| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_OWNER_MANAGER_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_OWNER_MANAGER_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_OWNER_MANAGER_H_ | 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_OWNER_MANAGER_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
| 12 #include "base/crypto/rsa_private_key.h" | 12 #include "base/crypto/rsa_private_key.h" |
| 13 #include "base/ref_counted.h" | 13 #include "base/ref_counted.h" |
| 14 #include "base/scoped_ptr.h" | 14 #include "chrome/browser/chromeos/cros/login_library.h" |
| 15 #include "chrome/browser/chromeos/login/owner_key_utils.h" | 15 #include "chrome/browser/chromeos/login/owner_key_utils.h" |
| 16 #include "chrome/browser/chrome_thread.h" | 16 #include "chrome/browser/chrome_thread.h" |
| 17 | 17 |
| 18 class FilePath; | 18 class FilePath; |
| 19 class NotificationDetails; | 19 class NotificationDetails; |
| 20 class NotificationType; | 20 class NotificationType; |
| 21 | 21 |
| 22 namespace chromeos { | 22 namespace chromeos { |
| 23 | 23 |
| 24 // This class allows the registration of an Owner of a Chromium OS device. | 24 // This class allows the registration of an Owner of a Chromium OS device. |
| 25 // It handles generating the appropriate keys and storing them in the | 25 // It handles generating the appropriate keys and storing them in the |
| 26 // appropriate locations. | 26 // appropriate locations. |
| 27 class OwnerManager : public base::RefCountedThreadSafe<OwnerManager> { | 27 class OwnerManager : public base::RefCountedThreadSafe<OwnerManager>, |
| 28 public LoginLibrary::Delegate<bool> { |
| 28 public: | 29 public: |
| 29 // Return codes for public/private key operations. | 30 // Return codes for public/private key operations. |
| 30 enum KeyOpCode { | 31 enum KeyOpCode { |
| 31 SUCCESS, | 32 SUCCESS, |
| 32 KEY_UNAVAILABLE, // The necessary key isn't available yet. | 33 KEY_UNAVAILABLE, // The necessary key isn't available yet. |
| 33 OPERATION_FAILED // The crypto operation failed. | 34 OPERATION_FAILED // The crypto operation failed. |
| 34 }; | 35 }; |
| 35 | 36 |
| 36 class Delegate { | 37 class Delegate { |
| 37 public: | 38 public: |
| 38 // Upon completion of a key operation, this method will be called. | 39 // Upon completion of a key operation, this method will be called. |
| 39 // |return_code| indicates what happened, |payload| will be used to pass | 40 // |return_code| indicates what happened, |payload| will be used to pass |
| 40 // back any artifacts of the operation. For example, if the operation | 41 // back any artifacts of the operation. For example, if the operation |
| 41 // was a signature attempt, the signature blob would come back in |payload|. | 42 // was a signature attempt, the signature blob would come back in |payload|. |
| 42 virtual void OnKeyOpComplete(const KeyOpCode return_code, | 43 virtual void OnKeyOpComplete(const KeyOpCode return_code, |
| 43 const std::string& payload) = 0; | 44 const std::string& payload) = 0; |
| 44 }; | 45 }; |
| 45 | 46 |
| 46 OwnerManager(); | 47 OwnerManager(); |
| 47 virtual ~OwnerManager(); | 48 virtual ~OwnerManager(); |
| 48 | 49 |
| 49 bool IsAlreadyOwned(); | |
| 50 | |
| 51 // If the device has been owned already, posts a task to the FILE thread to | |
| 52 // fetch the public key off disk. | |
| 53 // Returns true if the attempt was initiated, false otherwise. | |
| 54 // | |
| 55 // Sends out a OWNER_KEY_FETCH_ATTEMPT_COMPLETE notification on completion. | |
| 56 // Notification comes with a Details<SECKEYPublicKey*> that contains a pointer | |
