cryptohome_client.h revision 5f1c94371a64b3196d4be9466099bb892df9b88e 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_
6#define CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_
7
8#include <string>
9#include <vector>
10
11#include "base/basictypes.h"
12#include "base/callback.h"
13#include "chromeos/attestation/attestation_constants.h"
14#include "chromeos/chromeos_export.h"
15#include "chromeos/dbus/dbus_client.h"
16#include "chromeos/dbus/dbus_method_call_status.h"
17
18namespace cryptohome {
19
20class AccountIdentifier;
21class AddKeyRequest;
22class AuthorizationRequest;
23class BaseReply;
24class CheckKeyRequest;
25class FlushAndSignBootAttributesRequest;
26class GetBootAttributeRequest;
27class MountRequest;
28class RemoveKeyRequest;
29class SetBootAttributeRequest;
30class UpdateKeyRequest;
31
32} // namespace cryptohome
33
34namespace chromeos {
35
36// CryptohomeClient is used to communicate with the Cryptohome service.
37// All method should be called from the origin thread (UI thread) which
38// initializes the DBusThreadManager instance.
39class CHROMEOS_EXPORT CryptohomeClient : public DBusClient {
40 public:
41  // A callback to handle AsyncCallStatus signals.
42  typedef base::Callback<void(int async_id,
43                              bool return_status,
44                              int return_code)>
45      AsyncCallStatusHandler;
46  // A callback to handle AsyncCallStatusWithData signals.
47  typedef base::Callback<void(int async_id,
48                              bool return_status,
49                              const std::string& data)>
50      AsyncCallStatusWithDataHandler;
51  // A callback to handle responses of AsyncXXX methods.
52  typedef base::Callback<void(int async_id)> AsyncMethodCallback;
53  // A callback for GetSystemSalt().
54  typedef base::Callback<void(
55      DBusMethodCallStatus call_status,
56      const std::vector<uint8>& system_salt)> GetSystemSaltCallback;
57  // A callback for WaitForServiceToBeAvailable().
58  typedef base::Callback<void(bool service_is_ready)>
59      WaitForServiceToBeAvailableCallback;
60  // A callback to handle responses of Pkcs11GetTpmTokenInfo method.  The result
61  // of the D-Bus call is in |call_status|.  On success, |label| holds the
62  // PKCS #11 token label.  This is not useful in practice to identify a token
63  // but may be meaningful to a user.  The |user_pin| can be used with the
64  // C_Login PKCS #11 function but is not necessary because tokens are logged in
65  // for the duration of a signed-in session.  The |slot| corresponds to a
66  // CK_SLOT_ID for the PKCS #11 API and reliably identifies the token for the
67  // duration of the signed-in session.
68  typedef base::Callback<void(
69      DBusMethodCallStatus call_status,
70      const std::string& label,
71      const std::string& user_pin,
72      int slot)> Pkcs11GetTpmTokenInfoCallback;
73  // A callback for methods which return both a bool result and data.
74  typedef base::Callback<void(DBusMethodCallStatus call_status,
75                              bool result,
76                              const std::string& data)> DataMethodCallback;
77
78  // A callback for methods which return both a bool and a protobuf as reply.
79  typedef base::Callback<
80      void(DBusMethodCallStatus call_status,
81           bool result,
82           const cryptohome::BaseReply& reply)> ProtobufMethodCallback;
83
84  virtual ~CryptohomeClient();
85
86  // Factory function, creates a new instance and returns ownership.
87  // For normal usage, access the singleton via DBusThreadManager::Get().
88  static CryptohomeClient* Create();
89
90  // Returns the sanitized |username| that the stub implementation would return.
91  static std::string GetStubSanitizedUsername(const std::string& username);
92
93  // Sets AsyncCallStatus signal handlers.
94  // |handler| is called when results for AsyncXXX methods are returned.
95  // Cryptohome service will process the calls in a first-in-first-out manner
96  // when they are made in parallel.
97  virtual void SetAsyncCallStatusHandlers(
98      const AsyncCallStatusHandler& handler,
99      const AsyncCallStatusWithDataHandler& data_handler) = 0;
100
101  // Resets AsyncCallStatus signal handlers.
102  virtual void ResetAsyncCallStatusHandlers() = 0;
103
104  // Runs the callback as soon as the service becomes available.
