1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124
|
// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_ASH_ATTESTATION_ENROLLMENT_ID_UPLOAD_MANAGER_H_
#define CHROME_BROWSER_ASH_ATTESTATION_ENROLLMENT_ID_UPLOAD_MANAGER_H_
#include <memory>
#include <queue>
#include <string>
#include "base/functional/callback.h"
#include "base/memory/raw_ptr.h"
#include "base/memory/weak_ptr.h"
#include "chrome/browser/ash/attestation/enrollment_certificate_uploader.h"
#include "chrome/browser/ash/settings/device_settings_service.h"
#include "chromeos/ash/components/dbus/attestation/interface.pb.h"
#include "chromeos/ash/components/dbus/constants/attestation_constants.h"
#include "components/policy/core/common/cloud/cloud_policy_client.h"
namespace ash {
namespace attestation {
// A class which observes policy changes and triggers uploading identification
// for enrollment if necessary.
class EnrollmentIdUploadManager : public DeviceSettingsService::Observer {
public:
using UploadManagerCallback = base::OnceCallback<void(bool success)>;
// The manager immediately connects with DeviceSettingsService to listen for
// policy changes. The EnrollmentCertificateUploader is used to attempt to
// upload enrollment certificate first. If it fails, the manager attempts to
// upload enrollment ID. The CloudPolicyClient is used to upload enrollment ID
// to the server; it must be in the registered state. This class does not take
// ownership of |policy_client|.
EnrollmentIdUploadManager(
policy::CloudPolicyClient* policy_client,
EnrollmentCertificateUploader* certificate_uploader);
// A constructor which accepts custom instances useful for testing.
EnrollmentIdUploadManager(
policy::CloudPolicyClient* policy_client,
DeviceSettingsService* device_settings_service,
EnrollmentCertificateUploader* certificate_uploader);
// Disallow copy and assign.
EnrollmentIdUploadManager(const EnrollmentIdUploadManager&) = delete;
EnrollmentIdUploadManager& operator=(const EnrollmentIdUploadManager&) =
delete;
~EnrollmentIdUploadManager() override;
// Obtains a fresh enrollment certificate, which contains enrollment ID, and
// uploads it. If it fails, the manager will attempt to upload enrollment ID.
// Calls the callback when the processing is complete, with `success` set to
// `true` if either the enrollment certificate or the enrollment ID was
// uploaded, or `false`, otherwise.
void ObtainAndUploadEnrollmentId(UploadManagerCallback callback);
// Sets the retry limit in number of tries; useful for testing.
void set_retry_limit_for_testing(int limit) { retry_limit_ = limit; }
// Sets the retry delay in seconds; useful for testing.
void set_retry_delay_for_testing(int retry_delay) {
retry_delay_ = retry_delay;
}
private:
// Called when the device settings change.
void DeviceSettingsUpdated() override;
// Checks enrollment setting and starts any necessary work.
void Start();
// Handles certificate upload status. If succeeded or failed to upload - does
// nothing more. If failed to fetch - starts computed enrollment ID flow.
void OnEnrollmentCertificateUploaded(
EnrollmentCertificateUploader::Status status);
// Gets an enrollment identifier directly. Does nothing if |policy_client_| is
// not registered, or if an empty ID has already been uploaded.
void GetEnrollmentId();
// Handles an enrollment identifier obtained directly.
void OnGetEnrollmentId(const ::attestation::GetEnrollmentIdReply& reply);
// Reschedule an attempt to get an enrollment identifier directly.
void RescheduleGetEnrollmentId();
// Called when an enrollment identifier upload operation completes.
// On success, |result| will be true. The string |enrollment_id| contains
// the enrollment identifier that was uploaded.
void OnUploadComplete(const std::string& enrollment_id,
policy::CloudPolicyClient::Result result);
// Run all callbacks with |status|.
void RunCallbacks(bool status);
const raw_ptr<DeviceSettingsService> device_settings_service_;
const raw_ptr<policy::CloudPolicyClient, DanglingUntriaged> policy_client_;
const raw_ptr<EnrollmentCertificateUploader> certificate_uploader_;
int num_retries_;
int retry_limit_;
int retry_delay_;
// Used to remember we uploaded an empty identifier this session for
// devices that can't obtain the identifier until they are powerwashed or
// updated and rebooted (see http://crbug.com/867724).
bool did_upload_empty_eid_ = false;
// Callbacks for the enrollment ID upload that is in progress.
std::queue<UploadManagerCallback> upload_manager_callbacks_;
// Note: This should remain the last member so it'll be destroyed and
// invalidate the weak pointers before any other members are destroyed.
base::WeakPtrFactory<EnrollmentIdUploadManager> weak_factory_{this};
friend class EnrollmentIdUploadManagerTest;
};
} // namespace attestation
} // namespace ash
#endif // CHROME_BROWSER_ASH_ATTESTATION_ENROLLMENT_ID_UPLOAD_MANAGER_H_
|