1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROMEOS_CRYPTOHOME_ASYNC_METHOD_CALLER_H_
6 #define CHROMEOS_CRYPTOHOME_ASYNC_METHOD_CALLER_H_
10 #include "base/basictypes.h"
11 #include "base/callback_forward.h"
12 #include "chromeos/attestation/attestation_constants.h"
13 #include "chromeos/chromeos_export.h"
14 #include "chromeos/dbus/cryptohome_client.h"
15 #include "third_party/cros_system_api/dbus/service_constants.h"
17 namespace cryptohome {
19 // Note: This file is placed in ::cryptohome instead of ::chromeos::cryptohome
20 // since there is already a namespace ::cryptohome which holds the error code
21 // enum (MountError) and referencing ::chromeos::cryptohome and ::cryptohome
22 // within the same code is confusing.
24 // Flags for the AsyncMount method.
26 MOUNT_FLAGS_NONE = 0, // Used to explicitly denote that no flags are
28 CREATE_IF_MISSING = 1, // Create a cryptohome if it does not exist yet.
29 ENSURE_EPHEMERAL = 1 << 1, // Ensure that the mount is ephemeral.
32 // This class manages calls to Cryptohome service's 'async' methods.
33 class CHROMEOS_EXPORT AsyncMethodCaller {
35 // A callback type which is called back on the UI thread when the results of
36 // method calls are ready.
37 typedef base::Callback<void(bool success, MountError return_code)> Callback;
38 typedef base::Callback<void(bool success, const std::string& data)>
41 virtual ~AsyncMethodCaller() {}
43 // Asks cryptohomed to asynchronously try to find the cryptohome for
44 // |user_email| and then use |passhash| to unlock the key.
45 // |callback| will be called with status info on completion.
46 virtual void AsyncCheckKey(const std::string& user_email,
47 const std::string& passhash,
48 Callback callback) = 0;
50 // Asks cryptohomed to asynchronously try to find the cryptohome for
51 // |user_email| and then change from using |old_hash| to lock the
52 // key to using |new_hash|.
53 // |callback| will be called with status info on completion.
54 virtual void AsyncMigrateKey(const std::string& user_email,
55 const std::string& old_hash,
56 const std::string& new_hash,
57 Callback callback) = 0;
59 // Asks cryptohomed to asynchronously try to find the cryptohome for
60 // |user_email| and then mount it using |passhash| to unlock the key.
61 // The |flags| are a combination of |MountFlags|:
62 // * CREATE_IF_MISSING Controls whether or not cryptohomed is asked to create
63 // a new cryptohome if one does not exist yet for
65 // * ENSURE_EPHEMERAL If |true|, the mounted cryptohome will be backed by
66 // tmpfs. If |false|, the ephemeral users policy decides
67 // whether tmpfs or an encrypted directory is used as the
69 // |callback| will be called with status info on completion.
70 // If the |CREATE_IF_MISSING| flag is not given and no cryptohome exists
71 // for |user_email|, the expected result is
72 // callback.Run(false, kCryptohomeMountErrorUserDoesNotExist). Otherwise,
73 // the normal range of return codes is expected.
74 virtual void AsyncMount(const std::string& user_email,
75 const std::string& passhash,
77 Callback callback) = 0;
79 // Asks cryptohomed to asynchronously try to add another |new_passhash| for
80 // |user_email| using |passhash| to unlock the key.
81 // |callback| will be called with status info on completion.
82 virtual void AsyncAddKey(const std::string& user_email,
83 const std::string& passhash,
84 const std::string& new_passhash,
85 Callback callback) = 0;
87 // Asks cryptohomed to asynchronously to mount a tmpfs for guest mode.
88 // |callback| will be called with status info on completion.
89 virtual void AsyncMountGuest(Callback callback) = 0;
91 // Asks cryptohomed to asynchrounously try to find the cryptohome for
92 // |public_mount_id| and then mount it using a passhash derived from
93 // |public_mount_id| and a secret. See AsyncMount for possible values for
95 virtual void AsyncMountPublic(const std::string& public_mount_id,
97 Callback callback) = 0;
99 // Asks cryptohomed to asynchronously try to find the cryptohome for
100 // |user_email| and then nuke it.
101 virtual void AsyncRemove(const std::string& user_email,
102 Callback callback) = 0;
104 // Asks cryptohomed to asynchronously create an attestation enrollment
105 // request. On success the data sent to |callback| is a request to be sent
106 // to the Privacy CA.
