Revert "Add CertProvisioningWorker class"

This reverts commit d8c37dee. Reason for revert: spec revert for https://bugs.chromium.org/p/chromium/issues/detail?id=1062423 Original change's description: > Add CertProvisioningWorker class > > CertProvisioningWorker class implements core logic for building > a CSR with DM server and importing corresponding certificate. > > Bug: 1045895 > Test: CertProvisioningWorkerTest.* > Change-Id: Ida540f2b330d0dac9e86f53568f29287559a1ad8 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2078582 > Commit-Queue: Michael Ershov <miersh@google.com> > Reviewed-by: Pavol Marko <pmarko@chromium.org> > Cr-Commit-Position: refs/heads/master@{#750986} TBR=achuith@chromium.org,pmarko@chromium.org,miersh@google.com Change-Id: I06d5c2889f05563980a20b42ff00c635da5677db No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 1045895 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2107394Reviewed-by: John Budorick <jbudorick@chromium.org> Commit-Queue: John Budorick <jbudorick@chromium.org> Cr-Commit-Position: refs/heads/master@{#751138}

Revert "Add CertProvisioningWorker class"
This reverts commit d8c37dee. Reason for revert: spec revert for https://bugs.chromium.org/p/chromium/issues/detail?id=1062423 Original change's description: > Add CertProvisioningWorker class > > CertProvisioningWorker class implements core logic for building > a CSR with DM server and importing corresponding certificate. > > Bug: 1045895 > Test: CertProvisioningWorkerTest.* > Change-Id: Ida540f2b330d0dac9e86f53568f29287559a1ad8 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2078582 > Commit-Queue: Michael Ershov <miersh@google.com> > Reviewed-by: Pavol Marko <pmarko@chromium.org> > Cr-Commit-Position: refs/heads/master@{#750986} TBR=achuith@chromium.org,pmarko@chromium.org,miersh@google.com Change-Id: I06d5c2889f05563980a20b42ff00c635da5677db No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 1045895 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2107394Reviewed-by: John Budorick <jbudorick@chromium.org> Commit-Queue: John Budorick <jbudorick@chromium.org> Cr-Commit-Position: refs/heads/master@{#751138}
4b6040f2 · John Budorick · Commit Bot · d004d912 · 4b6040f2 · 4b6040f2
Commit 4b6040f2 authored Mar 17, 2020 by John Budorick Committed by Commit Bot Mar 17, 2020
7 changed files
--- a/chrome/browser/chromeos/BUILD.gn
+++ b/chrome/browser/chromeos/BUILD.gn
@@ -781,8 +781,6 @@ source_set("chromeos") {
    "camera_presence_notifier.h",
    "cert_provisioning/cert_provisioning_common.cc",
    "cert_provisioning/cert_provisioning_common.h",
-    "cert_provisioning/cert_provisioning_worker.cc",
-    "cert_provisioning/cert_provisioning_worker.h",
    "certificate_provider/certificate_info.cc",
    "certificate_provider/certificate_info.h",
    "certificate_provider/certificate_provider.h",
@@ -2757,7 +2755,6 @@ source_set("unit_tests") {
    "authpolicy/authpolicy_helper.unittest.cc",
    "base/file_flusher_unittest.cc",
    "bluetooth/debug_logs_manager_unittest.cc",
-    "cert_provisioning/cert_provisioning_worker_unittest.cc",
    "certificate_provider/certificate_provider_service_unittest.cc",
    "child_accounts/child_user_service_unittest.cc",
    "child_accounts/event_based_status_reporting_service_unittest.cc",

--- a/chrome/browser/chromeos/cert_provisioning/cert_provisioning_common.cc
+++ b/chrome/browser/chromeos/cert_provisioning/cert_provisioning_common.cc
@@ -4,7 +4,6 @@

 #include "chrome/browser/chromeos/cert_provisioning/cert_provisioning_common.h"

-#include "chrome/browser/chromeos/platform_keys/platform_keys_service.h"
 #include "chrome/common/pref_names.h"
 #include "components/prefs/pref_registry_simple.h"

@@ -19,45 +18,5 @@ void RegisterLocalStatePrefs(PrefRegistrySimple* registry) {
  registry->RegisterListPref(prefs::kRequiredClientCertificateForDevice);
 }

