Chromium Code Reviews Chromium Code Reviews
Issue 323093003:
Add the Sign-At-Most-Once restriction the enterprise.platformKeys API. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_ | |
| 6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_ | |
| 7 | |
| 8 #include <string> | |
| 9 | |
| 10 #include "base/callback_forward.h" | |
| 11 #include "base/macros.h" | |
| 12 #include "base/memory/scoped_ptr.h" | |
| 13 #include "base/memory/weak_ptr.h" | |
| 14 #include "components/keyed_service/core/keyed_service.h" | |
| 15 | |
| 16 class Profile; | |
| 17 | |
| 18 namespace base { | |
| 19 class ListValue; | |
| 20 class Value; | |
| 21 } | |
| 22 | |
| 23 namespace extensions { | |
| 24 class StateStore; | |
| 25 } | |
| 26 | |
| 27 namespace chromeos { | |
| 28 | |
| 29 class PlatformKeysService : public KeyedService { | |
| 30 public: | |
| 31 // Stores registration information in |state_store|, i.e. for each extension | |
| 32 // the list of public keys that are valid to be used for signing. Each key can | |
| 33 // be used for signing at most once. | |
| 34 // The format written to |state_store| is: | |
| 35 // kStateStorePlatformKeys maps to a list of strings. | |
| 36 // Each string is the base64 encoding of the DER representation of a public | |
| 37 // key's SPKI. | |
| 38 explicit PlatformKeysService(extensions::StateStore* state_store); | |
| 39 virtual ~PlatformKeysService(); | |
| 40 | |
| 41 // If the generation was successful, |public_key_spki_der| will contain the | |
| 42 // DER encoding of the SubjectPublicKeyInfo of the generated key and | |
| 43 // |error_message| will be empty. If it failed, |public_key_spki_der| will be | |
| 44 // empty and |error_message| contain an error message. | |
| 45 typedef base::Callback<void(const std::string& public_key_spki_der, | |
| 46 const std::string& error_message)> | |
| 47 GenerateKeyCallback; | |
| 48 | |
| 49 // Generates a RSA key with |modulus_length| and registers the key to allow a | |
|
eroman
2014/06/12 05:50:45
key --> key pair? also specify whether modulus_len
pneubeck (no reviews)
2014/06/12 09:21:37
Done.
| |
| 50 // single sign operation by the given extension. |token_id| is currently | |
| 51 // ignored, instead the user token associated with |profile| is always used. | |
| 52 // |callback| will be invoked with the resulting public key or an error. | |
| 53 void GenerateRSAKey(const std::string& token_id, | |
| 54 unsigned int modulus_length, | |
| 55 const std::string& extension_id, | |
| 56 const GenerateKeyCallback& callback, | |
| 57 Profile* profile); | |
| 58 | |
| 59 // If signing was successful, |signature| will be contain the signature and | |
| 60 // |error_message| will be empty. If it failed, |signature| will be empty and | |
| 61 // |error_message| contain an error message. | |
| 62 typedef base::Callback<void(const std::string& signature, | |
| 63 const std::string& error_message)> SignCallback; | |
| 64 | |
| 65 // Signs |data| with the private key matching |public_key|, if that key is | |
|
eroman
2014/06/12 05:50:45
why not call public_key -> public_key_spki_der to
pneubeck (no reviews)
2014/06/12 09:21:37
Done.
