OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "extensions/browser/api/lock_screen_data/data_item.h" | |
6 | |
7 #include <utility> | |
8 | |
9 #include "base/base64.h" | |
10 #include "base/bind.h" | |
11 #include "base/files/file.h" | |
12 #include "base/files/file_path.h" | |
13 #include "base/files/file_util.h" | |
14 #include "base/location.h" | |
15 #include "base/memory/ptr_util.h" | |
16 #include "base/sequenced_task_runner.h" | |
17 #include "base/task_scheduler/post_task.h" | |
18 #include "base/values.h" | |
19 #include "crypto/encryptor.h" | |
20 #include "crypto/symmetric_key.h" | |
21 #include "extensions/browser/api/lock_screen_data/operation_result.h" | |
22 #include "extensions/browser/api/storage/local_value_store_cache.h" | |
23 #include "extensions/browser/extension_registry.h" | |
24 #include "extensions/browser/value_store/value_store.h" | |
25 | |
26 namespace extensions { | |
27 namespace lock_screen_data { | |
28 | |
29 namespace { | |
30 | |
31 // Key for the dictionary in the value store containing all items registered | |
32 // for the extension. | |
33 const char kStoreKeyRegisteredItems[] = "registered_items"; | |
34 | |
35 constexpr int kAesInitializationVectorLength = 16; | |
36 | |
37 // Encrypts |data| with AES key |raw_key|. Returns whether the encryption was | |
38 // successful, in which case |*result| will be set to the encrypted data. | |
39 bool EncryptData(const std::vector<char> data, | |
40 const std::string& raw_key, | |
41 std::string* result) { | |
42 std::string iv(kAesInitializationVectorLength, ' '); | |
Devlin
2017/07/12 02:13:40
nit: avoid uncommon abbreviations.
tbarzic
2017/07/12 04:02:11
Done.
| |
43 std::unique_ptr<crypto::SymmetricKey> key = | |
44 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key); | |
45 if (!key) | |
46 return false; | |
47 | |
48 crypto::Encryptor encryptor; | |
49 if (!encryptor.Init(key.get(), crypto::Encryptor::CBC, iv)) | |
50 return false; | |
51 | |
52 return encryptor.Encrypt(std::string(data.data(), data.size()), result); | |
53 } | |
54 | |
55 // Decrypts |data| content using AES key |raw_key|. Returns the operation result | |
56 // code. On success, |*result| will be set to the clear-text data. | |
57 OperationResult DecryptData(const std::string& data, | |
58 const std::string& raw_key, | |
59 std::vector<char>* result) { | |
60 std::string iv(kAesInitializationVectorLength, ' '); | |
61 std::unique_ptr<crypto::SymmetricKey> key = | |
62 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key); | |
63 if (!key) | |
64 return OperationResult::kInvalidKey; | |
65 | |
66 crypto::Encryptor encryptor; | |
67 if (!encryptor.Init(key.get(), crypto::Encryptor::CBC, iv)) | |
68 return OperationResult::kInvalidKey; | |
69 | |
70 std::string decrypted; | |
71 if (!encryptor.Decrypt(data, &decrypted)) | |
72 return OperationResult::kWrongKey; | |
73 | |
74 *result = | |
75 std::vector<char>(decrypted.data(), decrypted.data() + decrypted.size()); | |
76 | |
77 return OperationResult::kSuccess; | |
78 } | |
79 | |
80 // Returns whether the value store |store| contains a registered item with ID | |
81 // |item_id|. | |
82 bool IsItemRegistered(ValueStore* store, const std::string& item_id) { | |
83 ValueStore::ReadResult read = store->Get(kStoreKeyRegisteredItems); | |
84 | |
85 const base::DictionaryValue* registered_items = nullptr; | |
86 return read->status().ok() && | |
87 read->settings().GetDictionary(kStoreKeyRegisteredItems, | |
88 ®istered_items) && | |
89 registered_items->HasKey(item_id); | |
90 } | |
91 | |
92 // Gets a dictionary value that contains set of all registered data items from | |
93 // the values store |store|. | |
94 // |result| - the item fetch operation status code. | |
95 // |value| - on success, set to the dictionary containing registered data items. | |
96 // Note that the dictionary will not contain data item content. | |
97 void GetRegisteredItems(OperationResult* result, | |
Devlin
2017/07/12 02:13:40
maybe return the result, to be more consistent wit
tbarzic
2017/07/12 04:02:10
This is a callback invoked by ValueStoreCache::Run
| |
98 base::DictionaryValue* values, | |
99 ValueStore* store) { | |
100 ValueStore::ReadResult read = store->Get(kStoreKeyRegisteredItems); | |
101 | |
102 values->Clear(); | |
103 | |
104 std::unique_ptr<base::Value> registered_items; | |
105 if (!read->status().ok()) { | |
106 *result = OperationResult::kFailed; | |
107 return; | |
108 } | |
109 | |
110 // If the registered items dictionary cannot be found, assume no items have | |
111 // yet been registered, and return empty result. | |
112 if (!read->settings().Remove(kStoreKeyRegisteredItems, ®istered_items)) { | |
Devlin
2017/07/12 02:13:40
Why do we remove the items here?
