Implementation for chrome.certificateProvider.requestPin/stopPinRequest

chrome/browser/chromeos/certificate_provider/certificate_provider_service.h

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_CERTIFICATE_PROVIDER_CERTIFICATE_PROVIDER_SERVICE_H_
 #define CHROME_BROWSER_CHROMEOS_CERTIFICATE_PROVIDER_CERTIFICATE_PROVIDER_SERVICE_H_
 
 #include <stdint.h>
 
 #include <map>
 #include <memory>
 #include <string>
 #include <vector>
 
+#include "base/callback.h"
 #include "base/callback_forward.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/weak_ptr.h"
 #include "base/threading/thread_checker.h"
 #include "chrome/browser/chromeos/certificate_provider/certificate_info.h"
 #include "chrome/browser/chromeos/certificate_provider/certificate_requests.h"
 #include "chrome/browser/chromeos/certificate_provider/sign_requests.h"
 #include "chrome/browser/chromeos/certificate_provider/thread_safe_certificate_map.h"
+#include "chrome/browser/chromeos/ui/request_pin_view.h"
 #include "components/keyed_service/core/keyed_service.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/ssl_private_key.h"
 
 namespace chromeos {
 
 class CertificateProvider;
 
+enum RequestPinResponse { SUCCESS, INVALID_ID, OTHER_FLOW_IN_PROGRESS };
+
 // A keyed service that manages registrations of extensions as certificate
 // providers. It exposes all certificates that are provided by extensions
 // through a |CertificateProvider| object that can be created using
 // |CreateCertificateProvider()|. Private key handles are exposed through
 // net::ClientKeyStore. Sign operations are routed to the extension that exposed
 // the certificate.
 //
 // The typical order of execution is as follows:
 //  1. HTTPS server requests client certs or
 //     chrome.platformKeys.selectClientCertificates is called.
@@ skipping 101 matching lines @@
   // call its |GetCertificates()|. The returned provider is valid even after the
   // destruction of this service.
   // The returned provider can be used on any thread.
   std::unique_ptr<CertificateProvider> CreateCertificateProvider();
 
   // Must be called if extension with id |extension_id| is unloaded and cannot
   // serve certificates anymore. This should be called everytime the
   // corresponding notification of the ExtensionRegistry is triggered.
   void OnExtensionUnloaded(const std::string& extension_id);
 
+  // The user provided input to dialog. |closed| tells whether the dialog was
+  // closed by the user without providing any input.
+  void OnPinDialogInput(const std::string& extension_id, const bool closed);
+
+  // This callback function is called by the view when user closes the PIN
+  // dialog while the last input is still processing at extension side. |value|
+  // is not used, but checked that it's empty.
+  void OnFlowInterrupted(const base::string16& value);
+
+  // Returns whether the last PIN dialog from this extension was closed by the
+  // user.
+  bool LastPinDialogClosed(const std::string& extension_id);
+
+  // Updates the existing dialog with new error message. Uses callback with
+  // empty string when user closes the dialog. Returns whether the provided
+  // extension_id matches the extension owning the active dialog.
+  bool UpdatePinDialog(const std::string& extension_id,
+                       const base::string16& error_message,
+                       const bool accept_input,
+                       const RequestPinView::RequestPinCallback& callback);
+
+  // Creates a new RequestPinView object and displays it in a dialog or reuses
+  // the old dialog if active one exists just updating the parameters. Returns
+  // SUCCESS if the dialog is displayed and extension owns it. Otherwise the
+  // the specific error is returned.

[stevenjb, 2016/08/09 21:04:39]

Describe each of the input parameters, many are unclear.

[igorcov1, 2016/08/10 18:05:03]

Done.

