| OLD | NEW | 
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be | 
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. | 
| 4 | 4 | 
| 5 #include "chrome/browser/chromeos/platform_keys/key_permissions.h" | 5 #include "chrome/browser/chromeos/platform_keys/key_permissions.h" | 
| 6 | 6 | 
| 7 #include <utility> | 7 #include <utility> | 
| 8 | 8 | 
| 9 #include "base/base64.h" | 9 #include "base/base64.h" | 
| 10 #include "base/bind.h" | 10 #include "base/bind.h" | 
| 11 #include "base/callback.h" | 11 #include "base/callback.h" | 
| 12 #include "base/logging.h" | 12 #include "base/logging.h" | 
|  | 13 #include "base/memory/ptr_util.h" | 
| 13 #include "base/values.h" | 14 #include "base/values.h" | 
| 14 #include "chrome/common/pref_names.h" | 15 #include "chrome/common/pref_names.h" | 
| 15 #include "components/policy/core/common/policy_map.h" | 16 #include "components/policy/core/common/policy_map.h" | 
| 16 #include "components/policy/core/common/policy_namespace.h" | 17 #include "components/policy/core/common/policy_namespace.h" | 
| 17 #include "components/policy/core/common/policy_service.h" | 18 #include "components/policy/core/common/policy_service.h" | 
| 18 #include "components/pref_registry/pref_registry_syncable.h" | 19 #include "components/pref_registry/pref_registry_syncable.h" | 
| 19 #include "components/prefs/pref_service.h" | 20 #include "components/prefs/pref_service.h" | 
| 20 #include "components/prefs/scoped_user_pref_update.h" | 21 #include "components/prefs/scoped_user_pref_update.h" | 
| 21 #include "extensions/browser/state_store.h" | 22 #include "extensions/browser/state_store.h" | 
| 22 #include "policy/policy_constants.h" | 23 #include "policy/policy_constants.h" | 
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after  Loading... | 
| 81 | 82 | 
| 82   // True if the key can be used for signing an unlimited number of times. | 83   // True if the key can be used for signing an unlimited number of times. | 
| 83   // This permission is granted by the user to allow the extension to use the | 84   // This permission is granted by the user to allow the extension to use the | 
| 84   // key for signing through the enterprise.platformKeys or platformKeys API. | 85   // key for signing through the enterprise.platformKeys or platformKeys API. | 
| 85   // This permission is granted until revoked by the user or the policy. | 86   // This permission is granted until revoked by the user or the policy. | 
| 86   bool sign_unlimited = false; | 87   bool sign_unlimited = false; | 
| 87 }; | 88 }; | 
| 88 | 89 | 
| 89 KeyPermissions::PermissionsForExtension::PermissionsForExtension( | 90 KeyPermissions::PermissionsForExtension::PermissionsForExtension( | 
| 90     const std::string& extension_id, | 91     const std::string& extension_id, | 
| 91     scoped_ptr<base::Value> state_store_value, | 92     std::unique_ptr<base::Value> state_store_value, | 
| 92     PrefService* profile_prefs, | 93     PrefService* profile_prefs, | 
| 93     policy::PolicyService* profile_policies, | 94     policy::PolicyService* profile_policies, | 
| 94     KeyPermissions* key_permissions) | 95     KeyPermissions* key_permissions) | 
| 95     : extension_id_(extension_id), | 96     : extension_id_(extension_id), | 
| 96       profile_prefs_(profile_prefs), | 97       profile_prefs_(profile_prefs), | 
| 97       profile_policies_(profile_policies), | 98       profile_policies_(profile_policies), | 
| 98       key_permissions_(key_permissions) { | 99       key_permissions_(key_permissions) { | 
| 99   DCHECK(profile_prefs_); | 100   DCHECK(profile_prefs_); | 
| 100   DCHECK(profile_policies_); | 101   DCHECK(profile_policies_); | 
| 101   DCHECK(key_permissions_); | 102   DCHECK(key_permissions_); | 
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after  Loading... | 
| 162   if (matching_entry->sign_once) { | 163   if (matching_entry->sign_once) { | 
