OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROME_BROWSER_CHROMEOS_CERTIFICATE_PROVIDER_CERTIFICATE_PROVIDER_SERVIC
E_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_CERTIFICATE_PROVIDER_CERTIFICATE_PROVIDER_SERVIC
E_H_ |
6 #define CHROME_BROWSER_CHROMEOS_CERTIFICATE_PROVIDER_CERTIFICATE_PROVIDER_SERVIC
E_H_ | 6 #define CHROME_BROWSER_CHROMEOS_CERTIFICATE_PROVIDER_CERTIFICATE_PROVIDER_SERVIC
E_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <map> | 10 #include <map> |
11 #include <memory> | 11 #include <memory> |
12 #include <string> | 12 #include <string> |
13 #include <vector> | 13 #include <vector> |
14 | 14 |
15 #include "base/callback_forward.h" | 15 #include "base/callback_forward.h" |
16 #include "base/macros.h" | 16 #include "base/macros.h" |
17 #include "base/memory/ref_counted.h" | 17 #include "base/memory/ref_counted.h" |
18 #include "base/memory/weak_ptr.h" | 18 #include "base/memory/weak_ptr.h" |
19 #include "base/threading/thread_checker.h" | 19 #include "base/threading/thread_checker.h" |
20 #include "chrome/browser/chromeos/certificate_provider/certificate_info.h" | 20 #include "chrome/browser/chromeos/certificate_provider/certificate_info.h" |
21 #include "chrome/browser/chromeos/certificate_provider/certificate_requests.h" | 21 #include "chrome/browser/chromeos/certificate_provider/certificate_requests.h" |
22 #include "chrome/browser/chromeos/certificate_provider/pin_dialog_manager.h" | 22 #include "chrome/browser/chromeos/certificate_provider/pin_dialog_manager.h" |
23 #include "chrome/browser/chromeos/certificate_provider/sign_requests.h" | 23 #include "chrome/browser/chromeos/certificate_provider/sign_requests.h" |
24 #include "chrome/browser/chromeos/certificate_provider/thread_safe_certificate_m
ap.h" | 24 #include "chrome/browser/chromeos/certificate_provider/thread_safe_certificate_m
ap.h" |
25 #include "components/keyed_service/core/keyed_service.h" | 25 #include "components/keyed_service/core/keyed_service.h" |
26 #include "net/cert/x509_certificate.h" | 26 #include "net/cert/x509_certificate.h" |
| 27 #include "net/ssl/client_cert_identity.h" |
27 #include "net/ssl/ssl_private_key.h" | 28 #include "net/ssl/ssl_private_key.h" |
28 | 29 |
29 namespace chromeos { | 30 namespace chromeos { |
30 | 31 |
31 class CertificateProvider; | 32 class CertificateProvider; |
32 | 33 |
33 // A keyed service that manages registrations of extensions as certificate | 34 // A keyed service that manages registrations of extensions as certificate |
34 // providers. It exposes all certificates that are provided by extensions | 35 // providers. It exposes all certificates that are provided by extensions |
35 // through a |CertificateProvider| object that can be created using | 36 // through a |CertificateProvider| object that can be created using |
36 // |CreateCertificateProvider()|. Private key handles are exposed through | 37 // |CreateCertificateProvider()|. Private key handles are exposed through |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
147 std::unique_ptr<CertificateProvider> CreateCertificateProvider(); | 148 std::unique_ptr<CertificateProvider> CreateCertificateProvider(); |
148 | 149 |
149 // Must be called if extension with id |extension_id| is unloaded and cannot | 150 // Must be called if extension with id |extension_id| is unloaded and cannot |
150 // serve certificates anymore. This should be called everytime the | 151 // serve certificates anymore. This should be called everytime the |
151 // corresponding notification of the ExtensionRegistry is triggered. | 152 // corresponding notification of the ExtensionRegistry is triggered. |
152 void OnExtensionUnloaded(const std::string& extension_id); | 153 void OnExtensionUnloaded(const std::string& extension_id); |
153 | 154 |
154 PinDialogManager* pin_dialog_manager() { return &pin_dialog_manager_; } | 155 PinDialogManager* pin_dialog_manager() { return &pin_dialog_manager_; } |
155 | 156 |
156 private: | 157 private: |
157 class CertKeyProviderImpl; | 158 class ClientCertIdentity; |
158 class CertificateProviderImpl; | 159 class CertificateProviderImpl; |
159 class SSLPrivateKey; | 160 class SSLPrivateKey; |
160 | 161 |
161 // Requests the current list of certificates from every registered extension. | 162 // Requests the current list of certificates from every registered extension. |
162 // Once all extensions replied or a timeout was reached, the internal | 163 // Once all extensions replied or a timeout was reached, the internal |
163 // |extension_to_certificates_| is updated and |callback| is run with the | 164 // |extension_to_certificates_| is updated and |callback| is run with the |
164 // retrieved list of certificates. | 165 // retrieved list of certificates. |
165 void GetCertificatesFromExtensions( | 166 void GetCertificatesFromExtensions( |
166 const base::Callback<void(const net::CertificateList&)>& callback); | 167 const base::Callback<void(net::ClientCertIdentityList)>& callback); |
167 | 168 |
168 // Copies the given certificates into the internal | 169 // Copies the given certificates into the internal |
169 // |extension_to_certificates_|. Any previously stored certificates are | 170 // |extension_to_certificates_|. Any previously stored certificates are |
