier to form the final key name.
+CHROMEOS_EXPORT extern const char kContentProtectionKeyPrefix[];
+
} // namespace attestation
} // namespace chromeos
diff --git a/chromeos/attestation/attestation_flow.cc b/chromeos/attestation/attestation_flow.cc
index 2fba761..9b22b65 100644
--- a/chromeos/attestation/attestation_flow.cc
+++ b/chromeos/attestation/attestation_flow.cc
@@ -59,36 +59,27 @@ AttestationKeyType GetKeyTypeForProfile(
case PROFILE_ENTERPRISE_MACHINE_CERTIFICATE:
return KEY_DEVICE;
case PROFILE_ENTERPRISE_USER_CERTIFICATE:
+ case PROFILE_CONTENT_PROTECTION_CERTIFICATE:
return KEY_USER;
}
NOTREACHED();
return KEY_USER;
}
-std::string GetKeyNameForProfile(
- AttestationCertificateProfile profile) {
+std::string GetKeyNameForProfile(AttestationCertificateProfile profile,
+ const std::string& origin) {
switch (profile) {
case PROFILE_ENTERPRISE_MACHINE_CERTIFICATE:
return kEnterpriseMachineKey;
case PROFILE_ENTERPRISE_USER_CERTIFICATE:
return kEnterpriseUserKey;
+ case PROFILE_CONTENT_PROTECTION_CERTIFICATE:
+ return std::string(kContentProtectionKeyPrefix) + origin;
}
NOTREACHED();
return "";
}
-int GetCertificateOptionsForProfile(
- AttestationCertificateProfile profile) {
- switch (profile) {
- case PROFILE_ENTERPRISE_MACHINE_CERTIFICATE:
- return CERTIFICATE_INCLUDE_STABLE_ID | CERTIFICATE_INCLUDE_DEVICE_STATE;
- case PROFILE_ENTERPRISE_USER_CERTIFICATE:
- return CERTIFICATE_INCLUDE_DEVICE_STATE;
- }
- NOTREACHED();
- return CERTIFICATE_OPTION_NONE;
-}
-
} // namespace
AttestationFlow::AttestationFlow(cryptohome::AsyncMethodCaller* async_caller,
@@ -105,6 +96,8 @@ AttestationFlow::~AttestationFlow() {
void AttestationFlow::GetCertificate(
AttestationCertificateProfile certificate_profile,
+ const std::string& user_email,
+ const std::string& request_origin,
bool force_new_key,
const CertificateCallback& callback) {
// If this device has not enrolled with the Privacy CA, we need to do that
@@ -113,6 +106,8 @@ void AttestationFlow::GetCertificate(
&AttestationFlow::StartCertificateRequest,
weak_factory_.GetWeakPtr(),
certificate_profile,
+ user_email,
+ request_origin,
force_new_key,
callback);
base::Closure on_enroll_failure = base::Bind(callback, false, "");
@@ -196,14 +191,19 @@ void AttestationFlow::OnEnrollComplete(const base::Closure& on_failure,
void AttestationFlow::StartCertificateRequest(
AttestationCertificateProfile certificate_profile,
+ const std::string& user_email,
+ const std::string& request_origin,
bool generate_new_key,
const CertificateCallback& callback) {
AttestationKeyType key_type = GetKeyTypeForProfile(certificate_profile);
- std::string key_name = GetKeyNameForProfile(certificate_profile);
+ std::string key_name = GetKeyNameForProfile(certificate_profile,
+ request_origin);
if (generate_new_key) {
// Get the attestation service to create a Privacy CA certificate request.
async_caller_->AsyncTpmAttestationCreateCertRequest(
- GetCertificateOptionsForProfile(certificate_profile),
+ certificate_profile,
+ user_email,
+ request_origin,
base::Bind(&AttestationFlow::SendCertificateRequestToPCA,
weak_factory_.GetWeakPtr(),
key_type,
@@ -223,6 +223,8 @@ void AttestationFlow::StartCertificateRequest(
&AttestationFlow::StartCertificateRequest,
weak_factory_.GetWeakPtr(),
certificate_profile,
+ user_email,
+ request_origin,
true,
callback);
cryptohome_client_->TpmAttestationDoesKeyExist(
diff --git a/chromeos/attestation/attestation_flow.h b/chromeos/attestation/attestation_flow.h
index 2c59f3b..bdbea1e 100644
--- a/chromeos/attestation/attestation_flow.h
+++ b/chromeos/attestation/attestation_flow.h
@@ -68,6 +68,12 @@ class CHROMEOS_EXPORT AttestationFlow {
// Parameters
// certificate_profile - Specifies what kind of certificate should be
// requested from the CA.
