OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/platform_keys/key_permissions.h" | 5 #include "chrome/browser/chromeos/platform_keys/key_permissions.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/base64.h" | 9 #include "base/base64.h" |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
11 #include "base/callback.h" | 11 #include "base/callback.h" |
12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/memory/ptr_util.h" |
13 #include "base/values.h" | 14 #include "base/values.h" |
14 #include "chrome/common/pref_names.h" | 15 #include "chrome/common/pref_names.h" |
15 #include "components/policy/core/common/policy_map.h" | 16 #include "components/policy/core/common/policy_map.h" |
16 #include "components/policy/core/common/policy_namespace.h" | 17 #include "components/policy/core/common/policy_namespace.h" |
17 #include "components/policy/core/common/policy_service.h" | 18 #include "components/policy/core/common/policy_service.h" |
18 #include "components/pref_registry/pref_registry_syncable.h" | 19 #include "components/pref_registry/pref_registry_syncable.h" |
19 #include "components/prefs/pref_service.h" | 20 #include "components/prefs/pref_service.h" |
20 #include "components/prefs/scoped_user_pref_update.h" | 21 #include "components/prefs/scoped_user_pref_update.h" |
21 #include "extensions/browser/state_store.h" | 22 #include "extensions/browser/state_store.h" |
22 #include "policy/policy_constants.h" | 23 #include "policy/policy_constants.h" |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
81 | 82 |
82 // True if the key can be used for signing an unlimited number of times. | 83 // True if the key can be used for signing an unlimited number of times. |
83 // This permission is granted by the user to allow the extension to use the | 84 // This permission is granted by the user to allow the extension to use the |
84 // key for signing through the enterprise.platformKeys or platformKeys API. | 85 // key for signing through the enterprise.platformKeys or platformKeys API. |
85 // This permission is granted until revoked by the user or the policy. | 86 // This permission is granted until revoked by the user or the policy. |
86 bool sign_unlimited = false; | 87 bool sign_unlimited = false; |
87 }; | 88 }; |
88 | 89 |
89 KeyPermissions::PermissionsForExtension::PermissionsForExtension( | 90 KeyPermissions::PermissionsForExtension::PermissionsForExtension( |
90 const std::string& extension_id, | 91 const std::string& extension_id, |
91 scoped_ptr<base::Value> state_store_value, | 92 std::unique_ptr<base::Value> state_store_value, |
92 PrefService* profile_prefs, | 93 PrefService* profile_prefs, |
93 policy::PolicyService* profile_policies, | 94 policy::PolicyService* profile_policies, |
94 KeyPermissions* key_permissions) | 95 KeyPermissions* key_permissions) |
95 : extension_id_(extension_id), | 96 : extension_id_(extension_id), |
96 profile_prefs_(profile_prefs), | 97 profile_prefs_(profile_prefs), |
97 profile_policies_(profile_policies), | 98 profile_policies_(profile_policies), |
98 key_permissions_(key_permissions) { | 99 key_permissions_(key_permissions) { |
99 DCHECK(profile_prefs_); | 100 DCHECK(profile_prefs_); |
100 DCHECK(profile_policies_); | 101 DCHECK(profile_policies_); |
101 DCHECK(key_permissions_); | 102 DCHECK(key_permissions_); |
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
162 if (matching_entry->sign_once) { | 163 if (matching_entry->sign_once) { |
163 VLOG(1) << "Key is already allowed for signing, skipping."; | 164 VLOG(1) << "Key is already allowed for signing, skipping."; |
164 return; | 165 return; |
165 } | 166 } |
166 | 167 |
167 matching_entry->sign_once = true; | 168 matching_entry->sign_once = true; |
168 WriteToStateStore(); | 169 WriteToStateStore(); |
169 | 170 |
170 DictionaryPrefUpdate update(profile_prefs_, prefs::kPlatformKeys); | 171 DictionaryPrefUpdate update(profile_prefs_, prefs::kPlatformKeys); |
171 | 172 |
172 scoped_ptr<base::DictionaryValue> new_pref_entry(new base::DictionaryValue); | 173 std::unique_ptr<base::DictionaryValue> new_pref_entry( |
| 174 new base::DictionaryValue); |
173 new_pref_entry->SetStringWithoutPathExpansion(kPrefKeyUsage, | 175 new_pref_entry->SetStringWithoutPathExpansion(kPrefKeyUsage, |
174 kPrefKeyUsageCorporate); | 176 kPrefKeyUsageCorporate); |
175 | 177 |
176 update->SetWithoutPathExpansion(public_key_spki_der_b64, | 178 update->SetWithoutPathExpansion(public_key_spki_der_b64, |
177 new_pref_entry.release()); | 179 new_pref_entry.release()); |
178 } | 180 } |
179 | 181 |
180 void KeyPermissions::PermissionsForExtension::SetUserGrantedPermission( | 182 void KeyPermissions::PermissionsForExtension::SetUserGrantedPermission( |
181 const std::string& public_key_spki_der) { | 183 const std::string& public_key_spki_der) { |
182 if (!key_permissions_->CanUserGrantPermissionFor(public_key_spki_der)) { | 184 if (!key_permissions_->CanUserGrantPermissionFor(public_key_spki_der)) { |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