170 // dropped. Afterwards, passes the list of given certificates to |callback|. | 171 // dropped. Afterwards, passes the list of given certificates to |callback|. |
171 void UpdateCertificatesAndRun( | 172 void UpdateCertificatesAndRun( |
172 const std::map<std::string, CertificateInfoList>& | 173 const std::map<std::string, CertificateInfoList>& |
173 extension_to_certificates, | 174 extension_to_certificates, |
174 const base::Callback<void(const net::CertificateList&)>& callback); | 175 const base::Callback<void(net::ClientCertIdentityList)>& callback); |
175 | 176 |
176 // Terminates the certificate request with id |cert_request_id| by ignoring | 177 // Terminates the certificate request with id |cert_request_id| by ignoring |
177 // pending replies from extensions. Certificates that were already reported | 178 // pending replies from extensions. Certificates that were already reported |
178 // are processed. | 179 // are processed. |
179 void TerminateCertificateRequest(int cert_request_id); | 180 void TerminateCertificateRequest(int cert_request_id); |
180 | 181 |
181 // Requests extension with |extension_id| to sign |digest| with the private | 182 // Requests extension with |extension_id| to sign |digest| with the private |
182 // key certified by |certificate|. |hash| was used to create |digest|. | 183 // key certified by |certificate|. |hash| was used to create |digest|. |
183 // |callback| will be run with the reply of the extension or an error. | 184 // |callback| will be run with the reply of the extension or an error. |
184 void RequestSignatureFromExtension( | 185 void RequestSignatureFromExtension( |
185 const std::string& extension_id, | 186 const std::string& extension_id, |
186 const scoped_refptr<net::X509Certificate>& certificate, | 187 const scoped_refptr<net::X509Certificate>& certificate, |
187 net::SSLPrivateKey::Hash hash, | 188 net::SSLPrivateKey::Hash hash, |
188 const std::string& digest, | 189 const std::string& digest, |
189 const net::SSLPrivateKey::SignCallback& callback); | 190 const net::SSLPrivateKey::SignCallback& callback); |
190 | 191 |
191 std::unique_ptr<Delegate> delegate_; | 192 std::unique_ptr<Delegate> delegate_; |
192 | 193 |
193 // An instance of net::ClientKeyStore::CertKeyProvider that is registered at | |
194 // the net::ClientKeyStore singleton. | |
195 std::unique_ptr<CertKeyProviderImpl> cert_key_provider_; | |
196 | |
197 // The object to manage the dialog displayed when requestPin is called by the | 194 // The object to manage the dialog displayed when requestPin is called by the |
198 // extension. | 195 // extension. |
199 PinDialogManager pin_dialog_manager_; | 196 PinDialogManager pin_dialog_manager_; |
200 | 197 |
201 // State about all pending sign requests. | 198 // State about all pending sign requests. |
202 certificate_provider::SignRequests sign_requests_; | 199 certificate_provider::SignRequests sign_requests_; |
203 | 200 |
204 // Contains all pending certificate requests. | 201 // Contains all pending certificate requests. |
205 certificate_provider::CertificateRequests certificate_requests_; | 202 certificate_provider::CertificateRequests certificate_requests_; |
206 | 203 |
207 // Contains all certificates that the extensions returned during the lifetime | 204 // Contains all certificates that the extensions returned during the lifetime |
208 // of this service. Each certificate is associated with the extension that | 205 // of this service. Each certificate is associated with the extension that |
209 // reported the certificate in response to the most recent certificate | 206 // reported the certificate in response to the most recent certificate |
210 // request. If a certificate was reported previously but in the most recent | 207 // request. If a certificate was reported previously but in the most recent |
211 // responses, it is still cached but not loses it's association with any | 208 // responses, it is still cached but not loses it's association with any |
212 // extension. This ensures that a certificate can't magically appear as | 209 // extension. This ensures that a certificate can't magically appear as |
213 // platform certificate (e.g. in the client certificate selection dialog) | 210 // platform certificate (e.g. in the client certificate selection dialog) |
214 // after an extension doesn't report it anymore. | 211 // after an extension doesn't report it anymore. |
215 certificate_provider::ThreadSafeCertificateMap certificate_map_; | 212 certificate_provider::ThreadSafeCertificateMap certificate_map_; |
216 | 213 |
217 base::ThreadChecker thread_checker_; | 214 base::ThreadChecker thread_checker_; |
218 base::WeakPtrFactory<CertificateProviderService> weak_factory_; | 215 base::WeakPtrFactory<CertificateProviderService> weak_factory_; |
219 | 216 |
220 DISALLOW_COPY_AND_ASSIGN(CertificateProviderService); | 217 DISALLOW_COPY_AND_ASSIGN(CertificateProviderService); |
221 }; | 218 }; |
222 | 219 |
223 } // namespace chromeos | 220 } // namespace chromeos |
224 | 221 |
225 #endif // CHROME_BROWSER_CHROMEOS_CERTIFICATE_PROVIDER_CERTIFICATE_PROVIDER_SER
VICE_H_ | 222 #endif // CHROME_BROWSER_CHROMEOS_CERTIFICATE_PROVIDER_CERTIFICATE_PROVIDER_SER
VICE_H_ |
OLD | NEW |