Chromium Code Reviews Chromium Code Reviews
Issue 1150373002:
platformKeys: Add policy and corporate key tagging. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@key_perm| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_KEY_PERMISSIONS_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_KEY_PERMISSIONS_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_KEY_PERMISSIONS_H_ | 6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_KEY_PERMISSIONS_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/callback_forward.h" | 11 #include "base/callback_forward.h" |
| 12 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
| 13 #include "base/memory/weak_ptr.h" | 13 #include "base/memory/weak_ptr.h" |
| 14 | 14 |
| 15 class PrefService; | |
| 16 | |
| 15 namespace base { | 17 namespace base { |
| 18 class DictionaryValue; | |
| 16 class Value; | 19 class Value; |
| 17 } | 20 } |
| 18 | 21 |
| 19 namespace extensions { | 22 namespace extensions { |
| 20 class StateStore; | 23 class StateStore; |
| 21 } | 24 } |
| 22 | 25 |
| 26 namespace policy { | |
| 27 class PolicyService; | |
| 28 } | |
| 29 | |
| 30 namespace user_prefs { | |
| 31 class PrefRegistrySyncable; | |
| 32 } | |
| 33 | |
| 23 namespace chromeos { | 34 namespace chromeos { |
| 24 | 35 |
| 25 // This class manages permissions for extensions to use private keys through | 36 // This class manages permissions for extensions to use private keys through |
| 26 // chrome.platformKeys . | 37 // chrome.platformKeys or chrome.enterprise.platformKeys . |
| 27 // It handles the following permissions: | 38 // The permission model depends on whether the user account is managed or not. |
| 28 // * The extension that generated a key has the permission to sign arbitrary | 39 // |
| 29 // data with that key at most once. | 40 // ** If the user account is not managed ** |
| 30 // * The user can explicitly grant an extension the permission to sign | 41 // The user is under full control of the keys are generated or imported while |
|
battre
2015/06/17 15:11:47
grammar "The user is under full control of the key
pneubeck (no reviews)
2015/06/18 08:45:16
Done.
| |
| 31 // arbitrary data with a key an unlimited number of times. | 42 // the device is not managed. For that, a user can grant a specific extension |
| 43 // the permission to sign arbitrary data with a specific key for an unlimited | |
| 44 // number of times. | |
| 45 // | |
| 46 // ** If the user account is managed ** | |
| 47 // The Administrator is in charge of granting access to keys that are meant for | |
| 48 // corporate usage. | |
| 49 // | |
| 50 // As not every key is meant for corporate usage but probably for the user's | |
| 51 // private usage, this class introduces the concept of tagging keys with the | |
| 52 // intended purpose of the key. Currently, the only usage that can be assigned | |
| 53 // to a key is "corporate". | |
| 54 // | |
| 55 // Every key that is generated by the chrome.enterprise.platformKeys API (which | |
| 56 // requires the user account to be managed), is marked for corporate usage. | |
| 57 // Any key that is generated or imported by other means is currently not marked | |
| 58 // for corporate usage. | |
| 59 // | |
| 60 // The KeyPermissions policy allows the Administrator to list exactly the | |
| 61 // extensions that are allowed to use such corporate keys. Non-corporate keys | |
| 62 // are not affected. This policy is the only means to grant this permission. | |
| 63 // | |
| 64 // ** One-off Permission for the Certification Requests ** | |
| 65 // Independent of the above, the extension that generates a key using the | |
| 66 // chrome.enterprise.platformKeys API is allowed to sign arbitrary data with the | |
| 67 // private key for a single time in order to create a certification request. | |
| 68 // The assumption is that certification requests usually require a signature of | |
| 69 // data including the public key. So the one-off permission implies that once a | |
| 70 // certificate authority creates the certificate of the generated key, the | |
| 71 // generating extension isn't able to use the key anymore except if explicitly | |
| 72 // permitted by the Administrator. | |
| 32 class KeyPermissions { | 73 class KeyPermissions { |
| 33 public: | 74 public: |
