chrome/credential_provider/gaiacp/password_recovery_manager.h - chromium/src - Git at Google

 // Copyright 2019 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROME_CREDENTIAL_PROVIDER_GAIACP_PASSWORD_RECOVERY_MANAGER_H_
 #define CHROME_CREDENTIAL_PROVIDER_GAIACP_PASSWORD_RECOVERY_MANAGER_H_

 #include <string>

 #include "base/time/time.h"
 #include "base/win/windows_types.h"
 #include "url/gurl.h"

 namespace credential_provider {

 // Manager used to handle requests to store an encrypted recovery password for
 // a given user and to retrieve this encrypted password.
 class PasswordRecoveryManager {
  public:
   // Default timeout when trying to make requests to the EMM escrow service to
   // retrieve encryption key.
   static const base::TimeDelta kDefaultEscrowServiceEncryptionKeyRequestTimeout;

   // Default timeout when trying to make requests to the EMM escrow service to
   // retrieve decryption key.
   static const base::TimeDelta kDefaultEscrowServiceDecryptionKeyRequestTimeout;

   static PasswordRecoveryManager* Get();

   // Clear the password recovery information stored in the LSA for user with SID
   // |sid|.
   HRESULT ClearUserRecoveryPassword(const std::wstring& sid);

   // Attempts to recover the password for user with SID |sid| using the EMM
   // escrow service.
   HRESULT RecoverWindowsPasswordIfPossible(const std::wstring& sid,
                                            const std::string& access_token,
                                            std::wstring* recovered_password);
   // Attempts to store encryped passwod information for user with SID |sid| in
   // the LSA.
   HRESULT StoreWindowsPasswordIfNeeded(const std::wstring& sid,
                                        const std::string& access_token,
                                        const std::wstring& password);

   // Calculates the full url of various escrow service requests based on
   // the registry setting for the escrow server url.
   GURL GetEscrowServiceGenerateKeyPairUrl();
   GURL GetEscrowServiceGetPrivateKeyUrl(const std::string& resource_id);

  protected:
   // Returns the storage used for the instance pointer.
   static PasswordRecoveryManager** GetInstanceStorage();

   explicit PasswordRecoveryManager(
       base::TimeDelta encryption_key_request_timeout,
       base::TimeDelta decryption_key_request_timeout);
   virtual ~PasswordRecoveryManager();

   void SetRequestTimeoutForTesting(base::TimeDelta request_timeout) {
     encryption_key_request_timeout_ = request_timeout;
     decryption_key_request_timeout_ = request_timeout;
   }
   std::string MakeGenerateKeyPairResponseForTesting(
       const std::string& public_key,
       const std::string& resource_id);
   std::string MakeGetPrivateKeyResponseForTesting(
       const std::string& private_key);

  private:
   base::TimeDelta encryption_key_request_timeout_;
   base::TimeDelta decryption_key_request_timeout_;
 };

 }  // namespace credential_provider

 #endif  // CHROME_CREDENTIAL_PROVIDER_GAIACP_PASSWORD_RECOVERY_MANAGER_H_
	// Copyright 2019 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROME_CREDENTIAL_PROVIDER_GAIACP_PASSWORD_RECOVERY_MANAGER_H_
	#define CHROME_CREDENTIAL_PROVIDER_GAIACP_PASSWORD_RECOVERY_MANAGER_H_

	#include <string>

	#include "base/time/time.h"
	#include "base/win/windows_types.h"
	#include "url/gurl.h"

	namespace credential_provider {

	// Manager used to handle requests to store an encrypted recovery password for
	// a given user and to retrieve this encrypted password.
	class PasswordRecoveryManager {
	public:
	// Default timeout when trying to make requests to the EMM escrow service to
	// retrieve encryption key.
	static const base::TimeDelta kDefaultEscrowServiceEncryptionKeyRequestTimeout;

	// Default timeout when trying to make requests to the EMM escrow service to
	// retrieve decryption key.
	static const base::TimeDelta kDefaultEscrowServiceDecryptionKeyRequestTimeout;

	static PasswordRecoveryManager* Get();

	// Clear the password recovery information stored in the LSA for user with SID
	// \|sid\|.
	HRESULT ClearUserRecoveryPassword(const std::wstring& sid);

	// Attempts to recover the password for user with SID \|sid\| using the EMM
	// escrow service.
	HRESULT RecoverWindowsPasswordIfPossible(const std::wstring& sid,
	const std::string& access_token,
	std::wstring* recovered_password);
	// Attempts to store encryped passwod information for user with SID \|sid\| in
	// the LSA.
	HRESULT StoreWindowsPasswordIfNeeded(const std::wstring& sid,
	const std::string& access_token,
	const std::wstring& password);

	// Calculates the full url of various escrow service requests based on
	// the registry setting for the escrow server url.
	GURL GetEscrowServiceGenerateKeyPairUrl();
	GURL GetEscrowServiceGetPrivateKeyUrl(const std::string& resource_id);

	protected:
	// Returns the storage used for the instance pointer.
	static PasswordRecoveryManager** GetInstanceStorage();

	explicit PasswordRecoveryManager(
	base::TimeDelta encryption_key_request_timeout,
	base::TimeDelta decryption_key_request_timeout);
	virtual ~PasswordRecoveryManager();

	void SetRequestTimeoutForTesting(base::TimeDelta request_timeout) {
	encryption_key_request_timeout_ = request_timeout;
	decryption_key_request_timeout_ = request_timeout;
	}
	std::string MakeGenerateKeyPairResponseForTesting(
	const std::string& public_key,
	const std::string& resource_id);
	std::string MakeGetPrivateKeyResponseForTesting(
	const std::string& private_key);

	private:
	base::TimeDelta encryption_key_request_timeout_;
	base::TimeDelta decryption_key_request_timeout_;
	};

	} // namespace credential_provider

	#endif // CHROME_CREDENTIAL_PROVIDER_GAIACP_PASSWORD_RECOVERY_MANAGER_H_