+ // user_email - The canonical email address of the currently active user.
+ // This is ignored when not using the content protection
+ // profile.
+ // request_origin - For content protection profiles, certificate requests
+ // are origin-specific. This string must uniquely identify
+ // the origin of the request.
// force_new_key - If set to true, a new key will be generated even if a key
// already exists for the profile. The new key will replace
// the existing key on success.
@@ -75,6 +81,8 @@ class CHROMEOS_EXPORT AttestationFlow {
// On success |result| will be true and |data| will contain the
// PCA-issued certificate chain in PEM format.
virtual void GetCertificate(AttestationCertificateProfile certificate_profile,
+ const std::string& user_email,
+ const std::string& request_origin,
bool force_new_key,
const CertificateCallback& callback);
@@ -134,10 +142,14 @@ class CHROMEOS_EXPORT AttestationFlow {
// Parameters
// certificate_profile - Specifies what kind of certificate should be
// requested from the CA.
+ // user_email - The active user's canonical email.
+ // request_origin - An identifier for the origin of this request.
// generate_new_key - If set to true a new key is generated.
// callback - Called when the operation completes.
void StartCertificateRequest(
const AttestationCertificateProfile certificate_profile,
+ const std::string& user_email,
+ const std::string& request_origin,
bool generate_new_key,
const CertificateCallback& callback);
diff --git a/chromeos/attestation/attestation_flow_unittest.cc b/chromeos/attestation/attestation_flow_unittest.cc
index ea819b0..9622230 100644
--- a/chromeos/attestation/attestation_flow_unittest.cc
+++ b/chromeos/attestation/attestation_flow_unittest.cc
@@ -99,7 +99,8 @@ TEST_F(AttestationFlowTest, GetCertificate) {
EXPECT_CALL(
async_caller,
- AsyncTpmAttestationCreateCertRequest(CERTIFICATE_INCLUDE_DEVICE_STATE, _))
+ AsyncTpmAttestationCreateCertRequest(PROFILE_ENTERPRISE_USER_CERTIFICATE,
+ "fake_email", "fake_origin", _))
.Times(1)
.InSequence(flow_order);
@@ -131,7 +132,8 @@ TEST_F(AttestationFlowTest, GetCertificate) {
scoped_ptr<ServerProxy> proxy_interface(proxy.release());
AttestationFlow flow(&async_caller, &client, proxy_interface.Pass());
- flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, true, mock_callback);
+ flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "fake_email",
+ "fake_origin", true, mock_callback);
Run();
}
@@ -157,7 +159,8 @@ TEST_F(AttestationFlowTest, GetCertificate_NoEK) {
scoped_ptr<ServerProxy> proxy_interface(proxy.release());
AttestationFlow flow(&async_caller, &client, proxy_interface.Pass());
- flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, true, mock_callback);
+ flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true,
+ mock_callback);
Run();
}
@@ -186,7 +189,8 @@ TEST_F(AttestationFlowTest, GetCertificate_EKRejected) {
scoped_ptr<ServerProxy> proxy_interface(proxy.release());
AttestationFlow flow(&async_caller, &client, proxy_interface.Pass());
- flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, true, mock_callback);
+ flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true,
+ mock_callback);
Run();
}
@@ -219,16 +223,17 @@ TEST_F(AttestationFlowTest, GetCertificate_FailEnroll) {
scoped_ptr<ServerProxy> proxy_interface(proxy.release());
AttestationFlow flow(&async_caller, &client, proxy_interface.Pass());
- flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, true, mock_callback);
+ flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true,
+ mock_callback);
Run();
}
TEST_F(AttestationFlowTest, GetMachineCertificateAlreadyEnrolled) {
StrictMock<cryptohome::MockAsyncMethodCaller> async_caller;
async_caller.SetUp(true, cryptohome::MOUNT_ERROR_NONE);
- int options = CERTIFICATE_INCLUDE_DEVICE_STATE |
- CERTIFICATE_INCLUDE_STABLE_ID;
