Implementation for chrome.certificateProvider.requestPin/stopPinRequest

chrome/browser/chromeos/certificate_provider/certificate_provider_service.h

Index: chrome/browser/chromeos/certificate_provider/certificate_provider_service.h
diff --git a/chrome/browser/chromeos/certificate_provider/certificate_provider_service.h b/chrome/browser/chromeos/certificate_provider/certificate_provider_service.h
index dada1f2250e74172a72f935196dadba9d9a347ee..3d3302ef88055dae8b80525e72c83746aaa94d4c 100644
--- a/chrome/browser/chromeos/certificate_provider/certificate_provider_service.h
+++ b/chrome/browser/chromeos/certificate_provider/certificate_provider_service.h
@@ -12,6 +12,7 @@
 #include <string>
 #include <vector>
 
+#include "base/callback.h"
 #include "base/callback_forward.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
@@ -21,6 +22,7 @@
 #include "chrome/browser/chromeos/certificate_provider/certificate_requests.h"
 #include "chrome/browser/chromeos/certificate_provider/sign_requests.h"
 #include "chrome/browser/chromeos/certificate_provider/thread_safe_certificate_map.h"
+#include "chrome/browser/chromeos/ui/request_pin_view.h"
 #include "components/keyed_service/core/keyed_service.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/ssl_private_key.h"
@@ -29,6 +31,8 @@ namespace chromeos {
 
 class CertificateProvider;
 
+enum RequestPinResponse { SUCCESS, INVALID_ID, OTHER_FLOW_IN_PROGRESS };
+
 // A keyed service that manages registrations of extensions as certificate
 // providers. It exposes all certificates that are provided by extensions
 // through a |CertificateProvider| object that can be created using
@@ -150,6 +154,53 @@ class CertificateProviderService : public KeyedService {
   // corresponding notification of the ExtensionRegistry is triggered.
   void OnExtensionUnloaded(const std::string& extension_id);
 
+  // The user provided input to dialog. |closed| tells whether the dialog was
+  // closed by the user without providing any input.
+  void OnPinDialogInput(const std::string& extension_id, const bool closed);
+
+  // This callback function is called by the view when user closes the PIN
+  // dialog while the last input is still processing at extension side. |value|
+  // is not used, but checked that it's empty.
+  void OnFlowInterrupted(const base::string16& value);
+
+  // Returns whether the last PIN dialog from this extension was closed by the
+  // user.
+  bool LastPinDialogClosed(const std::string& extension_id);
+
+  // Updates the existing dialog with new error message. Uses callback with
+  // empty string when user closes the dialog. Returns whether the provided
+  // extension_id matches the extension owning the active dialog.
+  bool UpdatePinDialog(const std::string& extension_id,
+                       const base::string16& error_message,
+                       const bool accept_input,
+                       const RequestPinView::RequestPinCallback& callback);
+
+  // Creates a new RequestPinView object and displays it in a dialog or reuses
+  // the old dialog if active one exists just updating the parameters. Returns
+  // SUCCESS if the dialog is displayed and extension owns it. Otherwise the
+  // the specific error is returned.

[stevenjb, 2016/08/09 21:04:39]

Describe each of the input parameters, many are unclear.

[igorcov1, 2016/08/10 18:05:03]

Done.

+  RequestPinResponse ShowPinDialog(
+      const std::string& extension_id,
+      const std::string& extension_name,
+      const long long sign_request_id,
+      const std::string& dialog_type,
+      const base::string16& error_message,
+      const bool accept_input,
+      const RequestPinView::RequestPinCallback& callback);
+
+  // This function is called when extension calls the stopPinRequest method.
+  // The active dialog is closed if the |extension_id| matches the
+  // |active_dialog_extension_id_|. Returns whether the dialog was closed.
+  bool CloseDialog(const std::string& extension_id);
+
+  // Stores internally the |signRequestId| along with current timestamp. Also
+  // cleans up the storage from expired IDs. In unlikely case that the ID
+  // exists in the storage, returns false. Otherwise returns true.
+  bool AddSignRequestId(const uint64_t signRequestId);
+
+  RequestPinView* active_view_for_testing() { return active_pin_dialog_; }
+  views::Widget* active_window_for_testing() { return active_window_; }

[stevenjb, 2016/08/09 21:04:39]

This is a lot of UI specific code added to a class that currently doesn't have
any real src/chrome dependencies and should probably get moved to
src/extensions.

We should create a separate class for managing pin dialog requests. That way in
the future we can set up a delegate interface between this class and the pin
dialog implementation. (No need to create the delegate for now since we don't
currently need it). This will also keep the classes smaller and more
maintainable.

[igorcov1, 2016/08/10 18:05:03]

Created the PinDialogManager class to manage the dialog implementation.
CertificateProviderService thus acts as a proxy providing the PinDialogManager
to the parties that need it (currently CertificateProviderApi and
CertificateProviderServiceFactory)

+
  private:
   class CertKeyProviderImpl;
   class CertificateProviderImpl;
@@ -185,6 +236,9 @@ class CertificateProviderService : public KeyedService {
       const std::string& digest,
       const net::SSLPrivateKey::SignCallback& callback);
 
+  // Cleans the map of sign request ids, removing the ones that have expired.
+  void RemoveExpiredSignRequests(timeval* tv);
+
   std::unique_ptr<Delegate> delegate_;
 
   // An instance of net::ClientKeyStore::CertKeyProvider that is registered at
@@ -197,6 +251,19 @@ class CertificateProviderService : public KeyedService {
   // Contains all pending certificate requests.
   certificate_provider::CertificateRequests certificate_requests_;
 
+  // State about the last response from user to the requestPin from extension.
+  std::map<std::string, bool> last_rejected_;
+
+  // The map with sign request ids issued by Chrome as key and the time when the
+  // id was generated as value.
+  std::map<uint64_t, uint64_t> sign_request_ids_;
+
+  // There can be only one active dialog to request PIN from this extension.
+  // Keeps the ownership.
+  chromeos::RequestPinView* active_pin_dialog_ = nullptr;
+  std::string active_dialog_extension_id_;
+  views::Widget* active_window_ = nullptr;
+
   // Contains all certificates that the extensions returned during the lifetime
   // of this service. Each certificate is associated with the extension that
   // reported the certificate in response to the most recent certificate