| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_ |
| 7 |
| 8 #include <string> |
| 9 |
| 10 #include "base/callback_forward.h" |
| 11 #include "base/macros.h" |
| 12 #include "base/memory/scoped_ptr.h" |
| 13 #include "base/memory/weak_ptr.h" |
| 14 #include "components/keyed_service/core/keyed_service.h" |
| 15 |
| 16 namespace content { |
| 17 class BrowserContext; |
| 18 } |
| 19 |
| 20 namespace base { |
| 21 class ListValue; |
| 22 class Value; |
| 23 } |
| 24 |
| 25 namespace extensions { |
| 26 class StateStore; |
| 27 } |
| 28 |
| 29 namespace chromeos { |
| 30 |
| 31 class PlatformKeysService : public KeyedService { |
| 32 public: |
| 33 // Stores registration information in |state_store|, i.e. for each extension |
| 34 // the list of public keys that are valid to be used for signing. Each key can |
| 35 // be used for signing at most once. |
| 36 // The format written to |state_store| is: |
| 37 // kStateStorePlatformKeys maps to a list of strings. |
| 38 // Each string is the base64 encoding of the DER representation of a public |
| 39 // key's SPKI. |
| 40 explicit PlatformKeysService(content::BrowserContext* browser_context, |
| 41 extensions::StateStore* state_store); |
| 42 virtual ~PlatformKeysService(); |
| 43 |
| 44 // If the generation was successful, |public_key_spki_der| will contain the |
| 45 // DER encoding of the SubjectPublicKeyInfo of the generated key and |
| 46 // |error_message| will be empty. If it failed, |public_key_spki_der| will be |
| 47 // empty and |error_message| contain an error message. |
| 48 typedef base::Callback<void(const std::string& public_key_spki_der, |
| 49 const std::string& error_message)> |
| 50 GenerateKeyCallback; |
| 51 |
| 52 // Generates a RSA key pair with |modulus_length_bits| and registers the key |
| 53 // to allow a single sign operation by the given extension. |token_id| is |
| 54 // currently ignored, instead the user token associated with |browser_context| |
| 55 // is always used. |callback| will be invoked with the resulting public key or |
| 56 // an error. |
| 57 // Will only call back during the lifetime of this object. |
| 58 void GenerateRSAKey(const std::string& token_id, |
| 59 unsigned int modulus_length_bits, |
| 60 const std::string& extension_id, |
| 61 const GenerateKeyCallback& callback); |
| 62 |
| 63 // If signing was successful, |signature| will be contain the signature and |
| 64 // |error_message| will be empty. If it failed, |signature| will be empty and |
| 65 // |error_message| contain an error message. |
| 66 typedef base::Callback<void(const std::string& signature, |
| 67 const std::string& error_message)> SignCallback; |
| 68 |
| 69 // Signs |data| with the private key matching |public_key_spki_der|, if that |
| 70 // key is stored in the given token and wasn't used for signing before. |
| 71 // Unregisters the key so that every future attempt to sign data with this key |
| 72 // is rejected. |token_id| is currently ignored, instead the user token |
| 73 // associated with |browser_context| is always used. |public_key_spki_der| |
| 74 // must be the DER encoding of a SubjectPublicKeyInfo. |callback| will be |
| 75 // invoked with the signature or an error message. Currently supports RSA keys |
| 76 // only. |
| 77 // Will only call back during the lifetime of this object. |
| 78 void Sign(const std::string& token_id, |
| 79 const std::string& public_key_spki_der, |
| 80 const std::string& data, |
| 81 const std::string& extension_id, |
| 82 const SignCallback& callback); |
| 83 |
| 84 private: |
| 85 typedef base::Callback<void(scoped_ptr<base::ListValue> platform_keys)> |
| 86 GetPlatformKeysCallback; |
| 87 |
| 88 // Registers the given public key as newly generated key, which is allowed to |
| 89 // be used for signing for a single time. Afterwards, calls |callback|. If |
| 90 // registration was successful, passes |true| otherwise |false| to the |
| 91 // callback. |
| 92 void RegisterPublicKey(const std::string& extension_id, |
| 93 const std::string& public_key_spki_der, |
| 94 const base::Callback<void(bool)>& callback); |
| 95 |
| 96 // Gets the current validity of the given public key by reading StateStore. |
| 97 // Invalidates the key if it was found to be valid. Finally, calls |callback| |
| 98 // with the old validity. |
| 99 void ReadValidityAndInvalidateKey(const std::string& extension_id, |
| 100 const std::string& public_key_spki_der, |
| 101 const base::Callback<void(bool)>& callback); |
| 102 |
| 103 // Reads the list of public keys currently registered for |extension_id| from |
| 104 // StateStore. Calls |callback| with the read list, or a new empty list if |
| 105 // none existed. If an error occurred, calls |callback| with NULL. |
| 106 void GetPlatformKeysOfExtension(const std::string& extension_id, |
| 107 const GetPlatformKeysCallback& callback); |
| 108 |
| 109 // Callback used by |GenerateRSAKey|. |
| 110 // If the key generation was successful, registers the generated public key |
| 111 // for the given extension. If any error occurs during key generation or |
| 112 // registration, calls |callback| with an error. Otherwise, on success, calls |
| 113 // |callback| with the public key. |
| 114 void GenerateRSAKeyCallback(const std::string& extension_id, |
| 115 const GenerateKeyCallback& callback, |
| 116 const std::string& public_key_spki_der, |
| 117 const std::string& error_message); |
| 118 |
| 119 // Callback used by |RegisterPublicKey|. |
| 120 // Updates the old |platform_keys| read from the StateStore and writes the |
| 121 // updated value back to the StateStore. |
| 122 void RegisterPublicKeyGotPlatformKeys( |
| 123 const std::string& extension_id, |
| 124 const std::string& public_key_spki_der, |
| 125 const base::Callback<void(bool)>& callback, |
| 126 scoped_ptr<base::ListValue> platform_keys); |
| 127 |
| 128 // Callback used by |ReadValidityAndInvalidateKey|. |
| 129 // Invalidates the given public key so that future signing is prohibited and |
| 130 // calls |callback| with the old validity. |
| 131 void InvalidateKey(const std::string& extension_id, |
| 132 const std::string& public_key_spki_der, |
| 133 const base::Callback<void(bool)>& callback, |
| 134 scoped_ptr<base::ListValue> platform_keys); |
| 135 |
| 136 // Callback used by |GetPlatformKeysOfExtension|. |
| 137 // Is called with |value| set to the PlatformKeys value read from the |
| 138 // StateStore, which it forwards to |callback|. On error, calls |callback| |
| 139 // with NULL; if no value existed, with an empty list. |
| 140 void GotPlatformKeysOfExtension(const std::string& extension_id, |
| 141 const GetPlatformKeysCallback& callback, |
| 142 scoped_ptr<base::Value> value); |
| 143 |
| 144 content::BrowserContext* browser_context_; |
| 145 extensions::StateStore* state_store_; |
| 146 base::WeakPtrFactory<PlatformKeysService> weak_factory_; |
| 147 |
| 148 DISALLOW_COPY_AND_ASSIGN(PlatformKeysService); |
| 149 }; |
| 150 |
| 151 } // namespace chromeos |
| 152 |
| 153 #endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 323093003:
Add the Sign-At-Most-Once restriction the enterprise.platformKeys API. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src