267 &new_entry.sign_unlimited); | 269 &new_entry.sign_unlimited); |
268 state_store_entries_.push_back(new_entry); | 270 state_store_entries_.push_back(new_entry); |
269 } else { | 271 } else { |
270 LOG(ERROR) << "Found invalid entry of type " << entry->GetType() | 272 LOG(ERROR) << "Found invalid entry of type " << entry->GetType() |
271 << " in PlatformKeys state store."; | 273 << " in PlatformKeys state store."; |
272 continue; | 274 continue; |
273 } | 275 } |
274 } | 276 } |
275 } | 277 } |
276 | 278 |
277 scoped_ptr<base::Value> | 279 std::unique_ptr<base::Value> |
278 KeyPermissions::PermissionsForExtension::KeyEntriesToState() { | 280 KeyPermissions::PermissionsForExtension::KeyEntriesToState() { |
279 scoped_ptr<base::ListValue> new_state(new base::ListValue); | 281 std::unique_ptr<base::ListValue> new_state(new base::ListValue); |
280 for (const KeyEntry& entry : state_store_entries_) { | 282 for (const KeyEntry& entry : state_store_entries_) { |
281 // Drop entries that the extension doesn't have any permissions for anymore. | 283 // Drop entries that the extension doesn't have any permissions for anymore. |
282 if (!entry.sign_once && !entry.sign_unlimited) | 284 if (!entry.sign_once && !entry.sign_unlimited) |
283 continue; | 285 continue; |
284 | 286 |
285 scoped_ptr<base::DictionaryValue> new_entry(new base::DictionaryValue); | 287 std::unique_ptr<base::DictionaryValue> new_entry(new base::DictionaryValue); |
286 new_entry->SetStringWithoutPathExpansion(kStateStoreSPKI, entry.spki_b64); | 288 new_entry->SetStringWithoutPathExpansion(kStateStoreSPKI, entry.spki_b64); |
287 // Omit writing default values, namely |false|. | 289 // Omit writing default values, namely |false|. |
288 if (entry.sign_once) { | 290 if (entry.sign_once) { |
289 new_entry->SetBooleanWithoutPathExpansion(kStateStoreSignOnce, | 291 new_entry->SetBooleanWithoutPathExpansion(kStateStoreSignOnce, |
290 entry.sign_once); | 292 entry.sign_once); |
291 } | 293 } |
292 if (entry.sign_unlimited) { | 294 if (entry.sign_unlimited) { |
293 new_entry->SetBooleanWithoutPathExpansion(kStateStoreSignUnlimited, | 295 new_entry->SetBooleanWithoutPathExpansion(kStateStoreSignUnlimited, |
294 entry.sign_unlimited); | 296 entry.sign_unlimited); |
295 } | 297 } |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
367 | 369 |
368 void KeyPermissions::RegisterProfilePrefs( | 370 void KeyPermissions::RegisterProfilePrefs( |
369 user_prefs::PrefRegistrySyncable* registry) { | 371 user_prefs::PrefRegistrySyncable* registry) { |
370 // For the format of the dictionary see the documentation at kPrefKeyUsage. | 372 // For the format of the dictionary see the documentation at kPrefKeyUsage. |
371 registry->RegisterDictionaryPref(prefs::kPlatformKeys); | 373 registry->RegisterDictionaryPref(prefs::kPlatformKeys); |
372 } | 374 } |
373 | 375 |
374 void KeyPermissions::CreatePermissionObjectAndPassToCallback( | 376 void KeyPermissions::CreatePermissionObjectAndPassToCallback( |
375 const std::string& extension_id, | 377 const std::string& extension_id, |
376 const PermissionsCallback& callback, | 378 const PermissionsCallback& callback, |
377 scoped_ptr<base::Value> value) { | 379 std::unique_ptr<base::Value> value) { |
378 callback.Run(make_scoped_ptr( | 380 callback.Run(base::WrapUnique( |
379 new PermissionsForExtension(extension_id, std::move(value), | 381 new PermissionsForExtension(extension_id, std::move(value), |
380 profile_prefs_, profile_policies_, this))); | 382 profile_prefs_, profile_policies_, this))); |
381 } | 383 } |
382 | 384 |
383 void KeyPermissions::SetPlatformKeysOfExtension(const std::string& extension_id, | 385 void KeyPermissions::SetPlatformKeysOfExtension( |
384 scoped_ptr<base::Value> value) { | 386 const std::string& extension_id, |
| 387 std::unique_ptr<base::Value> value) { |
385 extensions_state_store_->SetExtensionValue( | 388 extensions_state_store_->SetExtensionValue( |
386 extension_id, kStateStorePlatformKeys, std::move(value)); | 389 extension_id, kStateStorePlatformKeys, std::move(value)); |
387 } | 390 } |
388 | 391 |
389 const base::DictionaryValue* KeyPermissions::GetPrefsEntry( | 392 const base::DictionaryValue* KeyPermissions::GetPrefsEntry( |
390 const std::string& public_key_spki_der_b64) const { | 393 const std::string& public_key_spki_der_b64) const { |
391 const base::DictionaryValue* platform_keys = | 394 const base::DictionaryValue* platform_keys = |
392 profile_prefs_->GetDictionary(prefs::kPlatformKeys); | 395 profile_prefs_->GetDictionary(prefs::kPlatformKeys); |
393 | 396 |
394 const base::DictionaryValue* key_entry = nullptr; | 397 const base::DictionaryValue* key_entry = nullptr; |
395 platform_keys->GetDictionaryWithoutPathExpansion(public_key_spki_der_b64, | 398 platform_keys->GetDictionaryWithoutPathExpansion(public_key_spki_der_b64, |
396 &key_entry); | 399 &key_entry); |
397 return key_entry; | 400 return key_entry; |
398 } | 401 } |
399 | 402 |
400 } // namespace chromeos | 403 } // namespace chromeos |
OLD | NEW |