-std::string GetKeyName(CertProfileId profile_id) {
-  return kKeyNamePrefix + profile_id;
-}
-
-attestation::AttestationKeyType GetVaKeyType(CertScope scope) {
-  switch (scope) {
-    case CertScope::kUser:
-      return attestation::AttestationKeyType::KEY_USER;
-    case CertScope::kDevice:
-      return attestation::AttestationKeyType::KEY_DEVICE;
-  }
-}
-
-std::string GetVaKeyName(CertScope scope, CertProfileId profile_id) {
-  switch (scope) {
-    case CertScope::kUser:
-      return GetKeyName(profile_id);
-    case CertScope::kDevice:
-      return std::string();
-  }
-}
-
-std::string GetVaKeyNameForSpkac(CertScope scope, CertProfileId profile_id) {
-  switch (scope) {
-    case CertScope::kUser:
-      return std::string();
-    case CertScope::kDevice:
-      return GetKeyName(profile_id);
-  }
-}
-
-const char* GetPlatformKeysTokenId(CertScope scope) {
-  switch (scope) {
-    case CertScope::kUser:
-      return platform_keys::kTokenIdUser;
-    case CertScope::kDevice:
-      return platform_keys::kTokenIdSystem;
-  }
-}
-
 }  // namespace cert_provisioning
 }  // namespace chromeos
--- a/chrome/browser/chromeos/cert_provisioning/cert_provisioning_common.h
+++ b/chrome/browser/chromeos/cert_provisioning/cert_provisioning_common.h
@@ -5,57 +5,14 @@
 #ifndef CHROME_BROWSER_CHROMEOS_CERT_PROVISIONING_CERT_PROVISIONING_COMMON_H_
 #define CHROME_BROWSER_CHROMEOS_CERT_PROVISIONING_CERT_PROVISIONING_COMMON_H_

-#include <string>
-
-#include "chromeos/dbus/constants/attestation_constants.h"
-#include "components/policy/proto/device_management_backend.pb.h"
-
 class PrefRegistrySimple;

 namespace chromeos {
 namespace cert_provisioning {

-const char kKeyNamePrefix[] = "cert-provis-";
-
-// The type for variables containing an error from DM Server response.
-using CertProvisioningResponseErrorType =
-    enterprise_management::ClientCertificateProvisioningResponse::Error;
-// The namespace that contains convenient aliases for error values, e.g.
-// UNDEFINED, TIMED_OUT, IDENTITY_VERIFICATION_ERROR, CA_ERROR.
-using CertProvisioningResponseError =
-    enterprise_management::ClientCertificateProvisioningResponse;
-
-// Numeric values are used in serialization and should not be remapped.
-enum class CertScope { kUser = 0, kDevice = 1, kMaxValue = kDevice };
-
-using CertProfileId = std::string;
-
-struct CertProfile {
-  CertProfileId profile_id;
-};
-
 void RegisterProfilePrefs(PrefRegistrySimple* registry);
 void RegisterLocalStatePrefs(PrefRegistrySimple* registry);

-// Returns the nickname (CKA_LABEL) for keys created for the |profile_id|.
-std::string GetKeyName(CertProfileId profile_id);
-// Returns the key type for VA API calls for |scope|.
-attestation::AttestationKeyType GetVaKeyType(CertScope scope);
-const char* GetPlatformKeysTokenId(CertScope scope);
-
-// The Verified Access APIs are used to generate keypairs. For user-specific
-// keypairs, it is possible to reuse the keypair that is used for Verified
-// Access challenge response generation and name it with a custom name. For
-// device-wide keypairs, the keypair used for Verified Access challenge response
-// generation must be stable, but an additional keypair can be embedded
-// (key_name_for_spkac). See
-// http://go/chromeos-va-registering-device-wide-keys-support for details. For
-// these reasons, the name of key that should be registered and will be used for
-// certificate provisioning is passed as key_name for user-specific keys and
-// key_name_for_spkac for device-wide keys.
-std::string GetVaKeyName(CertScope scope, CertProfileId profile_id);
-std::string GetVaKeyNameForSpkac(CertScope scope, CertProfileId profile_id);
-
 }  // namespace cert_provisioning
 }  // namespace chromeos