+  RequestPinResponse ShowPinDialog(
+      const std::string& extension_id,
+      const std::string& extension_name,
+      const long long sign_request_id,
+      const std::string& dialog_type,
+      const base::string16& error_message,
+      const bool accept_input,
+      const RequestPinView::RequestPinCallback& callback);
+
+  // This function is called when extension calls the stopPinRequest method.
+  // The active dialog is closed if the |extension_id| matches the
+  // |active_dialog_extension_id_|. Returns whether the dialog was closed.
+  bool CloseDialog(const std::string& extension_id);
+
+  // Stores internally the |signRequestId| along with current timestamp. Also
+  // cleans up the storage from expired IDs. In unlikely case that the ID
+  // exists in the storage, returns false. Otherwise returns true.
+  bool AddSignRequestId(const uint64_t signRequestId);
+
+  RequestPinView* active_view_for_testing() { return active_pin_dialog_; }
+  views::Widget* active_window_for_testing() { return active_window_; }

[stevenjb, 2016/08/09 21:04:39]

This is a lot of UI specific code added to a class that currently doesn't have
any real src/chrome dependencies and should probably get moved to
src/extensions.

We should create a separate class for managing pin dialog requests. That way in
the future we can set up a delegate interface between this class and the pin
dialog implementation. (No need to create the delegate for now since we don't
currently need it). This will also keep the classes smaller and more
maintainable.

[igorcov1, 2016/08/10 18:05:03]

Created the PinDialogManager class to manage the dialog implementation.
CertificateProviderService thus acts as a proxy providing the PinDialogManager
to the parties that need it (currently CertificateProviderApi and
CertificateProviderServiceFactory)

+
  private:
   class CertKeyProviderImpl;
   class CertificateProviderImpl;
   class SSLPrivateKey;
 
   // Requests the current list of certificates from every registered extension.
   // Once all extensions replied or a timeout was reached, the internal
   // |extension_to_certificates_| is updated and |callback| is run with the
   // retrieved list of certificates.
   void GetCertificatesFromExtensions(
@@ skipping 15 matching lines @@
   // Requests extension with |extension_id| to sign |digest| with the private
   // key certified by |certificate|. |hash| was used to create |digest|.
   // |callback| will be run with the reply of the extension or an error.
   void RequestSignatureFromExtension(
       const std::string& extension_id,
       const scoped_refptr<net::X509Certificate>& certificate,
       net::SSLPrivateKey::Hash hash,
       const std::string& digest,
       const net::SSLPrivateKey::SignCallback& callback);
 
+  // Cleans the map of sign request ids, removing the ones that have expired.
+  void RemoveExpiredSignRequests(timeval* tv);
+
   std::unique_ptr<Delegate> delegate_;
 
   // An instance of net::ClientKeyStore::CertKeyProvider that is registered at
   // the net::ClientKeyStore singleton.
   std::unique_ptr<CertKeyProviderImpl> cert_key_provider_;
 
   // State about all pending sign requests.
   certificate_provider::SignRequests sign_requests_;
 
   // Contains all pending certificate requests.
   certificate_provider::CertificateRequests certificate_requests_;
 
+  // State about the last response from user to the requestPin from extension.
+  std::map<std::string, bool> last_rejected_;
+
+  // The map with sign request ids issued by Chrome as key and the time when the
+  // id was generated as value.
+  std::map<uint64_t, uint64_t> sign_request_ids_;
+
+  // There can be only one active dialog to request PIN from this extension.
+  // Keeps the ownership.
+  chromeos::RequestPinView* active_pin_dialog_ = nullptr;
+  std::string active_dialog_extension_id_;
+  views::Widget* active_window_ = nullptr;
+
   // Contains all certificates that the extensions returned during the lifetime
   // of this service. Each certificate is associated with the extension that
   // reported the certificate in response to the most recent certificate
   // request. If a certificate was reported previously but in the most recent
   // responses, it is still cached but not loses it's association with any
   // extension. This ensures that a certificate can't magically appear as
   // platform certificate (e.g. in the client certificate selection dialog)
   // after an extension doesn't report it anymore.
   certificate_provider::ThreadSafeCertificateMap certificate_map_;
 
   base::ThreadChecker thread_checker_;
   base::WeakPtrFactory<CertificateProviderService> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(CertificateProviderService);
 };
 
 }  // namespace chromeos
 
 #endif  // CHROME_BROWSER_CHROMEOS_CERTIFICATE_PROVIDER_CERTIFICATE_PROVIDER_SERVICE_H_