| 57 // to the public key, or NULL if the fetch attempt failed. | |
| 58 bool StartLoadOwnerKeyAttempt(); | |
| 59 | |
| 60 // If the device has not yet been owned, posts a task to the FILE | |
| 61 // thread to generate the owner's keys and put them in the right | |
| 62 // places. Keeps them in memory as well, for later use. | |
| 63 // Returns true if the attempt was initiated, false otherwise. | |
| 64 // | |
| 65 // Sends out a OWNER_KEY_FETCH_ATTEMPT_COMPLETE notification on completion. | |
| 66 // Notification comes with a Details<SECKEYPublicKey*> that contains a pointer | |
| 67 // to the public key, or NULL if the fetch attempt failed. | |
| 68 bool StartTakeOwnershipAttempt(); | |
| 69 | |
| 70 // Initiate an attempt to sign |data| with |private_key_|. Will call | |
| 71 // d->OnKeyOpComplete() when done. Upon success, the signature will be passed | |
| 72 // as the |payload| argument to d->OnKeyOpComplete(). | |
| 73 // Returns true if the attempt was initiated, false otherwise. | |
| 74 // | |
| 75 // If you call this on a well-known thread, you'll be called back on that | |
| 76 // thread. Otherwise, you'll get called back on the UI thread. | |
| 77 bool StartSigningAttempt(const std::string& data, Delegate* d); | |
| 78 | |
| 79 // Initiate an attempt to verify that |signature| is valid over |data| with | |
| 80 // |public_key_|. When the attempt is completed, an appropriate KeyOpCode | |
| 81 // will be passed to d->OnKeyOpComplete(). | |
| 82 // Returns true if the attempt was initiated, false otherwise. | |
| 83 // | |
| 84 // If you call this on a well-known thread, you'll be called back on that | |
| 85 // thread. Otherwise, you'll get called back on the UI thread. | |
| 86 bool StartVerifyAttempt(const std::string& data, | |
| 87 const std::string& signature, | |
| 88 Delegate* d); | |
| 89 | |
| 90 private: | |
| 91 // Pulls the owner's public key off disk and into memory. | 50 // Pulls the owner's public key off disk and into memory. |
| 92 // | 51 // |
| 93 // Call this on the FILE thread. | 52 // Call this on the FILE thread. |
| 94 void LoadOwnerKey(); | 53 void LoadOwnerKey(); |
| 95 | 54 |
| 96 // Generates the owner's keys in the default NSS token. Also stores | 55 // Generates the owner's keys in the default NSS token. Also stores |
| 97 // them in |public_key_| and |private_key_|. When done, causes the | 56 // them in |public_key_| and |private_key_|. When done, causes the |
| 98 // public key to get exported via DBus. | 57 // public key to get exported via DBus. |
| 99 // | 58 // |
| 100 // Call this on the FILE thread. | 59 // Call this on the FILE thread. |
| 101 void GenerateKeysAndExportPublic(); | 60 void GenerateKeysAndExportPublic(); |
| 102 | 61 |
| 103 // Exports |public_key_| via DBus. | 62 // Exports |public_key_| via DBus. |
| 104 // | 63 // |
| 105 // Call this on the UI thread (because of DBus usage). | 64 // Call this on the UI thread (because of DBus usage). |
| 106 void ExportKey(); | 65 void ExportKey(); |
| 107 | 66 |
| 67 // Overridden from LoginLibrary::Delegate |
| 68 void Run(bool value); |
| 69 |
| 108 bool EnsurePublicKey(); | 70 bool EnsurePublicKey(); |
| 109 bool EnsurePrivateKey(); | 71 bool EnsurePrivateKey(); |
| 110 | 72 |
| 111 // Do the actual work of signing |data| with |private_key_|. First, | 73 // Do the actual work of signing |data| with |private_key_|. First, |
| 112 // ensures that we have the keys we need. Then, computes the signature. | 74 // ensures that we have the keys we need. Then, computes the signature. |
| 113 // | 75 // |
| 114 // On success, calls d->OnKeyOpComplete() on |thread_id| with a | 76 // On success, calls d->OnKeyOpComplete() on |thread_id| with a |
