chromium/chrome/browser/ash/kcer/nssdb_migration/kcer_rollback_helper.h

// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_ASH_KCER_NSSDB_MIGRATION_KCER_ROLLBACK_HELPER_H_
#define CHROME_BROWSER_ASH_KCER_NSSDB_MIGRATION_KCER_ROLLBACK_HELPER_H_

#include "chromeos/ash/components/tpm/tpm_token_info_getter.h"
#include "chromeos/components/kcer/chaps/high_level_chaps_client.h"
#include "components/prefs/pref_service.h"

namespace kcer::internal {

const char kNssDbClientCertsRollback[] = "Ash.KcerRollbackHelper.Events";

// This enum should be kept in sync with the `NssDbClientCertsRollbackEvent`
// in tools/metrics/histograms/metadata/ash/enums.xml.
enum class NssDbClientCertsRollbackEvent {
  kRollbackScheduled = 0,
  kRollbackStarted = 1,
  kRollbackSuccessful = 2,
  kFailedNotAllObjectsDeleted = 3,
  kRollbackFlagPresent = 4,
  kRollbackFlagNotPresent = 5,
  kRollbackListSize0 = 6,
  kRollbackListSize1 = 7,
  kRollbackListSize2 = 8,
  kRollbackListSize3 = 9,
  kRollbackListSizeAbove3 = 10,
  kFailedNoSlotInfoFound = 11,
  kFailedNoUserAccountId = 12,
  kFailedFlagResetNotSuccessful = 13,
  kCertCacheResetSuccessful = 14,
  kCertCacheResetFailed = 15,
  kMaxValue = kCertCacheResetFailed,
};

// Helper class for scheduling and executing rollback from usage of software
// backed chaps client to software NSS DB.
class KcerRollbackHelper final {
 public:
  explicit KcerRollbackHelper(HighLevelChapsClient* high_level_chaps_client,
                              PrefService* prefs_service);
  ~KcerRollbackHelper();

  // Checks experiment status and presence of the rollback flag in
  // users preferences `prefs_service`.
  static bool IsChapsRollbackRequired(PrefService* prefs_service);

  // Schedules rollback execution.
  void PerformRollback() const;

 private:
  // Finds users token information and calls FindUserSlotId().
  void FindUserToken() const;

  // Extracts users slot id from `user_token_info` and pass it to
  // SelectAndDeleteDoubleWrittenObjects() .
  void FindUserSlotId(
      std::unique_ptr<ash::TPMTokenInfoGetter> scoped_user_token_info_getter,
      std::optional<user_data_auth::TpmTokenInfo> user_token_info) const;

  // Selects PKCS11 objects which have special attribute
  // 'kCkaChromeOsMigratedFromNss' from `slot_id` and calls
  // DestroyObjectsInSlot() on them.
  void SelectAndDeleteDoubleWrittenObjects(
      SessionChapsClient::SlotId slot_id) const;

  // Destroys objects from `slot_id` included into `handles` with retry.
  // Calls to callback function with `result` as parameter.
  void DestroyObjectsInSlot(
      SessionChapsClient::SlotId slot_id,
      std::vector<SessionChapsClient::ObjectHandle> handles,
      uint32_t result) const;

  // Resets flag in users preferences if rollback finished successfully based
  // on `result_code`.
  void ResetCacheAndRollbackFlag(SessionChapsClient::SlotId slot_id,
                                 uint32_t result_code) const;

  // This should outlives KcerRollbackHelper.
  raw_ptr<kcer::HighLevelChapsClient> high_level_chaps_client_;
  // This should outlives KcerRollbackHelper.
  raw_ptr<PrefService> prefs_service_;
  base::WeakPtrFactory<KcerRollbackHelper> weak_factory_{this};
};

}  // namespace kcer::internal

#endif  // CHROME_BROWSER_ASH_KCER_NSSDB_MIGRATION_KCER_ROLLBACK_HELPER_H_