Chromium Code Reviews Chromium Code Reviews
Issue 1953273002:
Add support to GCMKeyStore for multiple keys per app_id (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@iid6fixstore| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/gcm_driver/crypto/gcm_encryption_provider.h" | 5 #include "components/gcm_driver/crypto/gcm_encryption_provider.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/base64.h" | 9 #include "base/base64.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 70 // be created in memory rather than on-disk. | 70 // be created in memory rather than on-disk. |
| 71 if (!store_path.empty()) | 71 if (!store_path.empty()) |
| 72 encryption_store_path = store_path.Append(kEncryptionDirectoryName); | 72 encryption_store_path = store_path.Append(kEncryptionDirectoryName); |
| 73 | 73 |
| 74 key_store_.reset( | 74 key_store_.reset( |
| 75 new GCMKeyStore(encryption_store_path, blocking_task_runner)); | 75 new GCMKeyStore(encryption_store_path, blocking_task_runner)); |
| 76 } | 76 } |
| 77 | 77 |
| 78 void GCMEncryptionProvider::GetEncryptionInfo( | 78 void GCMEncryptionProvider::GetEncryptionInfo( |
| 79 const std::string& app_id, | 79 const std::string& app_id, |
| 80 const std::string& instance_id_authorized_entity, | |
| 80 const EncryptionInfoCallback& callback) { | 81 const EncryptionInfoCallback& callback) { |
| 81 DCHECK(key_store_); | 82 DCHECK(key_store_); |
| 82 key_store_->GetKeys( | 83 key_store_->GetKeys(app_id, instance_id_authorized_entity, |
| 83 app_id, base::Bind(&GCMEncryptionProvider::DidGetEncryptionInfo, | 84 false /* fallback_to_empty_authorized_entity */, |
| 84 weak_ptr_factory_.GetWeakPtr(), app_id, callback)); | 85 base::Bind(&GCMEncryptionProvider::DidGetEncryptionInfo, |
| 86 weak_ptr_factory_.GetWeakPtr(), app_id, | |
| 87 instance_id_authorized_entity, callback)); | |
| 85 } | 88 } |
| 86 | 89 |
| 87 void GCMEncryptionProvider::RemoveEncryptionInfo( | 90 void GCMEncryptionProvider::RemoveEncryptionInfo( |
| 88 const std::string& app_id, | 91 const std::string& app_id, |
| 92 const std::string& instance_id_authorized_entity, | |
| 89 const base::Closure& callback) { | 93 const base::Closure& callback) { |
| 90 DCHECK(key_store_); | 94 DCHECK(key_store_); |
| 91 key_store_->RemoveKeys(app_id, callback); | 95 key_store_->RemoveKeys(app_id, instance_id_authorized_entity, callback); |
| 92 } | 96 } |
| 93 | 97 |
| 94 bool GCMEncryptionProvider::IsEncryptedMessage(const IncomingMessage& message) | 98 bool GCMEncryptionProvider::IsEncryptedMessage(const IncomingMessage& message) |
| 95 const { | 99 const { |
| 96 // The Web Push protocol requires the encryption and crypto-key properties to | 100 // The Web Push protocol requires the encryption and crypto-key properties to |
| 97 // be set, and the raw_data field to be populated with the payload. | 101 // be set, and the raw_data field to be populated with the payload. |
| 98 if (message.data.find(kEncryptionProperty) == message.data.end() || | 102 if (message.data.find(kEncryptionProperty) == message.data.end() || |
| 99 message.data.find(kCryptoKeyProperty) == message.data.end()) | 103 message.data.find(kCryptoKeyProperty) == message.data.end()) |
| 100 return false; | 104 return false; |
| 101 | 105 |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 148 } | 152 } |
| 149 | 153 |
| 150 if (crypto_key_header_values.size() != 1u || | 154 if (crypto_key_header_values.size() != 1u || |
| 151 !crypto_key_header_values[0].dh.size()) { | 155 !crypto_key_header_values[0].dh.size()) { |
| 152 DLOG(ERROR) << "Invalid values supplied in the Crypto-Key header"; | 156 DLOG(ERROR) << "Invalid values supplied in the Crypto-Key header"; |