105  virtual void WaitForServiceToBeAvailable(
106      const WaitForServiceToBeAvailableCallback& callback) = 0;
107
108  // Calls IsMounted method and returns true when the call succeeds.
109  virtual void IsMounted(const BoolDBusMethodCallback& callback) = 0;
110
111  // Calls Unmount method and returns true when the call succeeds.
112  // This method blocks until the call returns.
113  virtual bool Unmount(bool* success) = 0;
114
115  // Calls AsyncCheckKey method.  |callback| is called after the method call
116  // succeeds.
117  virtual void AsyncCheckKey(const std::string& username,
118                             const std::string& key,
119                             const AsyncMethodCallback& callback) = 0;
120
121  // Calls AsyncMigrateKey method.  |callback| is called after the method call
122  // succeeds.
123  virtual void AsyncMigrateKey(const std::string& username,
124                               const std::string& from_key,
125                               const std::string& to_key,
126                               const AsyncMethodCallback& callback) = 0;
127
128  // Calls AsyncRemove method.  |callback| is called after the method call
129  // succeeds.
130  virtual void AsyncRemove(const std::string& username,
131                           const AsyncMethodCallback& callback) = 0;
132
133  // Calls GetSystemSalt method.  |callback| is called after the method call
134  // succeeds.
135  virtual void GetSystemSalt(const GetSystemSaltCallback& callback) = 0;
136
137  // Calls GetSanitizedUsername method.  |callback| is called after the method
138  // call succeeds.
139  virtual void GetSanitizedUsername(
140      const std::string& username,
141      const StringDBusMethodCallback& callback) = 0;
142
143  // Same as GetSanitizedUsername() but blocks until a reply is received, and
144  // returns the sanitized username synchronously. Returns an empty string if
145  // the method call fails.
146  // This may only be called in situations where blocking the UI thread is
147  // considered acceptable (e.g. restarting the browser after a crash or after
148  // a flag change).
149  virtual std::string BlockingGetSanitizedUsername(
150      const std::string& username) = 0;
151
152  // Calls the AsyncMount method to asynchronously mount the cryptohome for
153  // |username|, using |key| to unlock it. For supported |flags|, see the
154  // documentation of AsyncMethodCaller::AsyncMount().
155  // |callback| is called after the method call succeeds.
156  virtual void AsyncMount(const std::string& username,
157                          const std::string& key,
158                          int flags,
159                          const AsyncMethodCallback& callback) = 0;
160
161  // Calls the AsyncAddKey method to asynchronously add another |new_key| for
162  // |username|, using |key| to unlock it first.
163  // |callback| is called after the method call succeeds.
164  virtual void AsyncAddKey(const std::string& username,
165                           const std::string& key,
166                           const std::string& new_key,
167                           const AsyncMethodCallback& callback) = 0;
168
169  // Calls AsyncMountGuest method.  |callback| is called after the method call
170  // succeeds.
171  virtual void AsyncMountGuest(const AsyncMethodCallback& callback) = 0;
172
173  // Calls the AsyncMount method to asynchronously mount the cryptohome for
174  // |public_mount_id|. For supported |flags|, see the documentation of
175  // AsyncMethodCaller::AsyncMount().  |callback| is called after the method
176  // call succeeds.
177  virtual void AsyncMountPublic(const std::string& public_mount_id,
178                                int flags,
179                                const AsyncMethodCallback& callback) = 0;
180
181  // Calls TpmIsReady method.
182  virtual void TpmIsReady(const BoolDBusMethodCallback& callback) = 0;
183
184  // Calls TpmIsEnabled method.
185  virtual void TpmIsEnabled(const BoolDBusMethodCallback& callback) = 0;
186
187  // Calls TpmIsEnabled method and returns true when the call succeeds.
188  // This method blocks until the call returns.
189  // TODO(hashimoto): Remove this method. crbug.com/141006
190  virtual bool CallTpmIsEnabledAndBlock(bool* enabled) = 0;
191
192  // Calls TpmGetPassword method.
193  virtual void TpmGetPassword(const StringDBusMethodCallback& callback) = 0;
194
195  // Calls TpmIsOwned method.
196  virtual void TpmIsOwned(const BoolDBusMethodCallback& callback) = 0;
197
198  // Calls TpmIsOwned method and returns true when the call succeeds.
199  // This method blocks until the call returns.