| 34 // Allows querying and modifying permissions and registering keys for a | 75 // Allows querying and modifying permissions and registering keys for a |
| 35 // specific extension. | 76 // specific extension. |
| 36 class PermissionsForExtension { | 77 class PermissionsForExtension { |
| 37 public: | 78 public: |
| 38 // |key_permissions| must not be null and outlive this object. | 79 // |key_permissions| must not be null and outlive this object. |
| 39 // Methods of this object refer implicitly to the extension with the id | 80 // Methods of this object refer implicitly to the extension with the id |
| 40 // |extension_id|. Don't use this constructor directly. Call | 81 // |extension_id|. Don't use this constructor directly. Call |
| 41 // |KeyPermissions::GetPermissionsForExtension| instead. | 82 // |KeyPermissions::GetPermissionsForExtension| instead. |
| 42 PermissionsForExtension(const std::string& extension_id, | 83 PermissionsForExtension(const std::string& extension_id, |
| 43 scoped_ptr<base::Value> state_store_value, | 84 scoped_ptr<base::Value> state_store_value, |
| 85 PrefService* profile_prefs, | |
| 86 policy::PolicyService* profile_policies, | |
| 44 KeyPermissions* key_permissions); | 87 KeyPermissions* key_permissions); |
| 45 | 88 |
| 46 ~PermissionsForExtension(); | 89 ~PermissionsForExtension(); |
| 47 | 90 |
| 48 // Returns true if the private key matching |public_key_spki_der| can be | 91 // Returns true if the private key matching |public_key_spki_der| can be |
| 49 // used for signing by the extension with id |extension_id|. | 92 // used for signing by the extension with id |extension_id|. |
| 50 // |public_key_spki_der| must be the DER of a Subject Public Key Info. | 93 // |public_key_spki_der| must be the DER of a Subject Public Key Info. |
| 51 bool CanUseKeyForSigning(const std::string& public_key_spki_der); | 94 bool CanUseKeyForSigning(const std::string& public_key_spki_der); |
| 52 | 95 |
| 53 // Registers the key |public_key_spki_der| as being generated by the | 96 // Registers the key |public_key_spki_der| as being generated by the |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 85 scoped_ptr<base::Value> KeyEntriesToState(); | 128 scoped_ptr<base::Value> KeyEntriesToState(); |
| 86 | 129 |
| 87 // Returns an existing entry for |public_key_spki_der_b64| from | 130 // Returns an existing entry for |public_key_spki_der_b64| from |
| 88 // |state_store_entries_|. If there is no existing entry, creates, adds and | 131 // |state_store_entries_|. If there is no existing entry, creates, adds and |
| 89 // returns a new entry. | 132 // returns a new entry. |
| 90 // |public_key_spki_der| must be the base64 encoding of the DER of a Subject | 133 // |public_key_spki_der| must be the base64 encoding of the DER of a Subject |
| 91 // Public Key Info. | 134 // Public Key Info. |
| 92 KeyPermissions::PermissionsForExtension::KeyEntry* GetStateStoreEntry( | 135 KeyPermissions::PermissionsForExtension::KeyEntry* GetStateStoreEntry( |
| 93 const std::string& public_key_spki_der_b64); | 136 const std::string& public_key_spki_der_b64); |
| 94 | 137 |
| 138 bool PolicyAllowsCorporateKeyUsage(); | |
|
battre
2015/06/17 15:11:47
The name of the function suggests that it might be
pneubeck (no reviews)
2015/06/18 08:45:15
Done.
| |
| 139 | |
| 95 const std::string extension_id_; | 140 const std::string extension_id_; |
| 96 std::vector<KeyEntry> state_store_entries_; | 141 std::vector<KeyEntry> state_store_entries_; |
| 142 PrefService* const profile_prefs_; | |
| 143 policy::PolicyService* const profile_policies_; | |
| 97 KeyPermissions* const key_permissions_; | 144 KeyPermissions* const key_permissions_; |
| 98 | 145 |
| 99 DISALLOW_COPY_AND_ASSIGN(PermissionsForExtension); | 146 DISALLOW_COPY_AND_ASSIGN(PermissionsForExtension); |
| 100 }; | 147 }; |
| 101 | 148 |
| 102 // |extensions_state_store| must not be null and outlive this object. | 149 // |profile_prefs| and |extensions_state_store| must not be null and outlive |
|
battre
2015/06/17 15:11:47
and must outlive
pneubeck (no reviews)
2015/06/18 08:45:16
Done.
| |
| 150 // this object. | |
| 151 // If |profile_is_managed| is false, |profile_policies| is ignored. Otherwise, | |
| 152 // |profile_policies| must not be null and outlive this object. | |
|
battre
2015/06/17 15:11:47
and must outlive
pneubeck (no reviews)
2015/06/18 08:45:16
Done.
