common/attestation_interface.h - platform/system/attestation - Git at Google

 // Copyright 2015 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef ATTESTATION_COMMON_ATTESTATION_INTERFACE_H_
 #define ATTESTATION_COMMON_ATTESTATION_INTERFACE_H_

 #include <string>

 #include <base/callback_forward.h>

 #include "attestation/common/export.h"
 #include "attestation/common/interface.pb.h"

 namespace attestation {

 // The main attestation interface implemented by proxies and services. The
 // anticipated flow looks like this:
 //   [APP] -> AttestationInterface -> [IPC] -> AttestationInterface
 class ATTESTATION_EXPORT AttestationInterface {
  public:
   virtual ~AttestationInterface() = default;

   // Performs initialization tasks that may take a long time. This method must
   // be successfully called before calling any other method. Returns true on
   // success.
   virtual bool Initialize() = 0;

   // Creates a key certified by the Google Attestation CA which corresponds to
   // the given |key_label|, |key_type|, and |key_usage|. The certificate issued
   // by the CA will correspond to |certificate_profile|. On success, |status|
   // will be SUCCESS and |certificate_chain| will contain a PEM-encoded list of
   // X.509 certificates starting with the requested certificate issued by the CA
   // and followed by certificates for any intermediate authorities, in order.
   // The Google Attestation CA root certificate is well-known and not included.
   // If the CA refuses to issue a certificate, |status| will be
   // REQUEST_DENIED_BY_CA and |server_error_details| will contain an error
   // message from the CA. On success both the key and certificate are associated
   // with |username|, which must be a canonical email address or the empty
   // string (in which case it will be associated to the device). The |origin|
   // parameter is passed to the CA; it is required by some certificate profiles.
   using CreateGoogleAttestedKeyCallback =
       base::Callback<void(const std::string& certificate_chain,
                           const std::string& server_error_details,
                           AttestationStatus status)>;
   virtual void CreateGoogleAttestedKey(
       const std::string& key_label,
       KeyType key_type,
       KeyUsage key_usage,
       CertificateProfile certificate_profile,
       const std::string& username,
       const std::string& origin,
       const CreateGoogleAttestedKeyCallback& callback) = 0;
 };

 }  // namespace attestation

 #endif  // ATTESTATION_COMMON_ATTESTATION_INTERFACE_H_
	// Copyright 2015 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef ATTESTATION_COMMON_ATTESTATION_INTERFACE_H_
	#define ATTESTATION_COMMON_ATTESTATION_INTERFACE_H_

	#include <string>

	#include <base/callback_forward.h>

	#include "attestation/common/export.h"
	#include "attestation/common/interface.pb.h"

	namespace attestation {

	// The main attestation interface implemented by proxies and services. The
	// anticipated flow looks like this:
	// [APP] -> AttestationInterface -> [IPC] -> AttestationInterface
	class ATTESTATION_EXPORT AttestationInterface {
	public:
	virtual ~AttestationInterface() = default;

	// Performs initialization tasks that may take a long time. This method must
	// be successfully called before calling any other method. Returns true on
	// success.
	virtual bool Initialize() = 0;

	// Creates a key certified by the Google Attestation CA which corresponds to
	// the given \|key_label\|, \|key_type\|, and \|key_usage\|. The certificate issued
	// by the CA will correspond to \|certificate_profile\|. On success, \|status\|
	// will be SUCCESS and \|certificate_chain\| will contain a PEM-encoded list of
	// X.509 certificates starting with the requested certificate issued by the CA
	// and followed by certificates for any intermediate authorities, in order.
	// The Google Attestation CA root certificate is well-known and not included.
	// If the CA refuses to issue a certificate, \|status\| will be
	// REQUEST_DENIED_BY_CA and \|server_error_details\| will contain an error
	// message from the CA. On success both the key and certificate are associated
	// with \|username\|, which must be a canonical email address or the empty
	// string (in which case it will be associated to the device). The \|origin\|
	// parameter is passed to the CA; it is required by some certificate profiles.
	using CreateGoogleAttestedKeyCallback =
	base::Callback<void(const std::string& certificate_chain,
	const std::string& server_error_details,
	AttestationStatus status)>;
	virtual void CreateGoogleAttestedKey(
	const std::string& key_label,
	KeyType key_type,
	KeyUsage key_usage,
	CertificateProfile certificate_profile,
	const std::string& username,
	const std::string& origin,
	const CreateGoogleAttestedKeyCallback& callback) = 0;
	};

	} // namespace attestation

	#endif // ATTESTATION_COMMON_ATTESTATION_INTERFACE_H_