tbarzic
2017/07/12 04:02:10
To avoid doing an uneeded copy of registered items
| |
113 *result = OperationResult::kSuccess; | |
114 return; | |
115 } | |
116 | |
117 std::unique_ptr<base::DictionaryValue> items_dict = | |
118 base::DictionaryValue::From(std::move(registered_items)); | |
119 | |
120 *result = | |
121 items_dict.get() ? OperationResult::kSuccess : OperationResult::kFailed; | |
122 if (items_dict) | |
123 values->Swap(items_dict.get()); | |
124 } | |
125 | |
126 // Registers a data item with ID |item_id| in value store |store|. | |
127 void RegisterItem(OperationResult* result, | |
Devlin
2017/07/12 02:13:40
ditto, return the result
tbarzic
2017/07/12 04:02:10
same response
| |
128 const std::string& item_id, | |
129 ValueStore* store) { | |
130 ValueStore::ReadResult read = store->Get(kStoreKeyRegisteredItems); | |
131 | |
132 std::unique_ptr<base::Value> registered_items; | |
133 if (!read->status().ok()) { | |
134 *result = OperationResult::kFailed; | |
135 return; | |
136 } | |
137 if (!read->settings().Remove(kStoreKeyRegisteredItems, ®istered_items)) | |
138 registered_items = base::MakeUnique<base::DictionaryValue>(); | |
139 | |
140 std::unique_ptr<base::DictionaryValue> dict = | |
141 base::DictionaryValue::From(std::move(registered_items)); | |
142 if (!dict) { | |
143 *result = OperationResult::kFailed; | |
144 return; | |
145 } | |
146 | |
147 if (dict->HasKey(item_id)) { | |
148 *result = OperationResult::kAlreadyRegistered; | |
149 return; | |
150 } | |
151 | |
152 dict->Set(item_id, base::MakeUnique<base::DictionaryValue>()); | |
Devlin
2017/07/12 02:13:40
why do we set item ids to empty dictionaries?
