The chrome.lockScreen.data API implementation

extensions/browser/api/lock_screen_data/data_item.cc

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "extensions/browser/api/lock_screen_data/data_item.h"
+
+#include <utility>
+
+#include "base/base64.h"
+#include "base/bind.h"
+#include "base/files/file.h"
+#include "base/files/file_path.h"
+#include "base/files/file_util.h"
+#include "base/location.h"
+#include "base/memory/ptr_util.h"
+#include "base/sequenced_task_runner.h"
+#include "base/task_scheduler/post_task.h"
+#include "base/values.h"
+#include "crypto/encryptor.h"
+#include "crypto/symmetric_key.h"
+#include "extensions/browser/api/lock_screen_data/operation_result.h"
+#include "extensions/browser/api/storage/local_value_store_cache.h"
+#include "extensions/browser/extension_registry.h"
+#include "extensions/browser/value_store/value_store.h"
+
+namespace extensions {
+namespace lock_screen_data {
+
+namespace {
+
+// Key for the dictionary in the value store containing all items registered
+// for the extension.
+const char kStoreKeyRegisteredItems[] = "registered_items";
+
+constexpr int kAesInitializationVectorLength = 16;
+
+// Encrypts |data| with AES key |raw_key|. Returns whether the encryption was
+// successful, in which case |*result| will be set to the encrypted data.
+bool EncryptData(const std::vector<char> data,
+                 const std::string& raw_key,
+                 std::string* result) {
+  std::string iv(kAesInitializationVectorLength, ' ');

[Devlin, 2017/07/12 02:13:40]

nit: avoid uncommon abbreviations.

[tbarzic, 2017/07/12 04:02:11]

Done.

+  std::unique_ptr<crypto::SymmetricKey> key =
+      crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key);
+  if (!key)
+    return false;
+
+  crypto::Encryptor encryptor;
+  if (!encryptor.Init(key.get(), crypto::Encryptor::CBC, iv))
+    return false;
+
+  return encryptor.Encrypt(std::string(data.data(), data.size()), result);
+}
+
+// Decrypts |data| content using AES key |raw_key|. Returns the operation result
+// code. On success, |*result| will be set to the clear-text data.
+OperationResult DecryptData(const std::string& data,
+                            const std::string& raw_key,
+                            std::vector<char>* result) {
+  std::string iv(kAesInitializationVectorLength, ' ');
+  std::unique_ptr<crypto::SymmetricKey> key =
+      crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key);
+  if (!key)
+    return OperationResult::kInvalidKey;
+
+  crypto::Encryptor encryptor;
+  if (!encryptor.Init(key.get(), crypto::Encryptor::CBC, iv))
+    return OperationResult::kInvalidKey;
+
+  std::string decrypted;
+  if (!encryptor.Decrypt(data, &decrypted))
+    return OperationResult::kWrongKey;
+
+  *result =
+      std::vector<char>(decrypted.data(), decrypted.data() + decrypted.size());
+
+  return OperationResult::kSuccess;
+}
+
+// Returns whether the value store |store| contains a registered item with ID
+// |item_id|.
+bool IsItemRegistered(ValueStore* store, const std::string& item_id) {
+  ValueStore::ReadResult read = store->Get(kStoreKeyRegisteredItems);
+
+  const base::DictionaryValue* registered_items = nullptr;
+  return read->status().ok() &&
+         read->settings().GetDictionary(kStoreKeyRegisteredItems,
+                                        &registered_items) &&
+         registered_items->HasKey(item_id);
+}
+
+// Gets a dictionary value that contains set of all registered data items from
+// the values store |store|.
+// |result| - the item fetch operation status code.
+// |value| - on success, set to the dictionary containing registered data items.
+//     Note that the dictionary will not contain data item content.
+void GetRegisteredItems(OperationResult* result,

[Devlin, 2017/07/12 02:13:40]

maybe return the result, to be more consistent with other methods?

[tbarzic, 2017/07/12 04:02:10]

This is a callback invoked by ValueStoreCache::RunWithValueStoreForExtension
(i.e. it has to be passable as  ValueStoreCache::StorageCallback), so it can't
return the result.

+                        base::DictionaryValue* values,
+                        ValueStore* store) {
+  ValueStore::ReadResult read = store->Get(kStoreKeyRegisteredItems);
+
+  values->Clear();
+
+  std::unique_ptr<base::Value> registered_items;
+  if (!read->status().ok()) {
+    *result = OperationResult::kFailed;
+    return;
+  }
+
+  // If the registered items dictionary cannot be found, assume no items have
+  // yet been registered, and return empty result.
+  if (!read->settings().Remove(kStoreKeyRegisteredItems, &registered_items)) {

[Devlin, 2017/07/12 02:13:40]

Why do we remove the items here?