200  // TODO(hashimoto): Remove this method. crbug.com/141012
201  virtual bool CallTpmIsOwnedAndBlock(bool* owned) = 0;
202
203  // Calls TpmIsBeingOwned method.
204  virtual void TpmIsBeingOwned(const BoolDBusMethodCallback& callback) = 0;
205
206  // Calls TpmIsBeingOwned method and returns true when the call succeeds.
207  // This method blocks until the call returns.
208  // TODO(hashimoto): Remove this method. crbug.com/141011
209  virtual bool CallTpmIsBeingOwnedAndBlock(bool* owning) = 0;
210
211  // Calls TpmCanAttemptOwnership method.
212  // This method tells the service that it is OK to attempt ownership.
213  virtual void TpmCanAttemptOwnership(
214      const VoidDBusMethodCallback& callback) = 0;
215
216  // Calls TpmClearStoredPasswordMethod.
217  virtual void TpmClearStoredPassword(
218      const VoidDBusMethodCallback& callback) = 0;
219
220  // Calls TpmClearStoredPassword method and returns true when the call
221  // succeeds.  This method blocks until the call returns.
222  // TODO(hashimoto): Remove this method. crbug.com/141010
223  virtual bool CallTpmClearStoredPasswordAndBlock() = 0;
224
225  // Calls Pkcs11IsTpmTokenReady method.
226  virtual void Pkcs11IsTpmTokenReady(
227      const BoolDBusMethodCallback& callback) = 0;
228
229  // Calls Pkcs11GetTpmTokenInfo method.  This method is deprecated, you should
230  // use Pkcs11GetTpmTokenInfoForUser instead.  On success |callback| will
231  // receive PKCS #11 token information for the token associated with the user
232  // who originally signed in (i.e. PKCS #11 slot 0).
233  virtual void Pkcs11GetTpmTokenInfo(
234      const Pkcs11GetTpmTokenInfoCallback& callback) = 0;
235
236  // Calls Pkcs11GetTpmTokenInfoForUser method.  On success |callback| will
237  // receive PKCS #11 token information for the user identified by |user_email|.
238  // The |user_email| must be a canonical email address as returned by
239  // user_manager::User::email().
240  virtual void Pkcs11GetTpmTokenInfoForUser(
241      const std::string& user_email,
242      const Pkcs11GetTpmTokenInfoCallback& callback) = 0;
243
244  // Calls InstallAttributesGet method and returns true when the call succeeds.
245  // This method blocks until the call returns.
246  // The original content of |value| is lost.
247  virtual bool InstallAttributesGet(const std::string& name,
248                                    std::vector<uint8>* value,
249                                    bool* successful) = 0;
250
251  // Calls InstallAttributesSet method and returns true when the call succeeds.
252  // This method blocks until the call returns.
253  virtual bool InstallAttributesSet(const std::string& name,
254                                    const std::vector<uint8>& value,
255                                    bool* successful) = 0;
256
257  // Calls InstallAttributesFinalize method and returns true when the call
258  // succeeds.  This method blocks until the call returns.
259  virtual bool InstallAttributesFinalize(bool* successful) = 0;
260
261  // Calls InstallAttributesIsReady method.
262  virtual void InstallAttributesIsReady(
263      const BoolDBusMethodCallback& callback) = 0;
264
265  // Calls InstallAttributesIsInvalid method and returns true when the call
266  // succeeds.  This method blocks until the call returns.
267  virtual bool InstallAttributesIsInvalid(bool* is_invalid) = 0;
268
269  // Calls InstallAttributesIsFirstInstall method and returns true when the call
270  // succeeds. This method blocks until the call returns.
271  virtual bool InstallAttributesIsFirstInstall(bool* is_first_install) = 0;
272
273  // Calls the TpmAttestationIsPrepared dbus method.  The callback is called
274  // when the operation completes.
275  virtual void TpmAttestationIsPrepared(
276        const BoolDBusMethodCallback& callback) = 0;
277
278  // Calls the TpmAttestationIsEnrolled dbus method.  The callback is called
279  // when the operation completes.
280  virtual void TpmAttestationIsEnrolled(
281        const BoolDBusMethodCallback& callback) = 0;
282
283  // Asynchronously creates an attestation enrollment request.  The callback
284  // will be called when the dbus call completes.  When the operation completes,
285  // the AsyncCallStatusWithDataHandler signal handler is called.  The data that
286  // is sent with the signal is an enrollment request to be sent to the Privacy
287  // CA of type |pca_type|.  The enrollment is completed by calling
288  // AsyncTpmAttestationEnroll.