- EXPECT_CALL(async_caller, AsyncTpmAttestationCreateCertRequest(options, _))
+ EXPECT_CALL(async_caller,
+ AsyncTpmAttestationCreateCertRequest(
+ PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, "", "", _))
.Times(1);
std::string fake_cert_response =
cryptohome::MockAsyncMethodCaller::kFakeAttestationCertRequest;
@@ -260,17 +265,17 @@ TEST_F(AttestationFlowTest, GetMachineCertificateAlreadyEnrolled) {
scoped_ptr<ServerProxy> proxy_interface(proxy.release());
AttestationFlow flow(&async_caller, &client, proxy_interface.Pass());
- flow.GetCertificate(PROFILE_ENTERPRISE_MACHINE_CERTIFICATE,
- true, mock_callback);
+ flow.GetCertificate(PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, "", "", true,
+ mock_callback);
Run();
}
TEST_F(AttestationFlowTest, GetCertificate_FailCreateCertRequest) {
StrictMock<cryptohome::MockAsyncMethodCaller> async_caller;
async_caller.SetUp(false, cryptohome::MOUNT_ERROR_NONE);
- int options = CERTIFICATE_INCLUDE_DEVICE_STATE;
EXPECT_CALL(async_caller,
- AsyncTpmAttestationCreateCertRequest(options, _))
+ AsyncTpmAttestationCreateCertRequest(
+ PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", _))
.Times(1);
chromeos::MockCryptohomeClient client;
@@ -288,16 +293,17 @@ TEST_F(AttestationFlowTest, GetCertificate_FailCreateCertRequest) {
scoped_ptr<ServerProxy> proxy_interface(proxy.release());
AttestationFlow flow(&async_caller, &client, proxy_interface.Pass());
- flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, true, mock_callback);
+ flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true,
+ mock_callback);
Run();
}
TEST_F(AttestationFlowTest, GetCertificate_CertRequestRejected) {
StrictMock<cryptohome::MockAsyncMethodCaller> async_caller;
async_caller.SetUp(true, cryptohome::MOUNT_ERROR_NONE);
- int options = CERTIFICATE_INCLUDE_DEVICE_STATE;
EXPECT_CALL(async_caller,
- AsyncTpmAttestationCreateCertRequest(options, _))
+ AsyncTpmAttestationCreateCertRequest(
+ PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", _))
.Times(1);
chromeos::MockCryptohomeClient client;
@@ -318,7 +324,8 @@ TEST_F(AttestationFlowTest, GetCertificate_CertRequestRejected) {
scoped_ptr<ServerProxy> proxy_interface(proxy.release());
AttestationFlow flow(&async_caller, &client, proxy_interface.Pass());
- flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, true, mock_callback);
+ flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true,
+ mock_callback);
Run();
}
@@ -341,15 +348,17 @@ TEST_F(AttestationFlowTest, GetCertificate_FailIsEnrolled) {
scoped_ptr<ServerProxy> proxy_interface(proxy.release());
AttestationFlow flow(&async_caller, &client, proxy_interface.Pass());
- flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, true, mock_callback);
+ flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true,
+ mock_callback);
Run();
}
TEST_F(AttestationFlowTest, GetCertificate_CheckExisting) {
StrictMock<cryptohome::MockAsyncMethodCaller> async_caller;
async_caller.SetUp(true, cryptohome::MOUNT_ERROR_NONE);
- int options = CERTIFICATE_INCLUDE_DEVICE_STATE;
- EXPECT_CALL(async_caller, AsyncTpmAttestationCreateCertRequest(options, _))
+ EXPECT_CALL(async_caller,
+ AsyncTpmAttestationCreateCertRequest(
+ PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", _))
.Times(1);
std::string fake_cert_response =
cryptohome::MockAsyncMethodCaller::kFakeAttestationCertRequest;
@@ -384,8 +393,8 @@ TEST_F(AttestationFlowTest, GetCertificate_CheckExisting) {
scoped_ptr<ServerProxy> proxy_interface(proxy.release());
AttestationFlow flow(&async_caller, &client, proxy_interface.Pass());
- flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE,
- false, mock_callback);
+ flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", false,
+ mock_callback);
Run();
}
@@ -414,8 +423,8 @@ TEST_F(AttestationFlowTest, GetCertificate_AlreadyExists) {
