blob: 9a88ca276b0397e54d784d17b40bce5015161a4e [file] [log] [blame]
// Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <string>
#include "base/strings/string16.h"
#include "base/time/time.h"
#include "base/win/windows_types.h"
#include "url/gurl.h"
namespace credential_provider {
// Manager used to handle requests to store an encrypted recovery password for
// a given user and to retrieve this encrypted password.
class PasswordRecoveryManager {
// Default timeout when trying to make requests to the EMM escrow service to
// retrieve encryption key.
static const base::TimeDelta kDefaultEscrowServiceEncryptionKeyRequestTimeout;
// Default timeout when trying to make requests to the EMM escrow service to
// retrieve decryption key.
static const base::TimeDelta kDefaultEscrowServiceDecryptionKeyRequestTimeout;
static PasswordRecoveryManager* Get();
// Clear the password recovery information stored in the LSA for user with SID
// |sid|.
HRESULT ClearUserRecoveryPassword(const base::string16& sid);
// Attempts to recover the password for user with SID |sid| using the EMM
// escrow service.
HRESULT RecoverWindowsPasswordIfPossible(const base::string16& sid,
const std::string& access_token,
base::string16* recovered_password);
// Attempts to store encryped passwod information for user with SID |sid| in
// the LSA.
HRESULT StoreWindowsPasswordIfNeeded(const base::string16& sid,
const std::string& access_token,
const base::string16& password);
// Calculates the full url of various escrow service requests based on
// the registry setting for the escrow server url.
GURL GetEscrowServiceGenerateKeyPairUrl();
GURL GetEscrowServiceGetPrivateKeyUrl(const std::string& resource_id);
// Returns the storage used for the instance pointer.
static PasswordRecoveryManager** GetInstanceStorage();
explicit PasswordRecoveryManager(
base::TimeDelta encryption_key_request_timeout,
base::TimeDelta decryption_key_request_timeout);
virtual ~PasswordRecoveryManager();
void SetRequestTimeoutForTesting(base::TimeDelta request_timeout) {
encryption_key_request_timeout_ = request_timeout;
decryption_key_request_timeout_ = request_timeout;
std::string MakeGenerateKeyPairResponseForTesting(
const std::string& public_key,
const std::string& resource_id);
std::string MakeGetPrivateKeyResponseForTesting(
const std::string& private_key);
base::TimeDelta encryption_key_request_timeout_;
base::TimeDelta decryption_key_request_timeout_;
} // namespace credential_provider