chrome/browser/chromeos/login/challenge_response_auth_keys_loader.h - chromium/src - Git at Google

 // Copyright 2019 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_CHALLENGE_RESPONSE_AUTH_KEYS_LOADER_H_
 #define CHROME_BROWSER_CHROMEOS_LOGIN_CHALLENGE_RESPONSE_AUTH_KEYS_LOADER_H_

 #include <string>
 #include <vector>

 #include "base/memory/weak_ptr.h"
 #include "base/scoped_observer.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_observer.h"
 #include "chromeos/login/auth/challenge_response_key.h"
 #include "net/ssl/client_cert_identity.h"

 class AccountId;

 namespace chromeos {

 // This class allows to prepare parameters for the challenge-response
 // authentication.
 //
 // This authentication is based on making challenges against cryptographic
 // key(s). The challenge generation and processing the authentication secrets
 // is performed by the cryptohomed daemon and the underlying layers. The browser
 // is responsible for providing the cryptohomed with the public key information
 // (which is the responsibility of this class) and for forwarding the challenge
 // requests to the component that talks to the cryptographic token (which is the
 // responsibility of CryptohomeKeyDelegateServiceProvider).
 class ChallengeResponseAuthKeysLoader final : public ProfileObserver {
  public:
   using LoadAvailableKeysCallback = base::OnceCallback<void(
       std::vector<ChallengeResponseKey> challenge_response_keys)>;

   // Returns whether the given user, whose profile must already exist on the
   // device, supports authentication via the challenge-response protocol.
   static bool CanAuthenticateUser(const AccountId& account_id);

   ChallengeResponseAuthKeysLoader();
   ChallengeResponseAuthKeysLoader(const ChallengeResponseAuthKeysLoader&) =
       delete;
   ChallengeResponseAuthKeysLoader& operator=(
       const ChallengeResponseAuthKeysLoader&) = delete;
   ~ChallengeResponseAuthKeysLoader() override;

   // Prepares the ChallengeResponseKey values containing the currently available
   // cryptographic keys that can be used to authenticate the given user. If
   // there should be force-installed extensions that provide a certificate for
   // the given user, waits until these are installed and loaded (default: up to
   // 5 seconds, configured by |maximum_extension_load_waiting_time_|).
   //
   // The callback is run with an empty |challenge_response_keys| in the cases
   // when the user's profile doesn't support challenge-response authentication
   // or when there is no suitable cryptographic key available.
   void LoadAvailableKeys(const AccountId& account_id,
                          LoadAvailableKeysCallback callback);

   void SetMaxWaitTimeForTesting(base::TimeDelta time) {
     maximum_extension_load_waiting_time_ = time;
   }

   // ProfileObserver:
   void OnProfileWillBeDestroyed(Profile* profile) override;

  private:
   // Asynchronous job which is scheduled by LoadAvailableKeys after all
   // necessary extensions are loaded.
   void ContinueLoadAvailableKeysExtensionsLoaded(
       const AccountId& account_id,
       const std::vector<std::string>& suitable_public_key_spki_items,
       LoadAvailableKeysCallback callback);

   // Asynchronous job which is scheduled by
   // ContinueLoadAvailableKeysExtensionsLoaded after the list of currently
   // available cryptographic keys is refreshed from certificate providers.
   void ContinueLoadAvailableKeysWithCerts(
       const AccountId& account_id,
       const std::vector<std::string>& suitable_public_key_spki_items,
       LoadAvailableKeysCallback callback,
       net::ClientCertIdentityList cert_identities);

   base::TimeDelta maximum_extension_load_waiting_time_;

   // Whether the sign-in profile is destroyed.
   bool profile_is_destroyed_ = false;

   ScopedObserver<Profile, ProfileObserver> profile_subscription_{this};

   base::WeakPtrFactory<ChallengeResponseAuthKeysLoader> weak_ptr_factory_{this};
 };