--- a/chrome/browser/chromeos/cert_provisioning/cert_provisioning_worker.cc
+++ b/chrome/browser/chromeos/cert_provisioning/cert_provisioning_worker.cc
--- a/chrome/browser/chromeos/cert_provisioning/cert_provisioning_worker.h
+++ b/chrome/browser/chromeos/cert_provisioning/cert_provisioning_worker.h
-// Copyright 2020 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CHROME_BROWSER_CHROMEOS_CERT_PROVISIONING_CERT_PROVISIONING_WORKER_H_
-#define CHROME_BROWSER_CHROMEOS_CERT_PROVISIONING_CERT_PROVISIONING_WORKER_H_
-
-#include <memory>
-
-#include "base/memory/weak_ptr.h"
-#include "base/sequence_checker.h"
-#include "chrome/browser/chromeos/attestation/tpm_challenge_key_subtle.h"
-#include "chrome/browser/chromeos/cert_provisioning/cert_provisioning_common.h"
-#include "chrome/browser/chromeos/platform_keys/platform_keys_service.h"
-#include "components/policy/core/common/cloud/cloud_policy_constants.h"
-#include "net/base/backoff_entry.h"
-
-namespace policy {
-class CloudPolicyClient;
-}
-class Profile;
-class PrefService;
-
-namespace chromeos {
-namespace cert_provisioning {
-
-using CertProvisioningWorkerCallback =
-    base::OnceCallback<void(bool is_success)>;
-
-class CertProvisioningWorker;
-
-class CertProvisioningWorkerFactory {
- public:
-  virtual ~CertProvisioningWorkerFactory() = default;
-
-  static CertProvisioningWorkerFactory* Get();
-  virtual std::unique_ptr<CertProvisioningWorker> Create(
-      CertScope cert_scope,
-      Profile* profile,
-      PrefService* pref_service,
-      const CertProfile& cert_profile,
-      policy::CloudPolicyClient* cloud_policy_client,
-      CertProvisioningWorkerCallback callback);
-
-  // Doesn't take ownership.
-  static void SetFactoryForTesting(CertProvisioningWorkerFactory* test_factory);
-
- private:
-  static CertProvisioningWorkerFactory* test_factory_;
-};
-
-// These values are used in serialization and should be changed carefully.
-enum class CertProvisioningWorkerState {
-  kInitState = 0,
-  kKeypairGenerated = 1,
-  kStartCsrResponseReceived = 2,
-  kVaChallengeFinished = 3,
-  kKeyRegistered = 4,
-  kSignCsrFinished = 5,
-  kFinishCsrResponseReceived = 6,
-  kDownloadCertResponseReceived = 7,
-  kSucceed = 8,
-  kFailed = 9,
-  kMaxValue = kFailed,
-};
-
-class CertProvisioningWorker {
- public:
-  CertProvisioningWorker() = default;
-  CertProvisioningWorker(const CertProvisioningWorker&) = delete;
-  CertProvisioningWorker& operator=(const CertProvisioningWorker&) = delete;
-  virtual ~CertProvisioningWorker() = default;
-
-  // Continue provisioning a certificate.
-  virtual void DoStep() = 0;
-  // Returns true, if the worker is waiting for some future event. |DoStep| can
-  // be called to try continue right now.
-  virtual bool IsWaiting() const = 0;
-};
-
-class CertProvisioningWorkerImpl : public CertProvisioningWorker {
- public:
-  CertProvisioningWorkerImpl(CertScope cert_scope,
-                             Profile* profile,
-                             PrefService* pref_service,
-                             const CertProfile& cert_profile,
-                             policy::CloudPolicyClient* cloud_policy_client,
-                             CertProvisioningWorkerCallback callback);
-  ~CertProvisioningWorkerImpl() override;
-
-  // CertProvisioningWorker
-  void DoStep() override;
-  bool IsWaiting() const override;
-
-  // For testing.
-  CertProvisioningWorkerState GetState() const;
-
- private:
-  friend class CertProvisioningSerializer;
-
-  void GenerateKey();
-  void OnGenerateKeyDone(const attestation::TpmChallengeKeyResult& result);
-
-  void StartCsr();
-  void OnStartCsrDone(policy::DeviceManagementStatus status,
-                      base::Optional<CertProvisioningResponseErrorType> error,
-                      base::Optional<int64_t> try_later,
-                      const std::string& invalidation_topic,
-                      const std::string& va_challenge,
