// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_ASH_KCER_NSSDB_MIGRATION_KCER_ROLLBACK_HELPER_H_
#define CHROME_BROWSER_ASH_KCER_NSSDB_MIGRATION_KCER_ROLLBACK_HELPER_H_
#include "chromeos/ash/components/tpm/tpm_token_info_getter.h"
#include "chromeos/components/kcer/chaps/high_level_chaps_client.h"
#include "components/prefs/pref_service.h"
namespace kcer::internal {
const char kNssDbClientCertsRollback[] = "Ash.KcerRollbackHelper.Events";
// This enum should be kept in sync with the `NssDbClientCertsRollbackEvent`
// in tools/metrics/histograms/metadata/ash/enums.xml.
enum class NssDbClientCertsRollbackEvent {
kRollbackScheduled = 0,
kRollbackStarted = 1,
kRollbackSuccessful = 2,
kFailedNotAllObjectsDeleted = 3,
kRollbackFlagPresent = 4,
kRollbackFlagNotPresent = 5,
kRollbackListSize0 = 6,
kRollbackListSize1 = 7,
kRollbackListSize2 = 8,
kRollbackListSize3 = 9,
kRollbackListSizeAbove3 = 10,
kFailedNoSlotInfoFound = 11,
kFailedNoUserAccountId = 12,
kFailedFlagResetNotSuccessful = 13,
kCertCacheResetSuccessful = 14,
kCertCacheResetFailed = 15,
kMaxValue = kCertCacheResetFailed,
};
// Helper class for scheduling and executing rollback from usage of software
// backed chaps client to software NSS DB.
class KcerRollbackHelper final {
public:
explicit KcerRollbackHelper(HighLevelChapsClient* high_level_chaps_client,
PrefService* prefs_service);
~KcerRollbackHelper();
// Checks experiment status and presence of the rollback flag in
// users preferences `prefs_service`.
static bool IsChapsRollbackRequired(PrefService* prefs_service);
// Schedules rollback execution.
void PerformRollback() const;
private:
// Finds users token information and calls FindUserSlotId().
void FindUserToken() const;
// Extracts users slot id from `user_token_info` and pass it to
// SelectAndDeleteDoubleWrittenObjects() .
void FindUserSlotId(
std::unique_ptr<ash::TPMTokenInfoGetter> scoped_user_token_info_getter,
std::optional<user_data_auth::TpmTokenInfo> user_token_info) const;
// Selects PKCS11 objects which have special attribute
// 'kCkaChromeOsMigratedFromNss' from `slot_id` and calls
// DestroyObjectsInSlot() on them.
void SelectAndDeleteDoubleWrittenObjects(
SessionChapsClient::SlotId slot_id) const;
// Destroys objects from `slot_id` included into `handles` with retry.
// Calls to callback function with `result` as parameter.
void DestroyObjectsInSlot(
SessionChapsClient::SlotId slot_id,
std::vector<SessionChapsClient::ObjectHandle> handles,
uint32_t result) const;
// Resets flag in users preferences if rollback finished successfully based
// on `result_code`.
void ResetCacheAndRollbackFlag(SessionChapsClient::SlotId slot_id,
uint32_t result_code) const;
// This should outlives KcerRollbackHelper.
raw_ptr<kcer::HighLevelChapsClient> high_level_chaps_client_;
// This should outlives KcerRollbackHelper.
raw_ptr<PrefService> prefs_service_;
base::WeakPtrFactory<KcerRollbackHelper> weak_factory_{this};
};
} // namespace kcer::internal
#endif // CHROME_BROWSER_ASH_KCER_NSSDB_MIGRATION_KCER_ROLLBACK_HELPER_H_