1c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// found in the LICENSE file. 4c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 5c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#ifndef CHROME_BROWSER_EXTENSIONS_API_ENTERPRISE_PLATFORM_KEYS_PRIVATE_ENTERPRISE_PLATFORM_KEYS_PRIVATE_API_H__ 6c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define CHROME_BROWSER_EXTENSIONS_API_ENTERPRISE_PLATFORM_KEYS_PRIVATE_ENTERPRISE_PLATFORM_KEYS_PRIVATE_API_H__ 7c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 8c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include <string> 9c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 10c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/callback.h" 11c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/compiler_specific.h" 12c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/memory/scoped_ptr.h" 131e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles)#include "chrome/browser/extensions/chrome_extension_function.h" 14c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/common/extensions/api/enterprise_platform_keys_private.h" 15c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chromeos/attestation/attestation_constants.h" 16c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chromeos/attestation/attestation_flow.h" 17c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chromeos/dbus/cryptohome_client.h" 18c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chromeos/dbus/dbus_method_call_status.h" 19c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "third_party/cros_system_api/dbus/service_constants.h" 20c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 21c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class PrefService; 22c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 23c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace chromeos { 24c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class CryptohomeClient; 25c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 26c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 27c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace cryptohome { 28c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class AsyncMethodCaller; 29c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 30c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 31c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace policy { 32c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class EnterpriseInstallAttributes; 33c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 34c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 35c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace user_prefs { 36c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class PrefRegistrySyncable; 37c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 38c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 39c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace extensions { 40c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 411e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles)class EPKPChallengeKeyBase : public ChromeAsyncExtensionFunction { 42b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) public: 43b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) static const char kChallengeBadBase64Error[]; 44b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) static const char kDevicePolicyDisabledError[]; 4590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) static const char kExtensionNotWhitelistedError[]; 46b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) static const char kResponseBadBase64Error[]; 47b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) static const char kSignChallengeFailedError[]; 4890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) static const char kUserNotManaged[]; 49b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 50c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) protected: 51c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) enum PrepareKeyResult { 52c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) PREPARE_KEY_OK = 0, 53c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) PREPARE_KEY_DBUS_ERROR, 54c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) PREPARE_KEY_USER_REJECTED, 55c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) PREPARE_KEY_GET_CERTIFICATE_FAILED, 560f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) PREPARE_KEY_RESET_REQUIRED 57c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) }; 58c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 59c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EPKPChallengeKeyBase(); 60b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EPKPChallengeKeyBase( 61b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::CryptohomeClient* cryptohome_client, 62b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) cryptohome::AsyncMethodCaller* async_caller, 63b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::attestation::AttestationFlow* attestation_flow, 64b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) policy::EnterpriseInstallAttributes* install_attributes); 65c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) virtual ~EPKPChallengeKeyBase(); 66c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 67c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Returns a trusted value from CroSettings indicating if the device 68c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // attestation is enabled. 69c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void GetDeviceAttestationEnabled( 70c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const base::Callback<void(bool)>& callback) const; 71c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 72c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Returns true if the device is enterprise managed. 73c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool IsEnterpriseDevice() const; 74c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 7590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Returns true if the extension is white-listed in the user policy. 7690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) bool IsExtensionWhitelisted() const; 7790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 7890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Returns true if the user is enterprise managed. 7990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) bool IsUserManaged() const; 8090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 81c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Returns the enterprise domain the device is enrolled to. 82c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::string GetEnterpriseDomain() const; 83c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 8490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // Returns the user email. 8590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) std::string GetUserEmail() const; 86a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) 87c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Returns the enterprise virtual device ID. 88c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::string GetDeviceId() const; 89c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 90c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Prepares the key for signing. It will first check if the key exists. If 91c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // the key does not exist, it will call AttestationFlow::GetCertificate() to 92c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // get a new one. If require_user_consent is true, it will explicitly ask for 93c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // user consent before calling GetCertificate(). 94c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void PrepareKey( 95c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) chromeos::attestation::AttestationKeyType key_type, 968bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) const std::string& user_id, 97c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& key_name, 98c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) chromeos::attestation::AttestationCertificateProfile certificate_profile, 99c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool require_user_consent, 100c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const base::Callback<void(PrepareKeyResult)>& callback); 101c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 102c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) chromeos::CryptohomeClient* cryptohome_client_; 103c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) cryptohome::AsyncMethodCaller* async_caller_; 104b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::attestation::AttestationFlow* attestation_flow_; 105b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) scoped_ptr<chromeos::attestation::AttestationFlow> default_attestation_flow_; 106c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 107c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) private: 1080f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) // Holds the context of a PrepareKey() operation. 