107 virtual void AsyncTpmAttestationCreateEnrollRequest(
108 const DataCallback& callback) = 0;
110 // Asks cryptohomed to asynchronously finish an attestation enrollment.
111 // |pca_response| is the response to the enrollment request emitted by the
113 virtual void AsyncTpmAttestationEnroll(const std::string& pca_response,
114 const Callback& callback) = 0;
116 // Asks cryptohomed to asynchronously create an attestation certificate
117 // request according to |certificate_profile|. Some profiles require that the
118 // |user_id| of the currently active user and an identifier of the
119 // |request_origin| be provided. On success the data sent to |callback| is a
120 // request to be sent to the Privacy CA. The |request_origin| may be sent to
121 // the Privacy CA but the |user_id| will never be sent.
122 virtual void AsyncTpmAttestationCreateCertRequest(
123 chromeos::attestation::AttestationCertificateProfile certificate_profile,
124 const std::string& user_id,
125 const std::string& request_origin,
126 const DataCallback& callback) = 0;
128 // Asks cryptohomed to asynchronously finish an attestation certificate
129 // request. On success the data sent to |callback| is a certificate chain
130 // in PEM format. |pca_response| is the response to the certificate request
131 // emitted by the Privacy CA. |key_type| determines whether the certified key
132 // is to be associated with the current user. |key_name| is a name for the
133 // key. If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise
134 // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical
136 virtual void AsyncTpmAttestationFinishCertRequest(
137 const std::string& pca_response,
138 chromeos::attestation::AttestationKeyType key_type,
139 const std::string& user_id,
140 const std::string& key_name,
141 const DataCallback& callback) = 0;
143 // Asks cryptohomed to asynchronously register the attestation key specified
144 // by |key_type| and |key_name|. If |key_type| is KEY_USER, a |user_id| must
145 // be provided. Otherwise |user_id| is ignored. For normal GAIA users the
146 // |user_id| is a canonical email address.
147 virtual void TpmAttestationRegisterKey(
148 chromeos::attestation::AttestationKeyType key_type,
149 const std::string& user_id,
150 const std::string& key_name,
151 const Callback& callback) = 0;
153 // Asks cryptohomed to asynchronously sign an enterprise challenge with the
154 // key specified by |key_type| and |key_name|. The |domain| and |device_id|
155 // parameters will be included in the challenge response. |challenge| must be
156 // a valid enterprise challenge. On success, the data sent to |callback| is
157 // the challenge response. If |key_type| is KEY_USER, a |user_id| must be
158 // provided. Otherwise |user_id| is ignored. For normal GAIA users the
159 // |user_id| is a canonical email address.
160 virtual void TpmAttestationSignEnterpriseChallenge(
161 chromeos::attestation::AttestationKeyType key_type,
162 const std::string& user_id,
163 const std::string& key_name,
164 const std::string& domain,
165 const std::string& device_id,
166 chromeos::attestation::AttestationChallengeOptions options,
167 const std::string& challenge,
168 const DataCallback& callback) = 0;
170 // Asks cryptohomed to asynchronously sign a simple challenge with the key
171 // specified by |key_type| and |key_name|. |challenge| can be any arbitrary
172 // set of bytes. On success, the data sent to |callback| is the challenge
173 // response. If |key_type| is KEY_USER, a |user_id| must be provided.
174 // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a
175 // canonical email address.
176 virtual void TpmAttestationSignSimpleChallenge(
177 chromeos::attestation::AttestationKeyType key_type,
178 const std::string& user_id,
179 const std::string& key_name,
180 const std::string& challenge,
181 const DataCallback& callback) = 0;
183 // Asks cryptohome to asynchronously retrieve a string associated with given
184 // |user| that would be used in mount path instead of |user|.
185 // On success the data is sent to |callback|.
186 virtual void AsyncGetSanitizedUsername(
187 const std::string& user,
188 const DataCallback& callback) = 0;
190 // Creates the global AsyncMethodCaller instance.
191 static void Initialize();
193 // Similar to Initialize(), but can inject an alternative
194 // AsyncMethodCaller such as MockAsyncMethodCaller for testing.
195 // The injected object will be owned by the internal pointer and deleted
197 static void InitializeForTesting(AsyncMethodCaller* async_method_caller);
199 // Destroys the global AsyncMethodCaller instance if it exists.
200 static void Shutdown();
202 // Returns a pointer to the global AsyncMethodCaller instance.
203 // Initialize() should already have been called.
204 static AsyncMethodCaller* GetInstance();
207 } // namespace cryptohome
209 #endif // CHROMEOS_CRYPTOHOME_ASYNC_METHOD_CALLER_H_