289  virtual void AsyncTpmAttestationCreateEnrollRequest(
290      chromeos::attestation::PrivacyCAType pca_type,
291      const AsyncMethodCallback& callback) = 0;
292
293  // Asynchronously finishes an attestation enrollment operation.  The callback
294  // will be called when the dbus call completes.  When the operation completes,
295  // the AsyncCallStatusHandler signal handler is called.  |pca_response| is the
296  // response to the enrollment request emitted by the Privacy CA of type
297  // |pca_type|.
298  virtual void AsyncTpmAttestationEnroll(
299      chromeos::attestation::PrivacyCAType pca_type,
300      const std::string& pca_response,
301      const AsyncMethodCallback& callback) = 0;
302
303  // Asynchronously creates an attestation certificate request according to
304  // |certificate_profile|.  Some profiles require that the |user_id| of the
305  // currently active user and an identifier of the |request_origin| be
306  // provided.  |callback| will be called when the dbus call completes.  When
307  // the operation completes, the AsyncCallStatusWithDataHandler signal handler
308  // is called.  The data that is sent with the signal is a certificate request
309  // to be sent to the Privacy CA of type |pca_type|.  The certificate request
310  // is completed by calling AsyncTpmAttestationFinishCertRequest.  The
311  // |user_id| will not be included in the certificate request for the Privacy
312  // CA.
313  virtual void AsyncTpmAttestationCreateCertRequest(
314      chromeos::attestation::PrivacyCAType pca_type,
315      attestation::AttestationCertificateProfile certificate_profile,
316      const std::string& user_id,
317      const std::string& request_origin,
318      const AsyncMethodCallback& callback) = 0;
319
320  // Asynchronously finishes a certificate request operation.  The callback will
321  // be called when the dbus call completes.  When the operation completes, the
322  // AsyncCallStatusWithDataHandler signal handler is called.  The data that is
323  // sent with the signal is a certificate chain in PEM format.  |pca_response|
324  // is the response to the certificate request emitted by the Privacy CA.
325  // |key_type| determines whether the certified key is to be associated with
326  // the current user.  |key_name| is a name for the key.  If |key_type| is
327  // KEY_USER, a |user_id| must be provided.  Otherwise |user_id| is ignored.
328  // For normal GAIA users the |user_id| is a canonical email address.
329  virtual void AsyncTpmAttestationFinishCertRequest(
330      const std::string& pca_response,
331      attestation::AttestationKeyType key_type,
332      const std::string& user_id,
333      const std::string& key_name,
334      const AsyncMethodCallback& callback) = 0;
335
336  // Checks if an attestation key already exists.  If the key specified by
337  // |key_type| and |key_name| exists, then the result sent to the callback will
338  // be true.  If |key_type| is KEY_USER, a |user_id| must be provided.
339  // Otherwise |user_id| is ignored.  For normal GAIA users the |user_id| is a
340  // canonical email address.
341  virtual void TpmAttestationDoesKeyExist(
342      attestation::AttestationKeyType key_type,
343      const std::string& user_id,
344      const std::string& key_name,
345      const BoolDBusMethodCallback& callback) = 0;
346
347  // Gets the attestation certificate for the key specified by |key_type| and
348  // |key_name|.  |callback| will be called when the operation completes.  If
349  // the key does not exist the callback |result| parameter will be false.  If
350  // |key_type| is KEY_USER, a |user_id| must be provided.  Otherwise |user_id|
351  // is ignored.  For normal GAIA users the |user_id| is a canonical email
352  // address.
353  virtual void TpmAttestationGetCertificate(
354      attestation::AttestationKeyType key_type,
355      const std::string& user_id,
356      const std::string& key_name,
357      const DataMethodCallback& callback) = 0;
358
359  // Gets the public key for the key specified by |key_type| and |key_name|.
360  // |callback| will be called when the operation completes.  If the key does
361  // not exist the callback |result| parameter will be false.  If |key_type| is
362  // KEY_USER, a |user_id| must be provided.  Otherwise |user_id| is ignored.
363  // For normal GAIA users the |user_id| is a canonical email address.