| 153 callback.Run(DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER, | 157 callback.Run(DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER, |
| 154 IncomingMessage()); | 158 IncomingMessage()); |
| 155 return; | 159 return; |
| 156 } | 160 } |
| 157 | 161 |
| 158 key_store_->GetKeys( | 162 // At this point we don't know whether this message is for an InstanceID token |
| 159 app_id, base::Bind(&GCMEncryptionProvider::DecryptMessageWithKey, | 163 // (key store owner = app_id + ',' + sender_id) or a legacy GCM registration |
|
Peter Beverloo
2016/05/09 14:10:09
Mentioning the key store owner and its format has
johnme
2016/05/09 18:15:54
I changed this to: "
// Use |fallback_to_empty_a
| |
| 160 weak_ptr_factory_.GetWeakPtr(), message, | 164 // (key store owner = app_id). Try the more specific one first; if that fails, |
| 161 callback, encryption_header_values[0].salt, | 165 // DecryptMessageWithKey will fall back to the other. |
| 162 crypto_key_header_values[0].dh, | 166 key_store_->GetKeys(app_id, |
| 163 encryption_header_values[0].rs)); | 167 message.sender_id /* instance_id_authorized_entity */, |
| 168 true /* fallback_to_empty_authorized_entity */, | |
| 169 base::Bind(&GCMEncryptionProvider::DecryptMessageWithKey, | |
| 170 weak_ptr_factory_.GetWeakPtr(), message, | |
| 171 callback, encryption_header_values[0].salt, | |
| 172 crypto_key_header_values[0].dh, | |
| 173 encryption_header_values[0].rs)); | |
| 164 } | 174 } |
| 165 | 175 |
| 166 void GCMEncryptionProvider::DidGetEncryptionInfo( | 176 void GCMEncryptionProvider::DidGetEncryptionInfo( |
| 167 const std::string& app_id, | 177 const std::string& app_id, |
| 178 const std::string& instance_id_authorized_entity, | |
| 168 const EncryptionInfoCallback& callback, | 179 const EncryptionInfoCallback& callback, |
| 169 const KeyPair& pair, | 180 const KeyPair& pair, |
| 170 const std::string& auth_secret) { | 181 const std::string& auth_secret) { |
| 171 if (!pair.IsInitialized()) { | 182 if (!pair.IsInitialized()) { |
| 172 key_store_->CreateKeys( | 183 key_store_->CreateKeys( |
| 173 app_id, base::Bind(&GCMEncryptionProvider::DidCreateEncryptionInfo, | 184 app_id, instance_id_authorized_entity, |
| 174 weak_ptr_factory_.GetWeakPtr(), callback)); | 185 base::Bind(&GCMEncryptionProvider::DidCreateEncryptionInfo, |
| 186 weak_ptr_factory_.GetWeakPtr(), callback)); | |
| 175 return; | 187 return; |
| 176 } | 188 } |
| 177 | 189 |
| 178 DCHECK_EQ(KeyPair::ECDH_P256, pair.type()); | 190 DCHECK_EQ(KeyPair::ECDH_P256, pair.type()); |
| 179 callback.Run(pair.public_key(), auth_secret); | 191 callback.Run(pair.public_key(), auth_secret); |
| 180 } | 192 } |
| 181 | 193 |
| 182 void GCMEncryptionProvider::DidCreateEncryptionInfo( | 194 void GCMEncryptionProvider::DidCreateEncryptionInfo( |
| 183 const EncryptionInfoCallback& callback, | 195 const EncryptionInfoCallback& callback, |
| 184 const KeyPair& pair, | 196 const KeyPair& pair, |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 235 decrypted_message.decrypted = true; | 247 decrypted_message.decrypted = true; |
| 236 | 248 |
| 237 // There must be no data associated with the decrypted message at this point, | 249 // There must be no data associated with the decrypted message at this point, |
| 238 // to make sure that we don't end up in an infinite decryption loop. | 250 // to make sure that we don't end up in an infinite decryption loop. |
| 239 DCHECK_EQ(0u, decrypted_message.data.size()); | 251 DCHECK_EQ(0u, decrypted_message.data.size()); |
| 240 | 252 |
| 241 callback.Run(DECRYPTION_RESULT_DECRYPTED, decrypted_message); | 253 callback.Run(DECRYPTION_RESULT_DECRYPTED, decrypted_message); |
| 242 } | 254 } |
| 243 | 255 |
| 244 } // namespace gcm | 256 } // namespace gcm |
| OLD | NEW |
