| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_OWNER_MANAGER_H_ | |
| 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_OWNER_MANAGER_H_ | |
| 7 | |
| 8 #include "base/basictypes.h" | |
| 9 | |
| 10 // Forward declarations of NSS data structures. | |
| 11 struct CERTCertificateStr; | |
| 12 struct CERTCertificateRequestStr; | |
| 13 struct SECKEYPrivateKeyStr; | |
| 14 struct SECKEYPublicKeyStr; | |
| 15 struct SECItemStr; | |
| 16 | |
| 17 typedef struct CERTCertificateStr CERTCertificate; | |
| 18 typedef struct CERTCertificateRequestStr CERTCertificateRequest; | |
| 19 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; | |
| 20 typedef struct SECKEYPublicKeyStr SECKEYPublicKey; | |
| 21 typedef struct SECItemStr SECItem; | |
| 22 | |
| 23 class FilePath; | |
| 24 | |
| 25 // This class allows the registration of an Owner of a Chromium OS device. | |
| 26 // It handles generating the appropriate keys and storing them in the | |
| 27 // appropriate locations. | |
| 28 class OwnerManager { | |
| 29 public: | |
| 30 OwnerManager() {} | |
| 31 virtual ~OwnerManager() {} | |
| 32 | |
| 33 bool OwnershipAlreadyTaken(); | |
| 34 | |
| 35 bool TakeOwnership(); | |
| 36 | |
| 37 // Generate a public/private RSA keypair and store them in the NSS database. | |
| 38 // The keys will be kKeySizeInBits in length (Recommend >= 2048 bits). | |
| 39 // | |
| 40 // Returns false on error. | |
| 41 // | |
| 42 // The caller takes ownership of both objects, which are allocated by libnss. | |
| 43 // To free them, call | |
| 44 // SECKEY_DestroyPrivateKey(*private_key_out); | |
| 45 // SECKEY_DestroyPublicKey(*public_key_out); | |
| 46 static bool GenerateKeyPair(SECKEYPrivateKey** private_key_out, | |
| 47 SECKEYPublicKey** public_key_out); | |
| 48 | |
| 49 // DER encodes |key| and writes it out to |key_file|. | |
| 50 // The blob on disk is a DER-encoded X509 SubjectPublicKeyInfo object. | |
| 51 // Returns false on error. | |
| 52 static bool ExportPublicKey(SECKEYPublicKey* key, | |
| 53 const FilePath& key_file); | |
| 54 | |
| 55 // Assumes that the file at |key_file| exists. | |
| 56 // Caller takes ownership of returned object; returns NULL on error. | |
| 57 // To free, call SECKEY_DestroyPublicKey. | |
| 58 static SECKEYPublicKey* ImportPublicKey(const FilePath& key_file); | |
| 59 | |
| 60 private: | |
| 61 // Fills in fields of |key_der| with DER encoded data from a file at | |
| 62 // |key_file|. The caller must pass in a pointer to an actual SECItem | |
| 63 // struct for |key_der|. |key_der->data| should be initialized to NULL | |
| 64 // and |key_der->len| should be set to 0. | |
| 65 // | |
| 66 // Upon success, data is stored in key_der->data, and the caller takes | |
| 67 // ownership. Returns false on error. | |
| 68 // | |
| 69 // To free the data, call | |
| 70 // SECITEM_FreeItem(key_der, PR_FALSE); | |
| 71 static bool ReadDERFromFile(const FilePath& key_file, SECItem* key_der); | |
| 72 | |
| 73 // The place outside the owner's encrypted home directory where her | |
| 74 // key will live. | |
| 75 static const char kOwnerKeyFile[]; | |
| 76 | |
| 77 // Key generation parameters. | |
| 78 static const uint32 kKeyGenMechanism; // used by PK11_GenerateKeyPair() | |
| 79 static const unsigned long kExponent; | |
| 80 static const int kKeySizeInBits; | |
| 81 }; | |
| 82 | |
| 83 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_OWNER_MANAGER_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3017020:
Refactoring key generation and export util code to make mocking possible. (Closed)