364  virtual void TpmAttestationGetPublicKey(
365      attestation::AttestationKeyType key_type,
366      const std::string& user_id,
367      const std::string& key_name,
368      const DataMethodCallback& callback) = 0;
369
370  // Asynchronously registers an attestation key with the current user's
371  // PKCS #11 token.  The |callback| will be called when the dbus call
372  // completes.  When the operation completes, the AsyncCallStatusHandler signal
373  // handler is called.  |key_type| and |key_name| specify the key to register.
374  // If |key_type| is KEY_USER, a |user_id| must be provided.  Otherwise
375  // |user_id| is ignored.  For normal GAIA users the |user_id| is a canonical
376  // email address.
377  virtual void TpmAttestationRegisterKey(
378      attestation::AttestationKeyType key_type,
379      const std::string& user_id,
380      const std::string& key_name,
381      const AsyncMethodCallback& callback) = 0;
382
383  // Asynchronously signs an enterprise challenge with the key specified by
384  // |key_type| and |key_name|.  |domain| and |device_id| will be included in
385  // the challenge response.  |options| control how the challenge response is
386  // generated.  |challenge| must be a valid enterprise attestation challenge.
387  // The |callback| will be called when the dbus call completes.  When the
388  // operation completes, the AsyncCallStatusWithDataHandler signal handler is
389  // called.  If |key_type| is KEY_USER, a |user_id| must be provided.
390  // Otherwise |user_id| is ignored.  For normal GAIA users the |user_id| is a
391  // canonical email address.
392  virtual void TpmAttestationSignEnterpriseChallenge(
393      attestation::AttestationKeyType key_type,
394      const std::string& user_id,
395      const std::string& key_name,
396      const std::string& domain,
397      const std::string& device_id,
398      attestation::AttestationChallengeOptions options,
399      const std::string& challenge,
400      const AsyncMethodCallback& callback) = 0;
401
402  // Asynchronously signs a simple challenge with the key specified by
403  // |key_type| and |key_name|.  |challenge| can be any set of arbitrary bytes.
404  // A nonce will be appended to the challenge before signing; this method
405  // cannot be used to sign arbitrary data.  The |callback| will be called when
406  // the dbus call completes.  When the operation completes, the
407  // AsyncCallStatusWithDataHandler signal handler is called.  If |key_type| is
408  // KEY_USER, a |user_id| must be provided.  Otherwise |user_id| is ignored.
409  // For normal GAIA users the |user_id| is a canonical email address.
410  virtual void TpmAttestationSignSimpleChallenge(
411      attestation::AttestationKeyType key_type,
412      const std::string& user_id,
413      const std::string& key_name,
414      const std::string& challenge,
415      const AsyncMethodCallback& callback) = 0;
416
417  // Gets the payload associated with the key specified by |key_type| and
418  // |key_name|.  The |callback| will be called when the operation completes.
419  // If the key does not exist the callback |result| parameter will be false.
420  // If no payload has been set for the key the callback |result| parameter will
421  // be true and the |data| parameter will be empty.  If |key_type| is
422  // KEY_USER, a |user_id| must be provided.  Otherwise |user_id| is ignored.
423  // For normal GAIA users the |user_id| is a canonical email address.
424  virtual void TpmAttestationGetKeyPayload(
425      attestation::AttestationKeyType key_type,
426      const std::string& user_id,
427      const std::string& key_name,
428      const DataMethodCallback& callback) = 0;
429
430  // Sets the |payload| associated with the key specified by |key_type| and
431  // |key_name|.  The |callback| will be called when the operation completes.
432  // If the operation succeeds, the callback |result| parameter will be true.
433  // If |key_type| is KEY_USER, a |user_id| must be provided.  Otherwise
434  // |user_id| is ignored.  For normal GAIA users the |user_id| is a canonical
435  // email address.
436  virtual void TpmAttestationSetKeyPayload(
437      attestation::AttestationKeyType key_type,
438      const std::string& user_id,
439      const std::string& key_name,
440      const std::string& payload,
441      const BoolDBusMethodCallback& callback) = 0;
442
443  // Deletes certified keys as specified by |key_type| and |key_prefix|.  The
444  // |callback| will be called when the operation completes.  If the operation
445  // succeeds, the callback |result| parameter will be true.  If |key_type| is
446  // KEY_USER, a |user_id| must be provided.  Otherwise |user_id| is ignored.
