blob: 6be20dd2c5806078a12f01f55a7614b7c163325e [file] [log] [blame]
// Copyright 2012 The ChromiumOS Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <memory>
#include <string>
#include <vector>
#include "brillo/secure_blob.h"
#include "chaps/chaps.h"
#include "chaps/token_manager_interface.h"
#include "pkcs11/cryptoki.h"
namespace chaps {
class ChapsProxyImpl;
// TokenManagerClient is an implementation of TokenManagerInterface which sends
// the token management calls to the Chaps daemon. Example usage:
// TokenManagerClient client;
// client.OpenIsolate(&my_isolate_credential, &new_isolate_created);
// client.LoadToken(my_isolate_credential,
// "path/to/token",
// "1234",
// "MyTokenLabel",
// &slot_id);
// Users of this class must instantiate AtExitManager, as the class relies on
// its presence.
class EXPORT_SPEC TokenManagerClient : public TokenManagerInterface {
TokenManagerClient(const TokenManagerClient&) = delete;
TokenManagerClient& operator=(const TokenManagerClient&) = delete;
virtual ~TokenManagerClient();
// TokenManagerInterface methods.
bool OpenIsolate(brillo::SecureBlob* isolate_credential,
bool* new_isolate_created) override;
void CloseIsolate(const brillo::SecureBlob& isolate_credential) override;
bool LoadToken(const brillo::SecureBlob& isolate_credential,
const base::FilePath& path,
const brillo::SecureBlob& auth_data,
const std::string& label,
int* slot_id) override;
bool UnloadToken(const brillo::SecureBlob& isolate_credential,
const base::FilePath& path) override;
bool ChangeTokenAuthData(const base::FilePath& path,
const brillo::SecureBlob& old_auth_data,
const brillo::SecureBlob& new_auth_data) override;
bool GetTokenPath(const brillo::SecureBlob& isolate_credential,
int slot_id,
base::FilePath* path) override;
// Convenience method, not on TokenManagerInterface.
// Returns true on success, false on failure. If it succeeds, stores a list of
// the paths of all loaded tokens in |results|.
virtual bool GetTokenList(const brillo::SecureBlob& isolate_credential,
std::vector<std::string>* results);
std::unique_ptr<ChapsProxyImpl> proxy_;
// Attempts to connect to the Chaps daemon. Returns true on success.
bool Connect();
} // namespace chaps