// Copyright (c) 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_CHROMEOS_ATTESTATION_ATTESTATION_POLICY_OBSERVER_H_
#define CHROME_BROWSER_CHROMEOS_ATTESTATION_ATTESTATION_POLICY_OBSERVER_H_
#include <string>
#include "base/basictypes.h"
#include "base/callback.h"
#include "base/memory/scoped_ptr.h"
#include "base/memory/weak_ptr.h"
#include "chrome/browser/chromeos/settings/cros_settings.h"
namespace policy {
class CloudPolicyClient;
}
namespace chromeos {
class CrosSettings;
class CryptohomeClient;
namespace attestation {
class AttestationFlow;
// A class which observes policy changes and triggers device attestation work if
// necessary.
class AttestationPolicyObserver {
public:
// The observer immediately connects with CrosSettings to listen for policy
// changes. The CloudPolicyClient is used to upload the device certificate to
// the server if one is created in response to policy changes; it must be in
// the registered state. This class does not take ownership of
// |policy_client|.
explicit AttestationPolicyObserver(policy::CloudPolicyClient* policy_client);
// A constructor which allows custom CryptohomeClient and AttestationFlow
// implementations. Useful for testing.
AttestationPolicyObserver(policy::CloudPolicyClient* policy_client,
CryptohomeClient* cryptohome_client,
AttestationFlow* attestation_flow);
~AttestationPolicyObserver();
// Sets the retry delay in seconds; useful in testing.
void set_retry_delay(int retry_delay) {
retry_delay_ = retry_delay;
}
private:
// Called when the attestation setting changes.
void AttestationSettingChanged();
// Checks attestation policy and starts any necessary work.
void Start();
// Gets a new certificate for the Enterprise Machine Key (EMK).
void GetNewCertificate();
// Gets the existing EMK certificate and sends it to CheckCertificateExpiry.
void GetExistingCertificate();
// Checks if the given certificate is expired and, if so, get a new one.
void CheckCertificateExpiry(const std::string& certificate);
// Uploads a certificate to the policy server.
void UploadCertificate(const std::string& certificate);
// Checks if a certificate has already been uploaded and, if not, upload.
void CheckIfUploaded(const std::string& certificate,
const std::string& key_payload);
// Gets the payload associated with the EMK and sends it to |callback|.
void GetKeyPayload(base::Callback<void(const std::string&)> callback);
// Called when a certificate upload operation completes. On success, |status|
// will be true.
void OnUploadComplete(bool status);
// Marks a key as uploaded in the payload proto.
void MarkAsUploaded(const std::string& key_payload);
// Reschedules a policy check (i.e. a call to Start) for a later time.
// TODO(dkrahn): A better solution would be to wait for a dbus signal which
// indicates the system is ready to process this task. See crbug.com/256845.
void Reschedule();
CrosSettings* cros_settings_;
policy::CloudPolicyClient* policy_client_;
CryptohomeClient* cryptohome_client_;
AttestationFlow* attestation_flow_;
scoped_ptr<AttestationFlow> default_attestation_flow_;
int num_retries_;
int retry_delay_;
scoped_ptr<CrosSettings::ObserverSubscription> attestation_subscription_;
// Note: This should remain the last member so it'll be destroyed and
// invalidate the weak pointers before any other members are destroyed.
base::WeakPtrFactory<AttestationPolicyObserver> weak_factory_;
DISALLOW_COPY_AND_ASSIGN(AttestationPolicyObserver);
};
} // namespace attestation
} // namespace chromeos
#endif // CHROME_BROWSER_CHROMEOS_ATTESTATION_ATTESTATION_POLICY_OBSERVER_H_