| 163     VLOG(1) << "Key is already allowed for signing, skipping."; | 164     VLOG(1) << "Key is already allowed for signing, skipping."; | 
| 164     return; | 165     return; | 
| 165   } | 166   } | 
| 166 | 167 | 
| 167   matching_entry->sign_once = true; | 168   matching_entry->sign_once = true; | 
| 168   WriteToStateStore(); | 169   WriteToStateStore(); | 
| 169 | 170 | 
| 170   DictionaryPrefUpdate update(profile_prefs_, prefs::kPlatformKeys); | 171   DictionaryPrefUpdate update(profile_prefs_, prefs::kPlatformKeys); | 
| 171 | 172 | 
| 172   scoped_ptr<base::DictionaryValue> new_pref_entry(new base::DictionaryValue); | 173   std::unique_ptr<base::DictionaryValue> new_pref_entry( | 
|  | 174       new base::DictionaryValue); | 
| 173   new_pref_entry->SetStringWithoutPathExpansion(kPrefKeyUsage, | 175   new_pref_entry->SetStringWithoutPathExpansion(kPrefKeyUsage, | 
| 174                                                 kPrefKeyUsageCorporate); | 176                                                 kPrefKeyUsageCorporate); | 
| 175 | 177 | 
| 176   update->SetWithoutPathExpansion(public_key_spki_der_b64, | 178   update->SetWithoutPathExpansion(public_key_spki_der_b64, | 
| 177                                   new_pref_entry.release()); | 179                                   new_pref_entry.release()); | 
| 178 } | 180 } | 
| 179 | 181 | 
| 180 void KeyPermissions::PermissionsForExtension::SetUserGrantedPermission( | 182 void KeyPermissions::PermissionsForExtension::SetUserGrantedPermission( | 
| 181     const std::string& public_key_spki_der) { | 183     const std::string& public_key_spki_der) { | 
| 182   if (!key_permissions_->CanUserGrantPermissionFor(public_key_spki_der)) { | 184   if (!key_permissions_->CanUserGrantPermissionFor(public_key_spki_der)) { | 
| (...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after  Loading... | 
| 267                                                  &new_entry.sign_unlimited); | 269                                                  &new_entry.sign_unlimited); | 
| 268       state_store_entries_.push_back(new_entry); | 270       state_store_entries_.push_back(new_entry); | 
| 269     } else { | 271     } else { | 
| 270       LOG(ERROR) << "Found invalid entry of type " << entry->GetType() | 272       LOG(ERROR) << "Found invalid entry of type " << entry->GetType() | 
| 271                  << " in PlatformKeys state store."; | 273                  << " in PlatformKeys state store."; | 
| 272       continue; | 274       continue; | 
| 273     } | 275     } | 
| 274   } | 276   } | 
| 275 } | 277 } | 
| 276 | 278 | 
| 277 scoped_ptr<base::Value> | 279 std::unique_ptr<base::Value> | 
| 278 KeyPermissions::PermissionsForExtension::KeyEntriesToState() { | 280 KeyPermissions::PermissionsForExtension::KeyEntriesToState() { | 
| 279   scoped_ptr<base::ListValue> new_state(new base::ListValue); | 281   std::unique_ptr<base::ListValue> new_state(new base::ListValue); | 
| 280   for (const KeyEntry& entry : state_store_entries_) { | 282   for (const KeyEntry& entry : state_store_entries_) { | 
| 281     // Drop entries that the extension doesn't have any permissions for anymore. | 283     // Drop entries that the extension doesn't have any permissions for anymore. | 
| 282     if (!entry.sign_once && !entry.sign_unlimited) | 284     if (!entry.sign_once && !entry.sign_unlimited) | 
| 283       continue; | 285       continue; | 
| 284 | 286 | 
| 285     scoped_ptr<base::DictionaryValue> new_entry(new base::DictionaryValue); | 287     std::unique_ptr<base::DictionaryValue> new_entry(new base::DictionaryValue); | 
| 286     new_entry->SetStringWithoutPathExpansion(kStateStoreSPKI, entry.spki_b64); | 288     new_entry->SetStringWithoutPathExpansion(kStateStoreSPKI, entry.spki_b64); | 
| 287     // Omit writing default values, namely |false|. | 289     // Omit writing default values, namely |false|. | 
| 288     if (entry.sign_once) { | 290     if (entry.sign_once) { | 