447  // For normal GAIA users the |user_id| is a canonical email address.  All keys
448  // where the key name has a prefix matching |key_prefix| will be deleted.  All
449  // meta-data associated with the key, including certificates, will also be
450  // deleted.
451  virtual void TpmAttestationDeleteKeys(
452      attestation::AttestationKeyType key_type,
453      const std::string& user_id,
454      const std::string& key_prefix,
455      const BoolDBusMethodCallback& callback) = 0;
456
457  // Asynchronously calls CheckKeyEx method. |callback| is called after method
458  // call, and with reply protobuf.
459  // CheckKeyEx just checks if authorization information is valid.
460  virtual void CheckKeyEx(
461      const cryptohome::AccountIdentifier& id,
462      const cryptohome::AuthorizationRequest& auth,
463      const cryptohome::CheckKeyRequest& request,
464      const ProtobufMethodCallback& callback) = 0;
465
466  // Asynchronously calls MountEx method. |callback| is called after method
467  // call, and with reply protobuf.
468  // MountEx attempts to mount home dir using given authorization, and can
469  // create new home dir if necessary values are specified in |request|.
470  virtual void MountEx(
471      const cryptohome::AccountIdentifier& id,
472      const cryptohome::AuthorizationRequest& auth,
473      const cryptohome::MountRequest& request,
474      const ProtobufMethodCallback& callback) = 0;
475
476  // Asynchronously calls AddKeyEx method. |callback| is called after method
477  // call, and with reply protobuf.
478  // AddKeyEx adds another key to the given key set. |request| also defines
479  // behavior in case when key with specified label already exist.
480  virtual void AddKeyEx(
481      const cryptohome::AccountIdentifier& id,
482      const cryptohome::AuthorizationRequest& auth,
483      const cryptohome::AddKeyRequest& request,
484      const ProtobufMethodCallback& callback) = 0;
485
486  // Asynchronously calls UpdateKeyEx method. |callback| is called after method
487  // call, and with reply protobuf. Reply will contain MountReply extension.
488  // UpdateKeyEx replaces key used for authorization, without affecting any
489  // other keys. If specified at home dir creation time, new key may have
490  // to be signed and/or encrypted.
491  virtual void UpdateKeyEx(
492      const cryptohome::AccountIdentifier& id,
493      const cryptohome::AuthorizationRequest& auth,
494      const cryptohome::UpdateKeyRequest& request,
495      const ProtobufMethodCallback& callback) = 0;
496
497  // Asynchronously calls RemoveKeyEx method. |callback| is called after method
498  // call, and with reply protobuf.
499  // RemoveKeyEx removes key from the given key set.
500  virtual void RemoveKeyEx(const cryptohome::AccountIdentifier& id,
501                           const cryptohome::AuthorizationRequest& auth,
502                           const cryptohome::RemoveKeyRequest& request,
503                           const ProtobufMethodCallback& callback) = 0;
504
505  // Asynchronously calls GetBootAttribute method. |callback| is called after
506  // method call, and with reply protobuf.
507  // GetBootAttribute gets the value of the specified boot attribute.
508  virtual void GetBootAttribute(
509      const cryptohome::GetBootAttributeRequest& request,
510      const ProtobufMethodCallback& callback) = 0;
511
512  // Asynchronously calls SetBootAttribute method. |callback| is called after
513  // method call, and with reply protobuf.
514  // SetBootAttribute sets the value of the specified boot attribute. The value
515  // won't be available unitl FlushAndSignBootAttributes() is called.
516  virtual void SetBootAttribute(
517      const cryptohome::SetBootAttributeRequest& request,
518      const ProtobufMethodCallback& callback) = 0;
519
520  // Asynchronously calls FlushAndSignBootAttributes method. |callback| is
521  // called after method call, and with reply protobuf.
522  // FlushAndSignBootAttributes makes all pending boot attribute settings
523  // available, and have them signed by a special TPM key. This method always
524  // fails after any user, publuc, or guest session starts.
525  virtual void FlushAndSignBootAttributes(
526      const cryptohome::FlushAndSignBootAttributesRequest& request,
527      const ProtobufMethodCallback& callback) = 0;
528
529 protected:
530  // Create() should be used instead.
531  CryptohomeClient();
532
533 private:
534  DISALLOW_COPY_AND_ASSIGN(CryptohomeClient);
535};
536
537}  // namespace chromeos
538
539#endif  // CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_
540