| |
| 103 // |profile_is_managed| determines the default usage and permissions for | 153 // |profile_is_managed| determines the default usage and permissions for |
| 104 // keys without explicitly assigned usage. | 154 // keys without explicitly assigned usage. |
| 105 KeyPermissions(bool profile_is_managed, | 155 KeyPermissions(bool profile_is_managed, |
| 156 PrefService* profile_prefs, | |
| 157 policy::PolicyService* profile_policies, | |
| 106 extensions::StateStore* extensions_state_store); | 158 extensions::StateStore* extensions_state_store); |
| 107 | 159 |
| 108 ~KeyPermissions(); | 160 ~KeyPermissions(); |
| 109 | 161 |
| 110 using PermissionsCallback = | 162 using PermissionsCallback = |
| 111 base::Callback<void(scoped_ptr<PermissionsForExtension>)>; | 163 base::Callback<void(scoped_ptr<PermissionsForExtension>)>; |
| 112 | 164 |
| 113 // Passes an object managing the key permissions of the extension with id | 165 // Passes an object managing the key permissions of the extension with id |
| 114 // |extension_id| to |callback|. This can happen synchronously or | 166 // |extension_id| to |callback|. This can happen synchronously or |
| 115 // asynchronously. | 167 // asynchronously. |
| 116 void GetPermissionsForExtension(const std::string& extension_id, | 168 void GetPermissionsForExtension(const std::string& extension_id, |
| 117 const PermissionsCallback& callback); | 169 const PermissionsCallback& callback); |
| 118 | 170 |
| 119 // Returns true if the user can grant any permission for |public_key_spki_der| | 171 // Returns true if the user can grant any permission for |public_key_spki_der| |
| 120 // to extensions. |public_key_spki_der| must be the DER of a Subject Public | 172 // to extensions. |public_key_spki_der| must be the DER of a Subject Public |
| 121 // Key Info. | 173 // Key Info. |
| 122 bool CanUserGrantPermissionFor(const std::string& public_key_spki_der); | 174 bool CanUserGrantPermissionFor(const std::string& public_key_spki_der); |
| 123 | 175 |
| 176 static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry); | |
| 177 | |
| 124 private: | 178 private: |
| 179 bool IsCorporateKey(const std::string& public_key_spki_der_b64); | |
|
battre
2015/06/17 15:11:47
const?
pneubeck (no reviews)
2015/06/18 08:45:16
Done.
| |
| 180 | |
| 125 // Creates a PermissionsForExtension object from |extension_id| and |value| | 181 // Creates a PermissionsForExtension object from |extension_id| and |value| |
| 126 // and passes the object to |callback|. | 182 // and passes the object to |callback|. |
| 127 void CreatePermissionObjectAndPassToCallback( | 183 void CreatePermissionObjectAndPassToCallback( |
| 128 const std::string& extension_id, | 184 const std::string& extension_id, |
| 129 const PermissionsCallback& callback, | 185 const PermissionsCallback& callback, |
| 130 scoped_ptr<base::Value> value); | 186 scoped_ptr<base::Value> value); |
| 131 | 187 |
| 132 // Writes |value| to the state store of the extension with id |extension_id|. | 188 // Writes |value| to the state store of the extension with id |extension_id|. |
| 133 void SetPlatformKeysOfExtension(const std::string& extension_id, | 189 void SetPlatformKeysOfExtension(const std::string& extension_id, |
| 134 scoped_ptr<base::Value> value); | 190 scoped_ptr<base::Value> value); |
| 135 | 191 |
| 192 const base::DictionaryValue* GetPrefsEntry( | |
| 193 const std::string& public_key_spki_der_b64); | |
|
battre
2015/06/17 15:11:47
const?
pneubeck (no reviews)
2015/06/18 08:45:15
Done.
| |
| 194 | |
| 136 const bool profile_is_managed_; | 195 const bool profile_is_managed_; |
| 196 PrefService* const profile_prefs_; | |
| 197 policy::PolicyService* const profile_policies_; | |
| 137 extensions::StateStore* const extensions_state_store_; | 198 extensions::StateStore* const extensions_state_store_; |
| 138 base::WeakPtrFactory<KeyPermissions> weak_factory_; | 199 base::WeakPtrFactory<KeyPermissions> weak_factory_; |
| 139 | 200 |
| 140 DISALLOW_COPY_AND_ASSIGN(KeyPermissions); | 201 DISALLOW_COPY_AND_ASSIGN(KeyPermissions); |
| 141 }; | 202 }; |
| 142 | 203 |
| 143 } // namespace chromeos | 204 } // namespace chromeos |
| 144 | 205 |
| 145 #endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_KEY_PERMISSIONS_H_ | 206 #endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_KEY_PERMISSIONS_H_ |
| OLD | NEW |