 }  // namespace chromeos

 #endif  // CHROME_BROWSER_CHROMEOS_LOGIN_CHALLENGE_RESPONSE_AUTH_KEYS_LOADER_H_
	// Copyright 2019 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_CHALLENGE_RESPONSE_AUTH_KEYS_LOADER_H_
	#define CHROME_BROWSER_CHROMEOS_LOGIN_CHALLENGE_RESPONSE_AUTH_KEYS_LOADER_H_

	#include <string>
	#include <vector>

	#include "base/memory/weak_ptr.h"
	#include "base/scoped_observer.h"
	#include "chrome/browser/profiles/profile.h"
	#include "chrome/browser/profiles/profile_observer.h"
	#include "chromeos/login/auth/challenge_response_key.h"
	#include "net/ssl/client_cert_identity.h"

	class AccountId;

	namespace chromeos {

	// This class allows to prepare parameters for the challenge-response
	// authentication.
	//
	// This authentication is based on making challenges against cryptographic
	// key(s). The challenge generation and processing the authentication secrets
	// is performed by the cryptohomed daemon and the underlying layers. The browser
	// is responsible for providing the cryptohomed with the public key information
	// (which is the responsibility of this class) and for forwarding the challenge
	// requests to the component that talks to the cryptographic token (which is the
	// responsibility of CryptohomeKeyDelegateServiceProvider).
	class ChallengeResponseAuthKeysLoader final : public ProfileObserver {
	public:
	using LoadAvailableKeysCallback = base::OnceCallback<void(
	std::vector<ChallengeResponseKey> challenge_response_keys)>;

	// Returns whether the given user, whose profile must already exist on the
	// device, supports authentication via the challenge-response protocol.
	static bool CanAuthenticateUser(const AccountId& account_id);

	ChallengeResponseAuthKeysLoader();
	ChallengeResponseAuthKeysLoader(const ChallengeResponseAuthKeysLoader&) =
	delete;
	ChallengeResponseAuthKeysLoader& operator=(
	const ChallengeResponseAuthKeysLoader&) = delete;
	~ChallengeResponseAuthKeysLoader() override;

	// Prepares the ChallengeResponseKey values containing the currently available
	// cryptographic keys that can be used to authenticate the given user. If
	// there should be force-installed extensions that provide a certificate for
	// the given user, waits until these are installed and loaded (default: up to
	// 5 seconds, configured by \|maximum_extension_load_waiting_time_\|).
	//
	// The callback is run with an empty \|challenge_response_keys\| in the cases
	// when the user's profile doesn't support challenge-response authentication
	// or when there is no suitable cryptographic key available.
	void LoadAvailableKeys(const AccountId& account_id,
	LoadAvailableKeysCallback callback);

	void SetMaxWaitTimeForTesting(base::TimeDelta time) {
	maximum_extension_load_waiting_time_ = time;
	}

	// ProfileObserver:
	void OnProfileWillBeDestroyed(Profile* profile) override;

	private:
	// Asynchronous job which is scheduled by LoadAvailableKeys after all
	// necessary extensions are loaded.
	void ContinueLoadAvailableKeysExtensionsLoaded(
	const AccountId& account_id,
	const std::vector<std::string>& suitable_public_key_spki_items,
	LoadAvailableKeysCallback callback);

	// Asynchronous job which is scheduled by
	// ContinueLoadAvailableKeysExtensionsLoaded after the list of currently
	// available cryptographic keys is refreshed from certificate providers.
	void ContinueLoadAvailableKeysWithCerts(
	const AccountId& account_id,
	const std::vector<std::string>& suitable_public_key_spki_items,
	LoadAvailableKeysCallback callback,
	net::ClientCertIdentityList cert_identities);

	base::TimeDelta maximum_extension_load_waiting_time_;

	// Whether the sign-in profile is destroyed.
	bool profile_is_destroyed_ = false;

	ScopedObserver<Profile, ProfileObserver> profile_subscription_{this};

	base::WeakPtrFactory<ChallengeResponseAuthKeysLoader> weak_ptr_factory_{this};
	};

	} // namespace chromeos

	#endif // CHROME_BROWSER_CHROMEOS_LOGIN_CHALLENGE_RESPONSE_AUTH_KEYS_LOADER_H_