-                      enterprise_management::HashingAlgorithm hashing_algorithm,
-                      const std::string& data_to_sign);
-
-  void BuildVaChallengeResponse();
-  void OnBuildVaChallengeResponseDone(
-      const attestation::TpmChallengeKeyResult& result);
-
-  void RegisterKey();
-  void OnRegisterKeyDone(const attestation::TpmChallengeKeyResult& result);
-
-  void SignCsr();
-  void OnSignCsrDone(const std::string& signature,
-                     const std::string& error_message);
-
-  void FinishCsr();
-  void OnFinishCsrDone(policy::DeviceManagementStatus status,
-                       base::Optional<CertProvisioningResponseErrorType> error,
-                       base::Optional<int64_t> try_later);
-
-  void DownloadCert();
-  void OnDownloadCertDone(
-      policy::DeviceManagementStatus status,
-      base::Optional<CertProvisioningResponseErrorType> error,
-      base::Optional<int64_t> try_later,
-      const std::string& pem_encoded_certificate);
-
-  void ImportCert();
-  void OnImportCertDone(const std::string& error_message);
-
-  void ScheduleNextStep(base::TimeDelta delay);
-  void CancelScheduledTasks();
-
-  // TODO: implement when invalidations are supported for cert provisioning.
-  void RegisterForInvalidationTopic(const std::string& invalidation_topic) {}
-
-  // If it is called with kSucceed or kFailed, it will call the |callback_|. The
-  // worker can be destroyed in callback and should not use any member fields
-  // after that.
-  void UpdateState(CertProvisioningWorkerState state);
-  bool IsFinished() const;
-
-  // Returns true if there are no errors and the flow can be continued.
-  bool ProcessResponseErrors(
-      policy::DeviceManagementStatus status,
-      base::Optional<CertProvisioningResponseErrorType> error,
-      base::Optional<int64_t> try_later);
-
-  CertScope cert_scope_ = CertScope::kUser;
-  Profile* profile_ = nullptr;
-  PrefService* pref_service_ = nullptr;
-  CertProfile cert_profile_;
-  CertProvisioningWorkerCallback callback_;
-
-  // This field should be updated only via |UpdateState| function. It will
-  // trigger update of the serialized data.
-  CertProvisioningWorkerState state_ = CertProvisioningWorkerState::kInitState;
-  bool is_waiting_ = false;
-  // Currently it is used only for DM Server DM_STATUS_TEMPORARY_UNAVAILABLE
-  // error. For all other errors the worker just gives up.
-  net::BackoffEntry request_backoff_;
-
-  std::string public_key_;
-  std::string invalidation_topic_;
-  std::string csr_;
-  std::string va_challenge_;
-  std::string va_challenge_response_;
-  base::Optional<platform_keys::HashAlgorithm> hashing_algorithm_;
-  std::string signature_;
-  std::string pem_encoded_certificate_;
-
-  platform_keys::PlatformKeysService* platform_keys_service_ = nullptr;
-  std::unique_ptr<attestation::TpmChallengeKeySubtle>
-      tpm_challenge_key_subtle_impl_;
-  policy::CloudPolicyClient* cloud_policy_client_ = nullptr;
-
-  SEQUENCE_CHECKER(sequence_checker_);
-  base::WeakPtrFactory<CertProvisioningWorkerImpl> weak_factory_{this};
-};
-
-}  // namespace cert_provisioning
-}  // namespace chromeos
-
-#endif  // CHROME_BROWSER_CHROMEOS_CERT_PROVISIONING_CERT_PROVISIONING_WORKER_H_
--- a/chrome/browser/chromeos/cert_provisioning/cert_provisioning_worker_unittest.cc
+++ b/chrome/browser/chromeos/cert_provisioning/cert_provisioning_worker_unittest.cc
--- a/components/policy/core/common/cloud/cloud_policy_client.cc
+++ b/components/policy/core/common/cloud/cloud_policy_client.cc
@@ -728,9 +728,7 @@ void CloudPolicyClient::ClientCertProvisioningFinishCsr(

  em::FinishCsrRequest* finish_csr_request =
      request->mutable_finish_csr_request();
-  if (!va_challenge_response.empty()) {
-    finish_csr_request->set_va_challenge_response(va_challenge_response);
-  }
+  finish_csr_request->set_va_challenge_response(va_challenge_response);
  finish_csr_request->set_signature(signature);

  request_jobs_.push_back(service_->CreateJob(std::move(config)));