1090f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) struct PrepareKeyContext { 110f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) PrepareKeyContext( 111f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) chromeos::attestation::AttestationKeyType key_type, 112f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) const std::string& user_id, 113f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) const std::string& key_name, 114f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) chromeos::attestation::AttestationCertificateProfile 115f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) certificate_profile, 116f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) bool require_user_consent, 117f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) const base::Callback<void(PrepareKeyResult)>& callback); 118f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) ~PrepareKeyContext(); 119f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 1200f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) chromeos::attestation::AttestationKeyType key_type; 121f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) const std::string user_id; 122f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) const std::string key_name; 1230f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) chromeos::attestation::AttestationCertificateProfile certificate_profile; 1240f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) bool require_user_consent; 125f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) const base::Callback<void(PrepareKeyResult)> callback; 1260f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) }; 1270f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 1280f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) void IsAttestationPreparedCallback( 1290f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) const PrepareKeyContext& context, 1300f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) chromeos::DBusMethodCallStatus status, 1310f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) bool result); 132c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void DoesKeyExistCallback( 1330f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) const PrepareKeyContext& context, 134c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) chromeos::DBusMethodCallStatus status, 135c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool result); 136c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void AskForUserConsent(const base::Callback<void(bool)>& callback) const; 137c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void AskForUserConsentCallback( 1380f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) const PrepareKeyContext& context, 139c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool result); 140c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void GetCertificateCallback( 141c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const base::Callback<void(PrepareKeyResult)>& callback, 142c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool success, 143c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& pem_certificate_chain); 144c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 145c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) policy::EnterpriseInstallAttributes* install_attributes_; 146c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}; 147c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 148c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class EPKPChallengeMachineKey : public EPKPChallengeKeyBase { 149b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) public: 150b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) static const char kGetCertificateFailedError[]; 151b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) static const char kNonEnterpriseDeviceError[]; 152b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 153b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EPKPChallengeMachineKey(); 154b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EPKPChallengeMachineKey( 155b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::CryptohomeClient* cryptohome_client, 156b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) cryptohome::AsyncMethodCaller* async_caller, 157b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::attestation::AttestationFlow* attestation_flow, 158b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) policy::EnterpriseInstallAttributes* install_attributes); 159b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 160c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) protected: 161010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) virtual bool RunAsync() OVERRIDE; 162c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 163c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) private: 164c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) static const char kKeyName[]; 165c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 166c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) virtual ~EPKPChallengeMachineKey(); 167c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 168c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void GetDeviceAttestationEnabledCallback(const std::string& challenge, 169c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool enabled); 170c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void PrepareKeyCallback(const std::string& challenge, 171c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) PrepareKeyResult result); 172c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void SignChallengeCallback(bool success, const std::string& response); 173c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 174c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) DECLARE_EXTENSION_FUNCTION( 175c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) "enterprise.platformKeysPrivate.challengeMachineKey", 176c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) ENTERPRISE_PLATFORMKEYSPRIVATE_CHALLENGEMACHINEKEY); 177c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}; 178c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 179c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)typedef EPKPChallengeMachineKey 180c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EnterprisePlatformKeysPrivateChallengeMachineKeyFunction; 181c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 182c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class EPKPChallengeUserKey : public EPKPChallengeKeyBase { 183c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) public: 184b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) static const char kGetCertificateFailedError[]; 185b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) static const char kKeyRegistrationFailedError[]; 186b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) static const char kUserPolicyDisabledError[]; 187b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 188b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EPKPChallengeUserKey(); 189b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EPKPChallengeUserKey( 190b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::CryptohomeClient* cryptohome_client, 191b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) cryptohome::AsyncMethodCaller* async_caller, 192b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::attestation::AttestationFlow* attestation_flow, 193b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) policy::EnterpriseInstallAttributes* install_attributes); 194b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 1957dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry); 196c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 197c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) protected: 198010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) virtual bool RunAsync() OVERRIDE; 199c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 200c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) private: 201c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) static const char kKeyName[]; 202c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 203c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) virtual ~EPKPChallengeUserKey(); 204c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 205c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void GetDeviceAttestationEnabledCallback(const std::string& challenge, 206c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool register_key, 207c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool require_user_consent, 208c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool enabled); 209c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void PrepareKeyCallback(const std::string& challenge, 210c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool register_key, 211c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) PrepareKeyResult result); 212c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void SignChallengeCallback(bool register_key, 213c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool success, 214c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& response); 215c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void RegisterKeyCallback(const std::string& response, 216c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool success, 217c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) cryptohome::MountError return_code); 218c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 219c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool IsRemoteAttestationEnabledForUser() const; 220c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 221c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) DECLARE_EXTENSION_FUNCTION( 222c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) "enterprise.platformKeysPrivate.challengeUserKey", 223c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) ENTERPRISE_PLATFORMKEYSPRIVATE_CHALLENGEUSERKEY); 224c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}; 225c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 226c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)typedef EPKPChallengeUserKey 227c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EnterprisePlatformKeysPrivateChallengeUserKeyFunction; 228c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 229c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} // namespace extensions 230c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 231c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#endif // CHROME_BROWSER_EXTENSIONS_API_ENTERPRISE_PLATFORM_KEYS_PRIVATE_ENTERPRISE_PLATFORM_KEYS_PRIVATE_API_H__ 232