tbarzic
2017/07/12 04:02:11
We have to set them to something this makes it eas
| |
153 | |
154 ValueStore::WriteResult write = | |
155 store->Set(ValueStore::DEFAULTS, kStoreKeyRegisteredItems, *dict); | |
156 *result = write->status().ok() ? OperationResult::kSuccess | |
157 : OperationResult::kFailed; | |
158 } | |
159 | |
160 // Encrypts |data| with AES key |encryption_key| and saved it as |item_id| | |
161 // content to the value store |store|. The encrypted data is saved base64 | |
162 // encoded. | |
163 void WriteImpl(OperationResult* result, | |
164 const std::string item_id, | |
165 const std::vector<char>& data, | |
166 const std::string& encryption_key, | |
167 ValueStore* store) { | |
168 if (!IsItemRegistered(store, item_id)) { | |
169 *result = OperationResult::kNotFound; | |
170 return; | |
171 } | |
172 | |
173 std::string encrypted; | |
174 if (!EncryptData(data, encryption_key, &encrypted)) { | |
175 *result = OperationResult::kInvalidKey; | |
176 return; | |
177 } | |
178 base::Base64Encode(encrypted, &encrypted); | |
179 | |
180 ValueStore::WriteResult write = store->Set(ValueStore::DEFAULTS, item_id, | |
181 base::Value(std::move(encrypted))); | |
182 | |
183 *result = write->status().ok() ? OperationResult::kSuccess | |
184 : OperationResult::kFailed; | |
185 } | |
186 | |
187 // Gets content of the data item with ID |item_id| from value store |store|, | |
188 // and decrypts it using |decryption_key|. On success, the decrypted data is | |
189 // returned as |*data| contents. Note that this method expects the encrypted | |
190 // data content in the value store is base64 encoded. | |
191 void ReadImpl(OperationResult* result, | |
192 std::vector<char>* data, | |
193 const std::string& item_id, | |
194 const std::string& decryption_key, | |
195 ValueStore* store) { | |
196 if (!IsItemRegistered(store, item_id)) { | |
197 *result = OperationResult::kNotFound; | |
198 return; | |
199 } | |
200 | |
201 ValueStore::ReadResult read = store->Get(item_id); | |
202 if (!read->status().ok()) { | |
203 *result = OperationResult::kNotFound; | |
204 return; | |
205 } | |
206 | |
207 std::unique_ptr<base::Value> item; | |
208 if (!read->settings().Remove(item_id, &item)) { | |
Devlin
2017/07/12 02:13:40
Here, too, why remove?
tbarzic
2017/07/12 04:02:11
again, to avoid an extra string copy.
(Though, in
| |
209 *result = OperationResult::kSuccess; | |
210 *data = std::vector<char>(); | |
211 return; | |
212 } | |
213 | |
214 std::string read_data; | |
215 if (!item->is_string() || | |
216 !base::Base64Decode(item->GetString(), &read_data)) { | |
217 *result = OperationResult::kFailed; | |
218 return; | |
219 } | |
220 | |
221 *result = DecryptData(read_data, decryption_key, data); | |
222 } | |
223 | |
224 // Unregisters and deletes the item with |item_id| from the |valus_store|. | |
225 void DeleteImpl(OperationResult* result, | |
226 const std::string& item_id, | |
227 ValueStore* store) { | |
228 ValueStore::WriteResult remove = | |
229 store->Remove(std::vector<std::string>({item_id})); | |
230 if (!remove->status().ok()) { | |
231 *result = OperationResult::kFailed; | |
232 return; | |
233 } | |
234 | |
235 ValueStore::ReadResult read = store->Get(kStoreKeyRegisteredItems); | |
236 if (!read->status().ok()) { | |
237 *result = OperationResult::kFailed; | |
238 return; | |
239 } | |
240 | |
241 base::DictionaryValue* registered_items = nullptr; | |
242 if (!read->settings().GetDictionary(kStoreKeyRegisteredItems, | |
243 ®istered_items) || | |
244 !registered_items->Remove(item_id, nullptr)) { | |
245 *result = OperationResult::kNotFound; | |
246 return; | |
247 } | |
248 | |
249 ValueStore::WriteResult write = store->Set( | |
250 ValueStore::DEFAULTS, kStoreKeyRegisteredItems, *registered_items); | |
251 *result = write->status().ok() ? OperationResult::kSuccess | |
252 : OperationResult::kFailed; | |
253 } | |
254 | |
255 void OnGetRegisteredValues(const DataItem::RegisteredValuesCallback& callback, | |
256 std::unique_ptr<OperationResult> result, | |
257 std::unique_ptr<base::DictionaryValue> values) { | |
258 callback.Run(*result, std::move(values)); | |
259 } | |
260 | |
261 } // namespace | |
262 | |
263 // static | |
264 void DataItem::GetRegisteredValuesForExtension( | |
265 content::BrowserContext* context, | |
266 ValueStoreCache* value_store_cache, | |
267 base::SequencedTaskRunner* task_runner, | |
268 const std::string& extension_id, | |
269 const RegisteredValuesCallback& callback) { | |
270 scoped_refptr<const Extension> extension = | |
271 ExtensionRegistry::Get(context)->GetExtensionById( | |
272 extension_id, ExtensionRegistry::ENABLED); | |
273 if (!extension) { | |
274 callback.Run(OperationResult::kUnknownExtension, nullptr); | |
275 return; | |
276 } | |
277 | |
278 std::unique_ptr<OperationResult> result = | |
279 base::MakeUnique<OperationResult>(OperationResult::kFailed); | |
280 OperationResult* result_ptr = result.get(); | |
281 std::unique_ptr<base::DictionaryValue> values = | |
282 base::MakeUnique<base::DictionaryValue>(); | |
283 base::DictionaryValue* values_ptr = values.get(); | |
284 | |
285 task_runner->PostTaskAndReply( | |
286 FROM_HERE, | |
287 base::BindOnce(&ValueStoreCache::RunWithValueStoreForExtension, | |
288 base::Unretained(value_store_cache), | |
Devlin
2017/07/12 02:13:40
Is this unretained guaranteed to be safe?