| 115 // successful return code, passing the signaure blob in |payload|. | 77 // successful return code, passing the signaure blob in |payload|. |
| 116 // On failure, calls d->OnKeyOpComplete() on |thread_id| with an appropriate | 78 // On failure, calls d->OnKeyOpComplete() on |thread_id| with an appropriate |
| 117 // error and passes an empty string for |payload|. | 79 // error and passes an empty string for |payload|. |
| 118 void Sign(const ChromeThread::ID thread_id, | 80 void Sign(const ChromeThread::ID thread_id, |
| 119 const std::string& data, | 81 const std::string& data, |
| 120 Delegate* d); | 82 Delegate* d); |
| 121 | 83 |
| 122 // Do the actual work of verifying that |signature| is valid over | 84 // Do the actual work of verifying that |signature| is valid over |
| 123 // |data| with |public_key_|. First, ensures we have the key we | 85 // |data| with |public_key_|. First, ensures we have the key we |
| 124 // need, then does the verify. | 86 // need, then does the verify. |
| 125 // | 87 // |
| 126 // On success, calls d->OnKeyOpComplete() on |thread_id| with a | 88 // On success, calls d->OnKeyOpComplete() on |thread_id| with a |
| 127 // successful return code, passing an empty string for |payload|. | 89 // successful return code, passing an empty string for |payload|. |
| 128 // On failure, calls d->OnKeyOpComplete() on |thread_id| with an appropriate | 90 // On failure, calls d->OnKeyOpComplete() on |thread_id| with an appropriate |
| 129 // error code, passing an empty string for |payload|. | 91 // error code, passing an empty string for |payload|. |
| 130 void Verify(const ChromeThread::ID thread_id, | 92 void Verify(const ChromeThread::ID thread_id, |
| 131 const std::string& data, | 93 const std::string& data, |
| 132 const std::string& signature, | 94 const std::string& signature, |
| 133 Delegate* d); | 95 Delegate* d); |
| 134 | 96 |
| 97 private: |
| 135 // A helper method to send a notification on another thread. | 98 // A helper method to send a notification on another thread. |
| 136 void SendNotification(NotificationType type, | 99 void SendNotification(NotificationType type, |
| 137 const NotificationDetails& details); | 100 const NotificationDetails& details); |
| 138 | 101 |
| 139 // A helper method to call back a delegte on another thread. | 102 // A helper method to call back a delegte on another thread. |
| 140 void CallDelegate(Delegate* d, | 103 void CallDelegate(Delegate* d, |
| 141 const KeyOpCode return_code, | 104 const KeyOpCode return_code, |
| 142 const std::string& payload) { | 105 const std::string& payload) { |
| 143 d->OnKeyOpComplete(return_code, payload); | 106 d->OnKeyOpComplete(return_code, payload); |
| 144 } | 107 } |
| 145 | 108 |
| 146 scoped_ptr<base::RSAPrivateKey> private_key_; | 109 scoped_ptr<base::RSAPrivateKey> private_key_; |
| 147 std::vector<uint8> public_key_; | 110 std::vector<uint8> public_key_; |
| 148 | 111 |
| 149 scoped_ptr<OwnerKeyUtils> utils_; | 112 scoped_refptr<OwnerKeyUtils> utils_; |
| 150 | 113 |
| 151 friend class OwnerManagerTest; | 114 friend class OwnerManagerTest; |
| 152 | 115 |
| 153 DISALLOW_COPY_AND_ASSIGN(OwnerManager); | 116 DISALLOW_COPY_AND_ASSIGN(OwnerManager); |
| 154 }; | 117 }; |
| 155 | 118 |
| 156 } // namespace chromeos | 119 } // namespace chromeos |
| 157 | 120 |
| 158 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_OWNER_MANAGER_H_ | 121 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_OWNER_MANAGER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3141031:
[Chrome OS] Wire up ownership API from libcros (Closed)