scoped_ptr<ServerProxy> proxy_interface(proxy.release());
AttestationFlow flow(&async_caller, &client, proxy_interface.Pass());
- flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE,
- false, mock_callback);
+ flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", false,
+ mock_callback);
Run();
}
diff --git a/chromeos/attestation/mock_attestation_flow.h b/chromeos/attestation/mock_attestation_flow.h
index bda8a72..1950246 100644
--- a/chromeos/attestation/mock_attestation_flow.h
+++ b/chromeos/attestation/mock_attestation_flow.h
@@ -65,7 +65,9 @@ class MockAttestationFlow : public AttestationFlow {
MockAttestationFlow();
virtual ~MockAttestationFlow();
- MOCK_METHOD3(GetCertificate, void(AttestationCertificateProfile,
+ MOCK_METHOD5(GetCertificate, void(AttestationCertificateProfile,
+ const std::string&,
+ const std::string&,
bool,
const CertificateCallback&));
};
diff --git a/chromeos/cryptohome/async_method_caller.cc b/chromeos/cryptohome/async_method_caller.cc
index 92392d9..c9af98a 100644
--- a/chromeos/cryptohome/async_method_caller.cc
+++ b/chromeos/cryptohome/async_method_caller.cc
@@ -133,11 +133,15 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller {
}
virtual void AsyncTpmAttestationCreateCertRequest(
- int options,
+ chromeos::attestation::AttestationCertificateProfile certificate_profile,
+ const std::string& username,
+ const std::string& request_origin,
const DataCallback& callback) OVERRIDE {
DBusThreadManager::Get()->GetCryptohomeClient()->
AsyncTpmAttestationCreateCertRequest(
- options,
+ certificate_profile,
+ username,
+ request_origin,
base::Bind(&AsyncMethodCallerImpl::RegisterAsyncDataCallback,
weak_ptr_factory_.GetWeakPtr(),
callback,
diff --git a/chromeos/cryptohome/async_method_caller.h b/chromeos/cryptohome/async_method_caller.h
index 7414284..e5ca604 100644
--- a/chromeos/cryptohome/async_method_caller.h
+++ b/chromeos/cryptohome/async_method_caller.h
@@ -9,6 +9,7 @@
#include "base/basictypes.h"
#include "base/callback_forward.h"
+#include "chromeos/attestation/attestation_constants.h"
#include "chromeos/chromeos_export.h"
#include "chromeos/dbus/cryptohome_client.h"
#include "third_party/cros_system_api/dbus/service_constants.h"
@@ -113,11 +114,15 @@ class CHROMEOS_EXPORT AsyncMethodCaller {
const Callback& callback) = 0;
// Asks cryptohomed to asynchronously create an attestation certificate
- // request according to |options|, which is a combination of
- // attestation::AttestationCertificateOptions. On success the data sent to
- // |callback| is a request to be sent to the Privacy CA.
+ // request according to |certificate_profile|. Some profiles require that the
+ // |user_email| of the currently active user and an identifier of the
+ // |request_origin| be provided. On success the data sent to |callback| is a
+ // request to be sent to the Privacy CA. The |request_origin| may be sent to
+ // the Privacy CA but the |user_email| will never be sent.
virtual void AsyncTpmAttestationCreateCertRequest(
- int options,
+ chromeos::attestation::AttestationCertificateProfile certificate_profile,
+ const std::string& user_email,
+ const std::string& request_origin,
const DataCallback& callback) = 0;
// Asks cryptohomed to asynchronously finish an attestation certificate
diff --git a/chromeos/cryptohome/mock_async_method_caller.cc b/chromeos/cryptohome/mock_async_method_caller.cc
index 9bd8193..dcd59a0 100644
--- a/chromeos/cryptohome/mock_async_method_caller.cc
+++ b/chromeos/cryptohome/mock_async_method_caller.cc
@@ -51,9 +51,9 @@ void MockAsyncMethodCaller::SetUp(bool success, MountError return_code) {
ON_CALL(*this, AsyncTpmAttestationEnroll(_, _))
.WillByDefault(
WithArgs<1>(Invoke(this, &MockAsyncMethodCaller::DoCallback)));
- ON_CALL(*this, AsyncTpmAttestationCreateCertRequest(_, _))
+ ON_CALL(*this, AsyncTpmAttestationCreateCertRequest(_, _, _, _))
.WillByDefault(