tbarzic
2017/07/12 04:02:10
Yes, as long as data items in LockScreenItemStorag
| |
289 base::Bind(&GetRegisteredItems, result_ptr, values_ptr), | |
290 extension), | |
291 base::BindOnce(&OnGetRegisteredValues, callback, std::move(result), | |
292 std::move(values))); | |
293 } | |
294 | |
295 // static | |
296 void DataItem::DeleteAllItemsForExtension( | |
297 content::BrowserContext* context, | |
298 ValueStoreCache* value_store_cache, | |
299 base::SequencedTaskRunner* task_runner, | |
300 const std::string& extension_id, | |
301 const base::Closure& callback) { | |
302 task_runner->PostTaskAndReply( | |
303 FROM_HERE, | |
304 base::BindOnce(&ValueStoreCache::DeleteStorageSoon, | |
305 base::Unretained(value_store_cache), extension_id), | |
306 callback); | |
307 } | |
308 | |
309 DataItem::DataItem(const std::string& id, | |
310 const std::string& extension_id, | |
311 content::BrowserContext* context, | |
312 ValueStoreCache* value_store_cache, | |
313 base::SequencedTaskRunner* task_runner, | |
314 const std::string& crypto_key) | |
315 : id_(id), | |
316 extension_id_(extension_id), | |
317 context_(context), | |
318 value_store_cache_(value_store_cache), | |
319 task_runner_(task_runner), | |
320 crypto_key_(crypto_key), | |
321 weak_ptr_factory_(this) {} | |
322 | |
323 DataItem::~DataItem() = default; | |
324 | |
325 void DataItem::Register(const WriteCallback& callback) { | |
326 scoped_refptr<const Extension> extension = | |
327 ExtensionRegistry::Get(context_)->GetExtensionById( | |
328 extension_id_, ExtensionRegistry::ENABLED); | |
329 if (!extension) { | |
330 callback.Run(OperationResult::kUnknownExtension); | |
331 return; | |
332 } | |
333 | |
334 std::unique_ptr<OperationResult> result = | |
335 base::MakeUnique<OperationResult>(OperationResult::kFailed); | |
336 OperationResult* result_ptr = result.get(); | |
337 | |
338 task_runner_->PostTaskAndReply( | |
339 FROM_HERE, | |
340 base::BindOnce(&ValueStoreCache::RunWithValueStoreForExtension, | |
341 base::Unretained(value_store_cache_), | |
342 base::Bind(&RegisterItem, result_ptr, id()), extension), | |
343 base::BindOnce(&DataItem::OnWriteDone, weak_ptr_factory_.GetWeakPtr(), | |
344 callback, std::move(result))); | |
345 } | |
346 | |
347 void DataItem::Write(const std::vector<char>& data, | |
348 const WriteCallback& callback) { | |
349 scoped_refptr<const Extension> extension = | |
350 ExtensionRegistry::Get(context_)->GetExtensionById( | |
351 extension_id_, ExtensionRegistry::ENABLED); | |
352 if (!extension) { | |
353 callback.Run(OperationResult::kUnknownExtension); | |
354 return; | |
355 } | |
356 | |
357 std::unique_ptr<OperationResult> result = | |
358 base::MakeUnique<OperationResult>(OperationResult::kFailed); | |
359 OperationResult* result_ptr = result.get(); | |
360 | |
361 task_runner_->PostTaskAndReply( | |
362 FROM_HERE, | |
