platformKeys: Add policy and corporate key tagging.

chrome/browser/chromeos/platform_keys/key_permissions.h

Index: chrome/browser/chromeos/platform_keys/key_permissions.h
diff --git a/chrome/browser/chromeos/platform_keys/key_permissions.h b/chrome/browser/chromeos/platform_keys/key_permissions.h
index 7c6c867304983d8a2effa39cbc4be2b807466ed1..0d10187870daa98c5652c7546b9b7f48a29f9081 100644
--- a/chrome/browser/chromeos/platform_keys/key_permissions.h
+++ b/chrome/browser/chromeos/platform_keys/key_permissions.h
@@ -11,7 +11,10 @@
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 
+class PrefService;
+
 namespace base {
+class DictionaryValue;
 class Value;
 }
 
@@ -19,6 +22,14 @@ namespace extensions {
 class StateStore;
 }
 
+namespace policy {
+class PolicyService;
+}
+
+namespace user_prefs {
+class PrefRegistrySyncable;
+}
+
 namespace chromeos {
 
 // This class manages permissions for extensions to use private keys through
@@ -41,6 +52,8 @@ class KeyPermissions {
     // |KeyPermissions::GetPermissionsForExtension| instead.
     PermissionsForExtension(const std::string& extension_id,
                             scoped_ptr<base::Value> state_store_value,
+                            PrefService* profile_prefs,
+                            policy::PolicyService* profile_policies,
                             KeyPermissions* key_permissions);
 
     ~PermissionsForExtension();
@@ -83,18 +96,28 @@ class KeyPermissions {
     // Returns an existing entry for |public_key_spki_der| from
     // |state_store_entries_|. If there is no existing entry, creates, adds and
     // returns a new entry.
-    KeyPermissions::PermissionsForExtension::KeyEntry* GetKeyEntry(
+    KeyPermissions::PermissionsForExtension::KeyEntry* GetStateStoreEntry(
         const std::string& public_key_spki_der);
 
+    bool PolicyAllowsCorporateKeyUsage();
+
     const std::string extension_id_;
     std::vector<KeyEntry> state_store_entries_;
+    PrefService* const profile_prefs_;
+    policy::PolicyService* const profile_policies_;
     KeyPermissions* const key_permissions_;
 
     DISALLOW_COPY_AND_ASSIGN(PermissionsForExtension);
   };
 
-  // |extensions_state_store| must not be null and outlive this object.
-  explicit KeyPermissions(extensions::StateStore* extensions_state_store);
+  // |profile_prefs| and |extensions_state_store| must not be null and outlive
+  // this object.
+  // If |profile_is_managed| is false, |profile_policies| is ignored. Otherwise,
+  // |profile_policies| must not be null and outlive this object.
+  KeyPermissions(PrefService* profile_prefs,
+                 bool profile_is_managed,
+                 policy::PolicyService* profile_policies,
+                 extensions::StateStore* extensions_state_store);
 
   ~KeyPermissions();
 
@@ -107,7 +130,15 @@ class KeyPermissions {
   void GetPermissionsForExtension(const std::string& extension_id,
                                   const PermissionsCallback& callback);
 
+  // Returns true if the user can grant any permission for |public_key_spki_der|
+  // to extensions.
+  bool CanUserGrantPermissionFor(const std::string& public_key_spki_der);
+
+  static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
+
  private:
+  bool IsCorporateKey(const std::string& public_key_spki_der);
+
   // Creates a PermissionsForExtension object from |extension_id| and |value|
   // and passes the object to |callback|.
   void CreatePermissionObjectAndPassToCallback(
@@ -119,6 +150,12 @@ class KeyPermissions {
   void SetPlatformKeysOfExtension(const std::string& extension_id,
                                   scoped_ptr<base::Value> value);
 
+  const base::DictionaryValue* GetPrefsEntry(
+      const std::string& public_key_spki_der);
+
+  PrefService* const profile_prefs_;
+  bool profile_is_managed_;
+  policy::PolicyService* const profile_policies_;
   extensions::StateStore* const extensions_state_store_;
   base::WeakPtrFactory<KeyPermissions> weak_factory_;