chromeos/login/auth/extended_authenticator.h - chromium/src - Git at Google

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_
 #define CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_

 #include <memory>
 #include <string>

 #include "base/callback.h"
 #include "base/compiler_specific.h"
 #include "base/component_export.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "chromeos/cryptohome/cryptohome_parameters.h"
 #include "chromeos/dbus/cryptohome/UserDataAuth.pb.h"

 namespace chromeos {

 class AuthStatusConsumer;
 class UserContext;

 // An interface to interact with cryptohomed: mount home dirs, create new home
 // dirs, update passwords.
 //
 // Typical flow:
 // AuthenticateToMount() calls cryptohomed to perform offline login,
 // AuthenticateToCreate() calls cryptohomed to create new cryptohome.
 class COMPONENT_EXPORT(CHROMEOS_LOGIN_AUTH) ExtendedAuthenticator
     : public base::RefCountedThreadSafe<ExtendedAuthenticator> {
  public:
   enum AuthState {
     SUCCESS,       // Login succeeded.
     NO_MOUNT,      // No cryptohome exist for user.
     FAILED_MOUNT,  // Failed to mount existing cryptohome - login failed.
     FAILED_TPM,    // Failed to mount/create cryptohome because of TPM error.
   };

   using ResultCallback = base::OnceCallback<void(const std::string& result)>;
   using ContextCallback = base::OnceCallback<void(const UserContext& context)>;

   static scoped_refptr<ExtendedAuthenticator> Create(
       AuthStatusConsumer* consumer);

   // Updates consumer of the class.
   virtual void SetConsumer(AuthStatusConsumer* consumer) = 0;

   // This call will attempt to authenticate the user with the key (and key
   // label) in |context|. No further actions are taken after authentication.
   virtual void AuthenticateToCheck(const UserContext& context,
                                    base::OnceClosure success_callback) = 0;

   // Attempts to start fingerprint auth session (prepare biometrics daemon for
   // upcoming fingerprint scan) for the user with |account_id|. |callback| will
   // be invoked with whether the fingerprint auth session is successfully
   // started.
   virtual void StartFingerprintAuthSession(
       const AccountId& account_id,
       base::OnceCallback<void(bool)> callback) = 0;

   // Attempts to end the current fingerprint auth session. Logs an error if no
   // response.
   virtual void EndFingerprintAuthSession() = 0;

   // Waits for a fingerprint scan from the user in |context|, and calls
   // |callback| with a fingerprint-specific CryptohomeErrorCode. No further
   // actions are taken after authentication.
   virtual void AuthenticateWithFingerprint(
       const UserContext& context,
       base::OnceCallback<void(user_data_auth::CryptohomeErrorCode)>
           callback) = 0;

   // Attempts to add a new |key| for the user identified/authorized by
   // |context|. If a key with the same label already exists, the behavior
   // depends on the |replace_existing| flag. If the flag is set, the old key is
   // replaced. If the flag is not set, an error occurs. It is not allowed to
   // replace the key used for authorization.
   virtual void AddKey(const UserContext& context,
                       const cryptohome::KeyDefinition& key,
                       bool replace_existing,
                       base::OnceClosure success_callback) = 0;

   // Attempts to remove the key labeled |key_to_remove| for the user identified/
   // authorized by |context|. It is possible to remove the key used for
   // authorization, although it should be done with extreme care.
   virtual void RemoveKey(const UserContext& context,
                          const std::string& key_to_remove,
                          base::OnceClosure success_callback) = 0;

   // Hashes the key in |user_context| with the system salt it its type is
   // KEY_TYPE_PASSWORD_PLAIN and passes the resulting UserContext to the
   // |callback|.
   virtual void TransformKeyIfNeeded(const UserContext& user_context,
                                     ContextCallback callback) = 0;

  protected:
   ExtendedAuthenticator();
   virtual ~ExtendedAuthenticator();

  private:
   friend class base::RefCountedThreadSafe<ExtendedAuthenticator>;

   DISALLOW_COPY_AND_ASSIGN(ExtendedAuthenticator);
 };

 }  // namespace chromeos

 #endif  // CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_
	// Copyright 2014 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_
	#define CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_

