root/chrome/browser/chromeos/login/managed/managed_user_authenticator.h

INCLUDED FROM

// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_AUTHENTICATOR_H_
#define CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_AUTHENTICATOR_H_

#include <string>

#include "base/basictypes.h"
#include "base/compiler_specific.h"
#include "base/memory/ref_counted.h"
#include "base/memory/scoped_ptr.h"
#include "third_party/cros_system_api/dbus/service_constants.h"

namespace chromeos {

// Authenticates locally managed users against the cryptohome.
//
// Typical flow:
// AuthenticateToMount() calls a Cryptohome to perform offline login,
// AuthenticateToCreate() calls a Cryptohome to create new cryptohome.
class ManagedUserAuthenticator
    : public base::RefCountedThreadSafe<ManagedUserAuthenticator> {
 public:
  enum AuthState {
    CONTINUE,      // State indeterminate; try again when more info available.
    NO_MOUNT,      // No cryptohome exist for user.
    FAILED_MOUNT,  // Failed to mount existing cryptohome - login failed.
    FAILED_TPM,    // Failed to mount/create cryptohome because of TPM error.
    SUCCESS,       // Login succeeded .
  };

  class AuthAttempt {
   public:
    AuthAttempt(const std::string& username,
                const std::string& password,
                bool add_key_attempt);
    ~AuthAttempt();

    // Copy |cryptohome_code| and |cryptohome_outcome| into this object,
    // so we can have a copy we're sure to own, and can make available
    // on the IO thread.  Must be called from the IO thread.
    void RecordCryptohomeStatus(bool cryptohome_outcome,
                                cryptohome::MountError cryptohome_code);

    // Copy |hash| into this object so we can have a copy we're sure to own
    // and can make available on the IO thread.
    // Must be called from the IO thread.
    void RecordHash(const std::string& hash);

    bool cryptohome_complete();
    bool cryptohome_outcome();
    bool hash_obtained();
    std::string hash();
    cryptohome::MountError cryptohome_code();

    const std::string username;
    const std::string password;
    const bool add_key;

   private:
    bool cryptohome_complete_;
    bool cryptohome_outcome_;
    bool hash_obtained_;
    std::string hash_;

    cryptohome::MountError cryptohome_code_;
    DISALLOW_COPY_AND_ASSIGN(AuthAttempt);
  };

  class AuthStatusConsumer {
   public:
    virtual ~AuthStatusConsumer() {}
    // The current login attempt has ended in failure, with error.
    virtual void OnAuthenticationFailure(AuthState state) = 0;
    // The current login attempt has ended succesfully.
    virtual void OnMountSuccess(const std::string& mount_hash) = 0;
    // The current add key attempt has ended succesfully.
    virtual void OnAddKeySuccess() = 0;
  };

  explicit ManagedUserAuthenticator(AuthStatusConsumer* consumer);

  void AuthenticateToMount(const std::string& username,
                           const std::string& password);

  void AuthenticateToCreate(const std::string& username,
                            const std::string& password);

  void AddMasterKey(const std::string& username,
                    const std::string& password,
                    const std::string& master_key);
  void Resolve();

 private:
  friend class base::RefCountedThreadSafe<ManagedUserAuthenticator>;

  ~ManagedUserAuthenticator();

  AuthState ResolveState();
  AuthState ResolveCryptohomeFailureState();
  AuthState ResolveCryptohomeSuccessState();
  void OnAuthenticationSuccess(const std::string& mount_hash, bool add_key);
  void OnAuthenticationFailure(AuthState state);

  scoped_ptr<AuthAttempt> current_state_;
  AuthStatusConsumer* consumer_;

  DISALLOW_COPY_AND_ASSIGN(ManagedUserAuthenticator);
};

}  // namespace chromeos

#endif  // CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_AUTHENTICATOR_H_