[tbarzic, 2017/07/12 04:02:10]

To avoid doing an uneeded copy of registered items.

Basically, we want 'registered_items' in settings:
{
  'registered_items': {}
}
So, it makes more sense to take the ownership of the 'registered_items'
dictionary like this than to create deep copy of the dictionary just before
settings object is destroyed (note that ValueStore::ReadResult is an unique_ptr,
and it goes out of scope in this method).

+    *result = OperationResult::kSuccess;
+    return;
+  }
+
+  std::unique_ptr<base::DictionaryValue> items_dict =
+      base::DictionaryValue::From(std::move(registered_items));
+
+  *result =
+      items_dict.get() ? OperationResult::kSuccess : OperationResult::kFailed;
+  if (items_dict)
+    values->Swap(items_dict.get());
+}
+
+// Registers a data item with ID |item_id| in value store |store|.
+void RegisterItem(OperationResult* result,

[Devlin, 2017/07/12 02:13:40]

ditto, return the result

[tbarzic, 2017/07/12 04:02:10]

same response

+                  const std::string& item_id,
+                  ValueStore* store) {
+  ValueStore::ReadResult read = store->Get(kStoreKeyRegisteredItems);
+
+  std::unique_ptr<base::Value> registered_items;
+  if (!read->status().ok()) {
+    *result = OperationResult::kFailed;
+    return;
+  }
+  if (!read->settings().Remove(kStoreKeyRegisteredItems, &registered_items))
+    registered_items = base::MakeUnique<base::DictionaryValue>();
+
+  std::unique_ptr<base::DictionaryValue> dict =
+      base::DictionaryValue::From(std::move(registered_items));
+  if (!dict) {
+    *result = OperationResult::kFailed;
+    return;
+  }
+
+  if (dict->HasKey(item_id)) {
+    *result = OperationResult::kAlreadyRegistered;
+    return;
+  }
+
+  dict->Set(item_id, base::MakeUnique<base::DictionaryValue>());

[Devlin, 2017/07/12 02:13:40]

why do we set item ids to empty dictionaries?

[tbarzic, 2017/07/12 04:02:11]

We have to set them to something this makes it easier to extend the API in the
future - in case we wanted to add some information about item state here
(e.g. in case we wanted to track which items are "dirty", as in modified since
last unlock; or in case we wanted to allow the app to anottate items (without
requiring the app to fetch the whole item content)).

+
+  ValueStore::WriteResult write =
+      store->Set(ValueStore::DEFAULTS, kStoreKeyRegisteredItems, *dict);
+  *result = write->status().ok() ? OperationResult::kSuccess
+                                 : OperationResult::kFailed;
+}
+
+// Encrypts |data| with AES key |encryption_key| and saved it as |item_id|
+// content to the value store |store|. The encrypted data is saved base64
+// encoded.
+void WriteImpl(OperationResult* result,
+               const std::string item_id,
+               const std::vector<char>& data,
+               const std::string& encryption_key,
+               ValueStore* store) {
+  if (!IsItemRegistered(store, item_id)) {
+    *result = OperationResult::kNotFound;
+    return;
+  }
+
+  std::string encrypted;
+  if (!EncryptData(data, encryption_key, &encrypted)) {
+    *result = OperationResult::kInvalidKey;
+    return;
+  }
+  base::Base64Encode(encrypted, &encrypted);
+
+  ValueStore::WriteResult write = store->Set(ValueStore::DEFAULTS, item_id,
+                                             base::Value(std::move(encrypted)));
+
+  *result = write->status().ok() ? OperationResult::kSuccess
+                                 : OperationResult::kFailed;
+}
+
+// Gets content of the data item with ID |item_id| from value store |store|,
+// and decrypts it using |decryption_key|. On success, the decrypted data is
+// returned as |*data| contents. Note that this method expects the encrypted
+// data content in the value store is base64 encoded.
+void ReadImpl(OperationResult* result,
+              std::vector<char>* data,
+              const std::string& item_id,
+              const std::string& decryption_key,
+              ValueStore* store) {
+  if (!IsItemRegistered(store, item_id)) {
+    *result = OperationResult::kNotFound;
+    return;
+  }
+
+  ValueStore::ReadResult read = store->Get(item_id);
+  if (!read->status().ok()) {
+    *result = OperationResult::kNotFound;
+    return;
+  }
+
+  std::unique_ptr<base::Value> item;
+  if (!read->settings().Remove(item_id, &item)) {

[Devlin, 2017/07/12 02:13:40]

Here, too, why remove?

[tbarzic, 2017/07/12 04:02:11]

again, to avoid an extra string copy.

