// Copyright 2024 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef CHROME_BROWSER_WEBAUTHN_ENCLAVE_MANAGER_H_ #define CHROME_BROWSER_WEBAUTHN_ENCLAVE_MANAGER_H_ #include <deque> #include <memory> #include <optional> #include <string> #include <vector> #include "base/files/file_path.h" #include "base/functional/callback_forward.h" #include "base/memory/raw_ptr.h" #include "base/memory/scoped_refptr.h" #include "base/memory/weak_ptr.h" #include "base/observer_list.h" #include "base/sequence_checker.h" #include "base/timer/timer.h" #include "build/build_config.h" #include "build/chromeos_buildflags.h" #include "chrome/browser/webauthn/enclave_manager_interface.h" #include "chrome/browser/webauthn/unexportable_key_utils.h" #include "components/keyed_service/core/keyed_service.h" #include "components/trusted_vault/trusted_vault_connection.h" #include "content/public/browser/global_routing_id.h" #include "crypto/user_verifying_key.h" #include "device/fido/enclave/types.h" #include "device/fido/network_context_factory.h" #include "services/network/public/mojom/network_context.mojom-forward.h" #if BUILDFLAG(IS_MAC) #include "chrome/common/chrome_version.h" #include "crypto/scoped_lacontext.h" #endif // BUILDFLAG(IS_MAC) namespace crypto { class RefCountedUserVerifyingSigningKey; } // namespace crypto #if BUILDFLAG(IS_CHROMEOS_ASH) namespace ash { class WebAuthNDialogController; } #endif #if BUILDFLAG(IS_MAC) namespace device::enclave { class ICloudRecoveryKey; } // namespace device::enclave #endif // BUILDFLAG(IS_MAC) namespace network { class SharedURLLoaderFactory; } // namespace network namespace signin { class IdentityManager; class PrimaryAccountAccessTokenFetcher; } // namespace signin namespace unexportable_keys { class RefCountedUnexportableSigningKey; } namespace webauthn_pb { class EnclaveLocalState; class EnclaveLocalState_User; class EnclaveLocalState_WrappedPIN; } // namespace webauthn_pb namespace trusted_vault { struct GpmPinMetadata; class RecoveryKeyStoreConnection; class TrustedVaultAccessTokenFetcherFrontend; } // namespace trusted_vault // EnclaveManager stores and manages the passkey enclave state. One instance // exists per-profile, owned by `EnclaveManagerFactory`. // // The state exposed from this class is per-primary-account. This class watches // the `IdentityManager` and, when the primary account changes, the result of // functions like `is_registered` will suddenly change too. If an account is // removed from the cookie jar (and it's not primary) then state for that // account will be erased. Any pending operations will be canceled when the // primary account changes and their callback will be run with `false`. // // When `is_ready` is true then this class can produce wrapped security domain // secrets and signing callbacks to use to perform passkey operations with the // enclave, which is the ultimate point of this class. class EnclaveManager : public EnclaveManagerInterface { … }; #endif // CHROME_BROWSER_WEBAUTHN_ENCLAVE_MANAGER_H_
Codebase Browser
chromium