Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(117)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chromeos/platform_keys/key_permissions.h

Issue 1150373002: platformKeys: Add policy and corporate key tagging. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@key_perm
Patch Set: Rebased. Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/chromeos/platform_keys/key_permissions.cc » ('j') | chrome/browser/chromeos/platform_keys/key_permissions.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chromeos/platform_keys/key_permissions.h
diff --git a/chrome/browser/chromeos/platform_keys/key_permissions.h b/chrome/browser/chromeos/platform_keys/key_permissions.h
index af584e2d10c60696045c9fc4077abbaaee7c2c69..d3d5d1d78b9137cb646ec6e5377baf24c5cfab19 100644
--- a/chrome/browser/chromeos/platform_keys/key_permissions.h
+++ b/chrome/browser/chromeos/platform_keys/key_permissions.h
@@ -12,7 +12,10 @@
#include "base/memory/scoped_ptr.h"
#include "base/memory/weak_ptr.h"
+class PrefService;
+
namespace base {
+class DictionaryValue;
class Value;
}
@@ -20,15 +23,53 @@ namespace extensions {
class StateStore;
}
+namespace policy {
+class PolicyService;
+}
+
+namespace user_prefs {
+class PrefRegistrySyncable;
+}
+
namespace chromeos {
// This class manages permissions for extensions to use private keys through
-// chrome.platformKeys .
-// It handles the following permissions:
-// * The extension that generated a key has the permission to sign arbitrary
-// data with that key at most once.
-// * The user can explicitly grant an extension the permission to sign
-// arbitrary data with a key an unlimited number of times.
+// chrome.platformKeys or chrome.enterprise.platformKeys .
+// The permission model depends on whether the user account is managed or not.
+//
+// ** If the user account is not managed **
+// The user is under full control of the keys are generated or imported while
battre 2015/06/17 15:11:47 grammar "The user is under full control of the key
pneubeck (no reviews) 2015/06/18 08:45:16 Done.
+// the device is not managed. For that, a user can grant a specific extension
+// the permission to sign arbitrary data with a specific key for an unlimited
+// number of times.
+//
+// ** If the user account is managed **
+// The Administrator is in charge of granting access to keys that are meant for
+// corporate usage.
+//
+// As not every key is meant for corporate usage but probably for the user's
+// private usage, this class introduces the concept of tagging keys with the
+// intended purpose of the key. Currently, the only usage that can be assigned
+// to a key is "corporate".
+//
+// Every key that is generated by the chrome.enterprise.platformKeys API (which
+// requires the user account to be managed), is marked for corporate usage.
+// Any key that is generated or imported by other means is currently not marked
+// for corporate usage.
+//
+// The KeyPermissions policy allows the Administrator to list exactly the
+// extensions that are allowed to use such corporate keys. Non-corporate keys
+// are not affected. This policy is the only means to grant this permission.
+//
+// ** One-off Permission for the Certification Requests **
+// Independent of the above, the extension that generates a key using the
+// chrome.enterprise.platformKeys API is allowed to sign arbitrary data with the
+// private key for a single time in order to create a certification request.
+// The assumption is that certification requests usually require a signature of
+// data including the public key. So the one-off permission implies that once a
+// certificate authority creates the certificate of the generated key, the
+// generating extension isn't able to use the key anymore except if explicitly
+// permitted by the Administrator.
class KeyPermissions {
public:
// Allows querying and modifying permissions and registering keys for a
@@ -41,6 +82,8 @@ class KeyPermissions {
// |KeyPermissions::GetPermissionsForExtension| instead.
PermissionsForExtension(const std::string& extension_id,
scoped_ptr<base::Value> state_store_value,
+ PrefService* profile_prefs,
+ policy::PolicyService* profile_policies,
KeyPermissions* key_permissions);
~PermissionsForExtension();
@@ -92,17 +135,26 @@ class KeyPermissions {
KeyPermissions::PermissionsForExtension::KeyEntry* GetStateStoreEntry(
const std::string& public_key_spki_der_b64);
+ bool PolicyAllowsCorporateKeyUsage();
battre 2015/06/17 15:11:47 The name of the function suggests that it might be
pneubeck (no reviews) 2015/06/18 08:45:15 Done.
+
const std::string extension_id_;
std::vector<KeyEntry> state_store_entries_;
+ PrefService* const profile_prefs_;
+ policy::PolicyService* const profile_policies_;
KeyPermissions* const key_permissions_;
DISALLOW_COPY_AND_ASSIGN(PermissionsForExtension);
};
- // |extensions_state_store| must not be null and outlive this object.
+ // |profile_prefs| and |extensions_state_store| must not be null and outlive
battre 2015/06/17 15:11:47 and must outlive
pneubeck (no reviews) 2015/06/18 08:45:16 Done.
+ // this object.
+ // If |profile_is_managed| is false, |profile_policies| is ignored. Otherwise,
+ // |profile_policies| must not be null and outlive this object.
battre 2015/06/17 15:11:47 and must outlive
pneubeck (no reviews) 2015/06/18 08:45:16 Done.
// |profile_is_managed| determines the default usage and permissions for
// keys without explicitly assigned usage.
KeyPermissions(bool profile_is_managed,
+ PrefService* profile_prefs,
+ policy::PolicyService* profile_policies,
extensions::StateStore* extensions_state_store);
~KeyPermissions();
@@ -121,7 +173,11 @@ class KeyPermissions {
// Key Info.
bool CanUserGrantPermissionFor(const std::string& public_key_spki_der);
+ static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
+
private:
+ bool IsCorporateKey(const std::string& public_key_spki_der_b64);
battre 2015/06/17 15:11:47 const?
pneubeck (no reviews) 2015/06/18 08:45:16 Done.
+
// Creates a PermissionsForExtension object from |extension_id| and |value|
// and passes the object to |callback|.
void CreatePermissionObjectAndPassToCallback(
@@ -133,7 +189,12 @@ class KeyPermissions {
void SetPlatformKeysOfExtension(const std::string& extension_id,
scoped_ptr<base::Value> value);
+ const base::DictionaryValue* GetPrefsEntry(
+ const std::string& public_key_spki_der_b64);
battre 2015/06/17 15:11:47 const?
pneubeck (no reviews) 2015/06/18 08:45:15 Done.
+
const bool profile_is_managed_;
+ PrefService* const profile_prefs_;
+ policy::PolicyService* const profile_policies_;
extensions::StateStore* const extensions_state_store_;
base::WeakPtrFactory<KeyPermissions> weak_factory_;
« no previous file with comments | « no previous file | chrome/browser/chromeos/platform_keys/key_permissions.cc » ('j') | chrome/browser/chromeos/platform_keys/key_permissions.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698