(Though, in this case, something like this might work too; and is probably
easier to parse):
const base::Value* item = nullptr;
if (!read->settings().Get(item_id, &item)) {...}

+    *result = OperationResult::kSuccess;
+    *data = std::vector<char>();
+    return;
+  }
+
+  std::string read_data;
+  if (!item->is_string() ||
+      !base::Base64Decode(item->GetString(), &read_data)) {
+    *result = OperationResult::kFailed;
+    return;
+  }
+
+  *result = DecryptData(read_data, decryption_key, data);
+}
+
+// Unregisters and deletes the item with |item_id| from the |valus_store|.
+void DeleteImpl(OperationResult* result,
+                const std::string& item_id,
+                ValueStore* store) {
+  ValueStore::WriteResult remove =
+      store->Remove(std::vector<std::string>({item_id}));
+  if (!remove->status().ok()) {
+    *result = OperationResult::kFailed;
+    return;
+  }
+
+  ValueStore::ReadResult read = store->Get(kStoreKeyRegisteredItems);
+  if (!read->status().ok()) {
+    *result = OperationResult::kFailed;
+    return;
+  }
+
+  base::DictionaryValue* registered_items = nullptr;
+  if (!read->settings().GetDictionary(kStoreKeyRegisteredItems,
+                                      &registered_items) ||
+      !registered_items->Remove(item_id, nullptr)) {
+    *result = OperationResult::kNotFound;
+    return;
+  }
+
+  ValueStore::WriteResult write = store->Set(
+      ValueStore::DEFAULTS, kStoreKeyRegisteredItems, *registered_items);
+  *result = write->status().ok() ? OperationResult::kSuccess
+                                 : OperationResult::kFailed;
+}
+
+void OnGetRegisteredValues(const DataItem::RegisteredValuesCallback& callback,
+                           std::unique_ptr<OperationResult> result,
+                           std::unique_ptr<base::DictionaryValue> values) {
+  callback.Run(*result, std::move(values));
+}
+
+}  // namespace
+
+// static
+void DataItem::GetRegisteredValuesForExtension(
+    content::BrowserContext* context,
+    ValueStoreCache* value_store_cache,
+    base::SequencedTaskRunner* task_runner,
+    const std::string& extension_id,
+    const RegisteredValuesCallback& callback) {
+  scoped_refptr<const Extension> extension =
+      ExtensionRegistry::Get(context)->GetExtensionById(
+          extension_id, ExtensionRegistry::ENABLED);
+  if (!extension) {
+    callback.Run(OperationResult::kUnknownExtension, nullptr);
+    return;
+  }
+
+  std::unique_ptr<OperationResult> result =
+      base::MakeUnique<OperationResult>(OperationResult::kFailed);
+  OperationResult* result_ptr = result.get();
+  std::unique_ptr<base::DictionaryValue> values =
+      base::MakeUnique<base::DictionaryValue>();
+  base::DictionaryValue* values_ptr = values.get();
+
+  task_runner->PostTaskAndReply(
+      FROM_HERE,
+      base::BindOnce(&ValueStoreCache::RunWithValueStoreForExtension,
+                     base::Unretained(value_store_cache),

[Devlin, 2017/07/12 02:13:40]

Is this unretained guaranteed to be safe?

[tbarzic, 2017/07/12 04:02:10]

Yes, as long as data items in LockScreenItemStorage are not used after
LockScreenItemStorage passes the values storage to file thread to be destroyed -
which is the case here.