| 289       new_entry->SetBooleanWithoutPathExpansion(kStateStoreSignOnce, | 291       new_entry->SetBooleanWithoutPathExpansion(kStateStoreSignOnce, | 
| 290                                                 entry.sign_once); | 292                                                 entry.sign_once); | 
| 291     } | 293     } | 
| 292     if (entry.sign_unlimited) { | 294     if (entry.sign_unlimited) { | 
| 293       new_entry->SetBooleanWithoutPathExpansion(kStateStoreSignUnlimited, | 295       new_entry->SetBooleanWithoutPathExpansion(kStateStoreSignUnlimited, | 
| 294                                                 entry.sign_unlimited); | 296                                                 entry.sign_unlimited); | 
| 295     } | 297     } | 
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after  Loading... | 
| 367 | 369 | 
| 368 void KeyPermissions::RegisterProfilePrefs( | 370 void KeyPermissions::RegisterProfilePrefs( | 
| 369     user_prefs::PrefRegistrySyncable* registry) { | 371     user_prefs::PrefRegistrySyncable* registry) { | 
| 370   // For the format of the dictionary see the documentation at kPrefKeyUsage. | 372   // For the format of the dictionary see the documentation at kPrefKeyUsage. | 
| 371   registry->RegisterDictionaryPref(prefs::kPlatformKeys); | 373   registry->RegisterDictionaryPref(prefs::kPlatformKeys); | 
| 372 } | 374 } | 
| 373 | 375 | 
| 374 void KeyPermissions::CreatePermissionObjectAndPassToCallback( | 376 void KeyPermissions::CreatePermissionObjectAndPassToCallback( | 
| 375     const std::string& extension_id, | 377     const std::string& extension_id, | 
| 376     const PermissionsCallback& callback, | 378     const PermissionsCallback& callback, | 
| 377     scoped_ptr<base::Value> value) { | 379     std::unique_ptr<base::Value> value) { | 
| 378   callback.Run(make_scoped_ptr( | 380   callback.Run(base::WrapUnique( | 
| 379       new PermissionsForExtension(extension_id, std::move(value), | 381       new PermissionsForExtension(extension_id, std::move(value), | 
| 380                                   profile_prefs_, profile_policies_, this))); | 382                                   profile_prefs_, profile_policies_, this))); | 
| 381 } | 383 } | 
| 382 | 384 | 
| 383 void KeyPermissions::SetPlatformKeysOfExtension(const std::string& extension_id, | 385 void KeyPermissions::SetPlatformKeysOfExtension( | 
| 384                                                 scoped_ptr<base::Value> value) { | 386     const std::string& extension_id, | 
|  | 387     std::unique_ptr<base::Value> value) { | 
| 385   extensions_state_store_->SetExtensionValue( | 388   extensions_state_store_->SetExtensionValue( | 
| 386       extension_id, kStateStorePlatformKeys, std::move(value)); | 389       extension_id, kStateStorePlatformKeys, std::move(value)); | 
| 387 } | 390 } | 
| 388 | 391 | 
| 389 const base::DictionaryValue* KeyPermissions::GetPrefsEntry( | 392 const base::DictionaryValue* KeyPermissions::GetPrefsEntry( | 
| 390     const std::string& public_key_spki_der_b64) const { | 393     const std::string& public_key_spki_der_b64) const { | 
| 391   const base::DictionaryValue* platform_keys = | 394   const base::DictionaryValue* platform_keys = | 
| 392       profile_prefs_->GetDictionary(prefs::kPlatformKeys); | 395       profile_prefs_->GetDictionary(prefs::kPlatformKeys); | 
| 393 | 396 | 
| 394   const base::DictionaryValue* key_entry = nullptr; | 397   const base::DictionaryValue* key_entry = nullptr; | 
| 395   platform_keys->GetDictionaryWithoutPathExpansion(public_key_spki_der_b64, | 398   platform_keys->GetDictionaryWithoutPathExpansion(public_key_spki_der_b64, | 
| 396                                                    &key_entry); | 399                                                    &key_entry); | 
| 397   return key_entry; | 400   return key_entry; | 
| 398 } | 401 } | 
| 399 | 402 | 
| 400 }  // namespace chromeos | 403 }  // namespace chromeos | 
| OLD | NEW | 
|---|