- WithArgs<1>(Invoke(this,
+ WithArgs<3>(Invoke(this,
&MockAsyncMethodCaller::FakeCreateCertRequest)));
ON_CALL(*this, AsyncTpmAttestationFinishCertRequest(_, _, _, _))
.WillByDefault(
diff --git a/chromeos/cryptohome/mock_async_method_caller.h b/chromeos/cryptohome/mock_async_method_caller.h
index 74567ca..8f3796b 100644
--- a/chromeos/cryptohome/mock_async_method_caller.h
+++ b/chromeos/cryptohome/mock_async_method_caller.h
@@ -52,9 +52,12 @@ class MockAsyncMethodCaller : public AsyncMethodCaller {
void(const DataCallback& callback));
MOCK_METHOD2(AsyncTpmAttestationEnroll,
void(const std::string& pca_response, const Callback& callback));
- MOCK_METHOD2(AsyncTpmAttestationCreateCertRequest,
- void(int options,
- const DataCallback& callback));
+ MOCK_METHOD4(
+ AsyncTpmAttestationCreateCertRequest,
+ void(chromeos::attestation::AttestationCertificateProfile profile,
+ const std::string& user_email,
+ const std::string& request_origin,
+ const DataCallback& callback));
MOCK_METHOD4(AsyncTpmAttestationFinishCertRequest,
void(const std::string& pca_response,
chromeos::attestation::AttestationKeyType key_type,
diff --git a/chromeos/dbus/cryptohome_client.cc b/chromeos/dbus/cryptohome_client.cc
index 445ba0b..965ef92 100644
--- a/chromeos/dbus/cryptohome_client.cc
+++ b/chromeos/dbus/cryptohome_client.cc
@@ -466,18 +466,17 @@ class CryptohomeClientImpl : public CryptohomeClient {
// CryptohomeClient override.
virtual void AsyncTpmAttestationCreateCertRequest(
- int options,
+ attestation::AttestationCertificateProfile certificate_profile,
+ const std::string& user_email,
+ const std::string& request_origin,
const AsyncMethodCallback& callback) OVERRIDE {
dbus::MethodCall method_call(
cryptohome::kCryptohomeInterface,
- cryptohome::kCryptohomeAsyncTpmAttestationCreateCertRequest);
+ cryptohome::kCryptohomeAsyncTpmAttestationCreateCertRequestByProfile);
dbus::MessageWriter writer(&method_call);
- bool include_stable_id =
- (options & attestation::CERTIFICATE_INCLUDE_STABLE_ID);
- writer.AppendBool(include_stable_id);
- bool include_device_state =
- (options & attestation::CERTIFICATE_INCLUDE_DEVICE_STATE);
- writer.AppendBool(include_device_state);
+ writer.AppendInt32(certificate_profile);
+ writer.AppendString(user_email);
+ writer.AppendString(request_origin);
proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT,
base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall,
weak_ptr_factory_.GetWeakPtr(),
diff --git a/chromeos/dbus/cryptohome_client.h b/chromeos/dbus/cryptohome_client.h
index 0bfc978..38d4880 100644
--- a/chromeos/dbus/cryptohome_client.h
+++ b/chromeos/dbus/cryptohome_client.h
@@ -250,14 +250,18 @@ class CHROMEOS_EXPORT CryptohomeClient {
const AsyncMethodCallback& callback) = 0;
// Asynchronously creates an attestation certificate request according to
- // |options|, which is a combination of AttestationCertificateOptions.
- // |callback| will be called when the dbus call completes. When the operation
- // completes, the AsyncCallStatusWithDataHandler signal handler is called.
- // The data that is sent with the signal is a certificate request to be sent
- // to the Privacy CA. The certificate request is completed by calling
- // AsyncTpmAttestationFinishCertRequest.
+ // |certificate_profile|. Some profiles require that the |user_email| of the
+ // currently active user and an identifier of the |request_origin| be
+ // provided. |callback| will be called when the dbus call completes. When
+ // the operation completes, the AsyncCallStatusWithDataHandler signal handler
+ // is called. The data that is sent with the signal is a certificate request
+ // to be sent to the Privacy CA. The certificate request is completed by
+ // calling AsyncTpmAttestationFinishCertRequest. The |user_email| will not
+ // be included in the certificate request for the Privacy CA.