363 base::BindOnce(&ValueStoreCache::RunWithValueStoreForExtension, | |
364 base::Unretained(value_store_cache_), | |
365 base::Bind(&WriteImpl, result_ptr, id_, data, crypto_key_), | |
366 extension), | |
367 base::BindOnce(&DataItem::OnWriteDone, weak_ptr_factory_.GetWeakPtr(), | |
368 callback, std::move(result))); | |
369 } | |
370 | |
371 void DataItem::Read(const ReadCallback& callback) { | |
372 scoped_refptr<const Extension> extension = | |
373 ExtensionRegistry::Get(context_)->GetExtensionById( | |
374 extension_id_, ExtensionRegistry::ENABLED); | |
375 if (!extension) { | |
376 callback.Run(OperationResult::kUnknownExtension, nullptr); | |
377 return; | |
378 } | |
379 | |
380 std::unique_ptr<OperationResult> result = | |
381 base::MakeUnique<OperationResult>(OperationResult::kFailed); | |
382 OperationResult* result_ptr = result.get(); | |
383 | |
384 std::unique_ptr<std::vector<char>> data = | |
385 base::MakeUnique<std::vector<char>>(); | |
386 std::vector<char>* data_ptr = data.get(); | |
387 | |
388 task_runner_->PostTaskAndReply( | |
389 FROM_HERE, | |
390 base::BindOnce( | |
391 &ValueStoreCache::RunWithValueStoreForExtension, | |
392 base::Unretained(value_store_cache_), | |
393 base::Bind(&ReadImpl, result_ptr, data_ptr, id_, crypto_key_), | |
394 extension), | |
395 base::BindOnce(&DataItem::OnReadDone, weak_ptr_factory_.GetWeakPtr(), | |
396 callback, std::move(result), std::move(data))); | |
397 } | |
398 | |
399 void DataItem::Delete(const WriteCallback& callback) { | |
400 scoped_refptr<const Extension> extension = | |
401 ExtensionRegistry::Get(context_)->GetExtensionById( | |
402 extension_id_, ExtensionRegistry::ENABLED); | |
403 if (!extension) { | |
404 callback.Run(OperationResult::kUnknownExtension); | |
405 return; | |
406 } | |
407 std::unique_ptr<OperationResult> result = | |
408 base::MakeUnique<OperationResult>(OperationResult::kFailed); | |
409 OperationResult* result_ptr = result.get(); | |
410 | |
411 task_runner_->PostTaskAndReply( | |
412 FROM_HERE, | |
413 base::BindOnce(&ValueStoreCache::RunWithValueStoreForExtension, | |
414 base::Unretained(value_store_cache_), | |
415 base::Bind(&DeleteImpl, result_ptr, id_), extension), | |
416 base::BindOnce(&DataItem::OnWriteDone, weak_ptr_factory_.GetWeakPtr(), | |
417 callback, std::move(result))); | |
418 } | |
419 | |
420 void DataItem::OnWriteDone(const DataItem::WriteCallback& callback, | |
421 std::unique_ptr<OperationResult> success) { | |
422 callback.Run(*success); | |
423 } | |
424 | |
425 void DataItem::OnReadDone(const DataItem::ReadCallback& callback, | |
426 std::unique_ptr<OperationResult> success, | |
427 std::unique_ptr<std::vector<char>> data) { | |
428 callback.Run(*success, std::move(data)); | |
429 } | |
430 | |
431 } // namespace lock_screen_data | |
432 } // namespace extensions | |
OLD | NEW |