	#include <memory>
	#include <string>

	#include "base/callback.h"
	#include "base/compiler_specific.h"
	#include "base/component_export.h"
	#include "base/macros.h"
	#include "base/memory/ref_counted.h"
	#include "chromeos/cryptohome/cryptohome_parameters.h"
	#include "chromeos/dbus/cryptohome/UserDataAuth.pb.h"

	namespace chromeos {

	class AuthStatusConsumer;
	class UserContext;

	// An interface to interact with cryptohomed: mount home dirs, create new home
	// dirs, update passwords.
	//
	// Typical flow:
	// AuthenticateToMount() calls cryptohomed to perform offline login,
	// AuthenticateToCreate() calls cryptohomed to create new cryptohome.
	class COMPONENT_EXPORT(CHROMEOS_LOGIN_AUTH) ExtendedAuthenticator
	: public base::RefCountedThreadSafe<ExtendedAuthenticator> {
	public:
	enum AuthState {
	SUCCESS, // Login succeeded.
	NO_MOUNT, // No cryptohome exist for user.
	FAILED_MOUNT, // Failed to mount existing cryptohome - login failed.
	FAILED_TPM, // Failed to mount/create cryptohome because of TPM error.
	};

	using ResultCallback = base::OnceCallback<void(const std::string& result)>;
	using ContextCallback = base::OnceCallback<void(const UserContext& context)>;

	static scoped_refptr<ExtendedAuthenticator> Create(
	AuthStatusConsumer* consumer);

	// Updates consumer of the class.
	virtual void SetConsumer(AuthStatusConsumer* consumer) = 0;

	// This call will attempt to authenticate the user with the key (and key
	// label) in \|context\|. No further actions are taken after authentication.
	virtual void AuthenticateToCheck(const UserContext& context,
	base::OnceClosure success_callback) = 0;

	// Attempts to start fingerprint auth session (prepare biometrics daemon for
	// upcoming fingerprint scan) for the user with \|account_id\|. \|callback\| will
	// be invoked with whether the fingerprint auth session is successfully
	// started.
	virtual void StartFingerprintAuthSession(
	const AccountId& account_id,
	base::OnceCallback<void(bool)> callback) = 0;

	// Attempts to end the current fingerprint auth session. Logs an error if no
	// response.
	virtual void EndFingerprintAuthSession() = 0;

	// Waits for a fingerprint scan from the user in \|context\|, and calls
	// \|callback\| with a fingerprint-specific CryptohomeErrorCode. No further
	// actions are taken after authentication.
	virtual void AuthenticateWithFingerprint(
	const UserContext& context,
	base::OnceCallback<void(user_data_auth::CryptohomeErrorCode)>
	callback) = 0;

	// Attempts to add a new \|key\| for the user identified/authorized by
	// \|context\|. If a key with the same label already exists, the behavior
	// depends on the \|replace_existing\| flag. If the flag is set, the old key is
	// replaced. If the flag is not set, an error occurs. It is not allowed to
	// replace the key used for authorization.
	virtual void AddKey(const UserContext& context,
	const cryptohome::KeyDefinition& key,
	bool replace_existing,
	base::OnceClosure success_callback) = 0;

	// Attempts to remove the key labeled \|key_to_remove\| for the user identified/
	// authorized by \|context\|. It is possible to remove the key used for
	// authorization, although it should be done with extreme care.
	virtual void RemoveKey(const UserContext& context,
	const std::string& key_to_remove,
	base::OnceClosure success_callback) = 0;

	// Hashes the key in \|user_context\| with the system salt it its type is
	// KEY_TYPE_PASSWORD_PLAIN and passes the resulting UserContext to the
	// \|callback\|.
	virtual void TransformKeyIfNeeded(const UserContext& user_context,
	ContextCallback callback) = 0;

	protected:
	ExtendedAuthenticator();
	virtual ~ExtendedAuthenticator();

	private:
	friend class base::RefCountedThreadSafe<ExtendedAuthenticator>;

	DISALLOW_COPY_AND_ASSIGN(ExtendedAuthenticator);
	};

	} // namespace chromeos

	#endif // CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_