virtual void AsyncTpmAttestationCreateCertRequest(
- int options,
+ attestation::AttestationCertificateProfile certificate_profile,
+ const std::string& user_email,
+ const std::string& request_origin,
const AsyncMethodCallback& callback) = 0;
// Asynchronously finishes a certificate request operation. The callback will
diff --git a/chromeos/dbus/cryptohome_client_stub.cc b/chromeos/dbus/cryptohome_client_stub.cc
index 96728a9..9942538 100644
--- a/chromeos/dbus/cryptohome_client_stub.cc
+++ b/chromeos/dbus/cryptohome_client_stub.cc
@@ -263,7 +263,9 @@ void CryptohomeClientStubImpl::AsyncTpmAttestationEnroll(
}
void CryptohomeClientStubImpl::AsyncTpmAttestationCreateCertRequest(
- int options,
+ attestation::AttestationCertificateProfile certificate_profile,
+ const std::string& user_email,
+ const std::string& request_origin,
const AsyncMethodCallback& callback) {
ReturnAsyncMethodResult(callback, true);
}
diff --git a/chromeos/dbus/cryptohome_client_stub.h b/chromeos/dbus/cryptohome_client_stub.h
index e38925a..8192600 100644
--- a/chromeos/dbus/cryptohome_client_stub.h
+++ b/chromeos/dbus/cryptohome_client_stub.h
@@ -90,7 +90,9 @@ class CryptohomeClientStubImpl : public CryptohomeClient {
const std::string& pca_response,
const AsyncMethodCallback& callback) OVERRIDE;
virtual void AsyncTpmAttestationCreateCertRequest(
- int options,
+ attestation::AttestationCertificateProfile certificate_profile,
+ const std::string& user_email,
+ const std::string& request_origin,
const AsyncMethodCallback& callback) OVERRIDE;
virtual void AsyncTpmAttestationFinishCertRequest(
const std::string& pca_response,
diff --git a/chromeos/dbus/fake_cryptohome_client.cc b/chromeos/dbus/fake_cryptohome_client.cc
index d13c0f7..c5df786 100644
--- a/chromeos/dbus/fake_cryptohome_client.cc
+++ b/chromeos/dbus/fake_cryptohome_client.cc
@@ -295,7 +295,9 @@ bool FakeCryptohomeClient::CallTpmClearStoredPasswordAndBlock() {
}
void FakeCryptohomeClient::AsyncTpmAttestationCreateCertRequest(
- int options,
+ attestation::AttestationCertificateProfile certificate_profile,
+ const std::string& user_email,
+ const std::string& request_origin,
const AsyncMethodCallback& callback) {
}
diff --git a/chromeos/dbus/fake_cryptohome_client.h b/chromeos/dbus/fake_cryptohome_client.h
index a4e5bfb..e254648 100644
--- a/chromeos/dbus/fake_cryptohome_client.h
+++ b/chromeos/dbus/fake_cryptohome_client.h
@@ -91,7 +91,9 @@ class FakeCryptohomeClient : public CryptohomeClient {
const std::string& pca_response,
const AsyncMethodCallback& callback) OVERRIDE;
virtual void AsyncTpmAttestationCreateCertRequest(
- int options,
+ attestation::AttestationCertificateProfile certificate_profile,
+ const std::string& user_email,
+ const std::string& request_origin,
const AsyncMethodCallback& callback) OVERRIDE;
virtual void AsyncTpmAttestationFinishCertRequest(
const std::string& pca_response,
diff --git a/chromeos/dbus/mock_cryptohome_client.h b/chromeos/dbus/mock_cryptohome_client.h
index 05ae2a7..86986e6 100644
--- a/chromeos/dbus/mock_cryptohome_client.h
+++ b/chromeos/dbus/mock_cryptohome_client.h
@@ -92,9 +92,12 @@ class MockCryptohomeClient : public CryptohomeClient {
MOCK_METHOD2(AsyncTpmAttestationEnroll,
void(const std::string& pca_response,
const AsyncMethodCallback& callback));
- MOCK_METHOD2(AsyncTpmAttestationCreateCertRequest,
- void(int options,
- const AsyncMethodCallback& callback));
+ MOCK_METHOD4(
+ AsyncTpmAttestationCreateCertRequest,
+ void(attestation::AttestationCertificateProfile certificate_profile,
+ const std::string& user_email,
+ const std::string& request_origin,
+ const AsyncMethodCallback& callback));
MOCK_METHOD4(AsyncTpmAttestationFinishCertRequest,
void(const std::string& pca_response,
attestation::AttestationKeyType key_type,
generated by cgit v1.1 at 2024-09-10 04:34:56 +0000