+                     base::Bind(&GetRegisteredItems, result_ptr, values_ptr),
+                     extension),
+      base::BindOnce(&OnGetRegisteredValues, callback, std::move(result),
+                     std::move(values)));
+}
+
+// static
+void DataItem::DeleteAllItemsForExtension(
+    content::BrowserContext* context,
+    ValueStoreCache* value_store_cache,
+    base::SequencedTaskRunner* task_runner,
+    const std::string& extension_id,
+    const base::Closure& callback) {
+  task_runner->PostTaskAndReply(
+      FROM_HERE,
+      base::BindOnce(&ValueStoreCache::DeleteStorageSoon,
+                     base::Unretained(value_store_cache), extension_id),
+      callback);
+}
+
+DataItem::DataItem(const std::string& id,
+                   const std::string& extension_id,
+                   content::BrowserContext* context,
+                   ValueStoreCache* value_store_cache,
+                   base::SequencedTaskRunner* task_runner,
+                   const std::string& crypto_key)
+    : id_(id),
+      extension_id_(extension_id),
+      context_(context),
+      value_store_cache_(value_store_cache),
+      task_runner_(task_runner),
+      crypto_key_(crypto_key),
+      weak_ptr_factory_(this) {}
+
+DataItem::~DataItem() = default;
+
+void DataItem::Register(const WriteCallback& callback) {
+  scoped_refptr<const Extension> extension =
+      ExtensionRegistry::Get(context_)->GetExtensionById(
+          extension_id_, ExtensionRegistry::ENABLED);
+  if (!extension) {
+    callback.Run(OperationResult::kUnknownExtension);
+    return;
+  }
+
+  std::unique_ptr<OperationResult> result =
+      base::MakeUnique<OperationResult>(OperationResult::kFailed);
+  OperationResult* result_ptr = result.get();
+
+  task_runner_->PostTaskAndReply(
+      FROM_HERE,
+      base::BindOnce(&ValueStoreCache::RunWithValueStoreForExtension,
+                     base::Unretained(value_store_cache_),
+                     base::Bind(&RegisterItem, result_ptr, id()), extension),
+      base::BindOnce(&DataItem::OnWriteDone, weak_ptr_factory_.GetWeakPtr(),
+                     callback, std::move(result)));
+}
+
+void DataItem::Write(const std::vector<char>& data,
+                     const WriteCallback& callback) {
+  scoped_refptr<const Extension> extension =
+      ExtensionRegistry::Get(context_)->GetExtensionById(
+          extension_id_, ExtensionRegistry::ENABLED);
+  if (!extension) {
+    callback.Run(OperationResult::kUnknownExtension);
+    return;
+  }
+
+  std::unique_ptr<OperationResult> result =
+      base::MakeUnique<OperationResult>(OperationResult::kFailed);
+  OperationResult* result_ptr = result.get();
+
+  task_runner_->PostTaskAndReply(
+      FROM_HERE,
+      base::BindOnce(&ValueStoreCache::RunWithValueStoreForExtension,
+                     base::Unretained(value_store_cache_),
+                     base::Bind(&WriteImpl, result_ptr, id_, data, crypto_key_),
+                     extension),
+      base::BindOnce(&DataItem::OnWriteDone, weak_ptr_factory_.GetWeakPtr(),
+                     callback, std::move(result)));
+}
+
+void DataItem::Read(const ReadCallback& callback) {
+  scoped_refptr<const Extension> extension =
+      ExtensionRegistry::Get(context_)->GetExtensionById(
+          extension_id_, ExtensionRegistry::ENABLED);
+  if (!extension) {
+    callback.Run(OperationResult::kUnknownExtension, nullptr);
+    return;
+  }
+
+  std::unique_ptr<OperationResult> result =
+      base::MakeUnique<OperationResult>(OperationResult::kFailed);
+  OperationResult* result_ptr = result.get();
+
+  std::unique_ptr<std::vector<char>> data =
+      base::MakeUnique<std::vector<char>>();
+  std::vector<char>* data_ptr = data.get();
+
+  task_runner_->PostTaskAndReply(
+      FROM_HERE,
+      base::BindOnce(
+          &ValueStoreCache::RunWithValueStoreForExtension,
+          base::Unretained(value_store_cache_),
+          base::Bind(&ReadImpl, result_ptr, data_ptr, id_, crypto_key_),
+          extension),
+      base::BindOnce(&DataItem::OnReadDone, weak_ptr_factory_.GetWeakPtr(),
+                     callback, std::move(result), std::move(data)));
+}
+
+void DataItem::Delete(const WriteCallback& callback) {
+  scoped_refptr<const Extension> extension =
+      ExtensionRegistry::Get(context_)->GetExtensionById(
+          extension_id_, ExtensionRegistry::ENABLED);
+  if (!extension) {
+    callback.Run(OperationResult::kUnknownExtension);
+    return;
+  }
+  std::unique_ptr<OperationResult> result =
+      base::MakeUnique<OperationResult>(OperationResult::kFailed);
+  OperationResult* result_ptr = result.get();
+
+  task_runner_->PostTaskAndReply(
+      FROM_HERE,
+      base::BindOnce(&ValueStoreCache::RunWithValueStoreForExtension,
+                     base::Unretained(value_store_cache_),
+                     base::Bind(&DeleteImpl, result_ptr, id_), extension),
+      base::BindOnce(&DataItem::OnWriteDone, weak_ptr_factory_.GetWeakPtr(),
+                     callback, std::move(result)));
+}
+
+void DataItem::OnWriteDone(const DataItem::WriteCallback& callback,
+                           std::unique_ptr<OperationResult> success) {
+  callback.Run(*success);
+}
+
+void DataItem::OnReadDone(const DataItem::ReadCallback& callback,
+                          std::unique_ptr<OperationResult> success,
+                          std::unique_ptr<std::vector<char>> data) {
+  callback.Run(*success, std::move(data));
+}
+
+}  // namespace lock_screen_data
+}  // namespace extensions