| |
| 66 // stored in the given token and wasn't used for signing before. Unregisters | |
| 67 // the key so that every future attempt to sign data with this key is | |
| 68 // rejected. |token_id| is currently ignored, instead the user token | |
| 69 // associated with |profile| is always used. |public_key| must be the DER | |
| 70 // encoding of a SubjectPublicKeyInfo. |callback| will be invoked with the | |
| 71 // signature or an error message. Currently supports RSA keys only. | |
| 72 void Sign(const std::string& token_id, | |
| 73 const std::string& public_key, | |
| 74 const std::string& data, | |
| 75 const std::string& extension_id, | |
| 76 const SignCallback& callback, | |
| 77 Profile* profile); | |
| 78 | |
| 79 private: | |
| 80 typedef base::Callback<void(base::WeakPtr<PlatformKeysService> service, | |
| 81 scoped_ptr<base::ListValue> platform_keys)> | |
| 82 GetPlatformKeysCallback; | |
| 83 | |
| 84 // Registers the given public key as newly generated key, which is allowed to | |
| 85 // be used for signing for a single time. Afterwards, calls |callback|. If | |
| 86 // registration was successful, passes |true| otherwise |false| to the | |
| 87 // callback. | |
| 88 void RegisterPublicKey(const std::string& extension_id, | |
| 89 const std::string& public_key_spki_der, | |
| 90 const base::Callback<void(bool)>& callback); | |
| 91 | |
| 92 // Gets the current validity of the given public key by reading StateStore. | |
| 93 // Invalidates the key if it was found to be valid. Finally, calls |callback| | |
| 94 // with the old validity. | |
| 95 void ReadValidityAndInvalidateKey(const std::string& extension_id, | |
| 96 const std::string& public_key_spki_der, | |
| 97 const base::Callback<void(bool)>& callback); | |
| 98 | |
| 99 // Reads the list of public keys currently registered for |extension_id| from | |
| 100 // StateStore. Calls |callback| with the read list, or a new empty list if | |
| 101 // none existed. If an error occurred, calls |callback| with NULL. | |
| 102 void GetPlatformKeysOfExtension(const std::string& extension_id, | |
| 103 const GetPlatformKeysCallback& callback); | |
| 104 | |
| 105 // Callback used by |GenerateRSAKey|. | |
| 106 // If the key generation was successful, registers the generated public key | |
| 107 // for the given extension. If any error occurrs during key generation or | |
|
eroman
2014/06/12 05:50:45
typo: ocurrs -> occurs
pneubeck (no reviews)
2014/06/12 09:21:37
Done.
| |
| 108 // registration, calls |callback| with an error. Otherwise, on success, calls | |
| 109 // |callback| with the public key. | |
| 110 static void GenerateRSAKeyCallback(const std::string& extension_id, | |
| 111 const GenerateKeyCallback& callback, | |
| 112 base::WeakPtr<PlatformKeysService> service, | |
| 113 const std::string& public_key_spki_der, | |
| 114 const std::string& error_message); | |
| 115 | |
| 116 // Callback used by |RegisterPublicKey|. | |
| 117 // Updates the old |platform_keys| read from the StateStore and writes the | |
| 118 // updated value back to the StateStore. | |
| 119 static void RegisterPublicKeyGotPlatformKeys( | |
| 120 const std::string& extension_id, | |
| 121 const std::string& public_key_spki_der, | |
| 122 const base::Callback<void(bool)>& callback, | |
| 123 base::WeakPtr<PlatformKeysService> service, | |
| 124 scoped_ptr<base::ListValue> platform_keys); | |
| 125 | |
| 126 // Callback used by |ReadValidityAndInvalidateKey|. | |
| 127 // Invalidates the given public key so that future signing is prohibited and | |
| 128 // calls |callback| with the old validity. | |
| 129 static void InvalidateKey(const std::string& extension_id, | |
| 130 const std::string& public_key_spki_der, | |
| 131 const base::Callback<void(bool)>& callback, | |
| 132 base::WeakPtr<PlatformKeysService> service, | |
| 133 scoped_ptr<base::ListValue> platform_keys); | |
| 134 | |
| 135 // Callback used by |GetPlatformKeysOfExtension|. | |
| 136 // Is called with |value| set to the PlatformKeys value read from the | |
| 137 // StateStore, which it forwards to |callback|. On error, calls |callback| | |
| 138 // with NULL; if no value existed, with an empty list. | |
| 139 static void GotPlatformKeysOfExtension( | |
| 140 const std::string& extension_id, | |
| 141 base::WeakPtr<PlatformKeysService> service, | |
| 142 const GetPlatformKeysCallback& callback, | |
| 143 scoped_ptr<base::Value> value); | |
| 144 | |
| 145 extensions::StateStore* state_store_; | |
| 146 base::WeakPtrFactory<PlatformKeysService> weak_factory_; | |
| 147 | |
| 148 DISALLOW_COPY_AND_ASSIGN(PlatformKeysService); | |
| 149 }; | |
| 150 | |
| 151 } // namespace chromeos | |
| 152 | |
| 153 #endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_ | |
| OLD | NEW |
