Add the Sign-At-Most-Once restriction the enterprise.platformKeys API.

chrome/browser/chromeos/platform_keys/platform_keys_service.h

Index: chrome/browser/chromeos/platform_keys/platform_keys_service.h
diff --git a/chrome/browser/chromeos/platform_keys/platform_keys_service.h b/chrome/browser/chromeos/platform_keys/platform_keys_service.h
new file mode 100644
index 0000000000000000000000000000000000000000..6f7496f9c3d1cfb85b380b2d11f4d9a1c6cde0f0
--- /dev/null
+++ b/chrome/browser/chromeos/platform_keys/platform_keys_service.h
@@ -0,0 +1,154 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_
+#define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_
+
+#include <string>
+
+#include "base/callback_forward.h"
+#include "base/macros.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/memory/weak_ptr.h"
+#include "components/keyed_service/core/keyed_service.h"
+
+class Profile;
+
+namespace base {
+class ListValue;
+class Value;
+}
+
+namespace extensions {
+class StateStore;
+}
+
+namespace chromeos {
+
+class PlatformKeysService : public KeyedService {
+ public:
+  // Stores registration information in |state_store|, i.e. for each extension
+  // the list of public keys that are valid to be used for signing. Each key can
+  // be used for signing at most once.
+  // The format written to |state_store| is:
+  //   kStateStorePlatformKeys maps to a list of strings.
+  //   Each string is the base64 encoding of the DER representation of a public
+  //   key's SPKI.
+  explicit PlatformKeysService(extensions::StateStore* state_store);
+  virtual ~PlatformKeysService();
+
+  // If the generation was successful, |public_key_spki_der| will contain the
+  // DER encoding of the SubjectPublicKeyInfo of the generated key and
+  // |error_message| will be empty. If it failed, |public_key_spki_der| will be
+  // empty and |error_message| contain an error message.
+  typedef base::Callback<void(const std::string& public_key_spki_der,
+                              const std::string& error_message)>
+      GenerateKeyCallback;
+
+  // Generates a RSA key pair with |modulus_length_bits| and registers the key
+  // to allow a single sign operation by the given extension. |token_id| is
+  // currently ignored, instead the user token associated with |profile| is
+  // always used. |callback| will be invoked with the resulting public key or an
+  // error.
+  void GenerateRSAKey(const std::string& token_id,
+                      unsigned int modulus_length_bits,
+                      const std::string& extension_id,
+                      const GenerateKeyCallback& callback,
+                      Profile* profile);

[not at google - send to devlin, 2014/06/15 18:27:06]

It's odd to me that several of these methods take a Profile as an argument when
ostensibly this class is bound to a BrowserContext (at least, implicitly via its
dependence on the per-BrowserContext StateStore).

(by the way: the interface implies they need a Profile but do they really? can
they make do with a BrowserContext?)

[pneubeck (no reviews), 2014/06/16 09:11:12]

Yeah, I realized that Profile isn't required, too. Landing a CL to fix that.

Storing the BrowserContext* and removing the argument.

+
+  // If signing was successful, |signature| will be contain the signature and
+  // |error_message| will be empty. If it failed, |signature| will be empty and
+  // |error_message| contain an error message.
+  typedef base::Callback<void(const std::string& signature,
+                              const std::string& error_message)> SignCallback;
+
+  // Signs |data| with the private key matching |public_key_spki_der|, if that
+  // key is stored in the given token and wasn't used for signing before.
+  // Unregisters the key so that every future attempt to sign data with this key
+  // is rejected. |token_id| is currently ignored, instead the user token
+  // associated with |profile| is always used. |public_key_spki_der| must be the
+  // DER encoding of a SubjectPublicKeyInfo. |callback| will be invoked with the
+  // signature or an error message. Currently supports RSA keys only.
+  void Sign(const std::string& token_id,
+            const std::string& public_key_spki_der,
+            const std::string& data,
+            const std::string& extension_id,
+            const SignCallback& callback,
+            Profile* profile);
+
+ private:
+  typedef base::Callback<void(base::WeakPtr<PlatformKeysService> service,
+                              scoped_ptr<base::ListValue> platform_keys)>
+      GetPlatformKeysCallback;
+
+  // Registers the given public key as newly generated key, which is allowed to
+  // be used for signing for a single time. Afterwards, calls |callback|. If
+  // registration was successful, passes |true| otherwise |false| to the
+  // callback.
+  void RegisterPublicKey(const std::string& extension_id,
+                         const std::string& public_key_spki_der,
+                         const base::Callback<void(bool)>& callback);
+
+  // Gets the current validity of the given public key by reading StateStore.
+  // Invalidates the key if it was found to be valid. Finally, calls |callback|
+  // with the old validity.
+  void ReadValidityAndInvalidateKey(const std::string& extension_id,
+                                    const std::string& public_key_spki_der,
+                                    const base::Callback<void(bool)>& callback);
+
+  // Reads the list of public keys currently registered for |extension_id| from
+  // StateStore. Calls |callback| with the read list, or a new empty list if
+  // none existed. If an error occurred, calls |callback| with NULL.
+  void GetPlatformKeysOfExtension(const std::string& extension_id,
+                                  const GetPlatformKeysCallback& callback);
+
+  // Callback used by |GenerateRSAKey|.
+  // If the key generation was successful, registers the generated public key
+  // for the given extension. If any error occurs during key generation or
+  // registration, calls |callback| with an error. Otherwise, on success, calls
+  // |callback| with the public key.
+  static void GenerateRSAKeyCallback(const std::string& extension_id,

[not at google - send to devlin, 2014/06/15 18:27:07]

can these static-private methods just be in an anonymous namespace within
platform_keys_service.cc?

[pneubeck (no reviews), 2014/06/16 09:11:12]

They're all calling back to the PlatformKeysService (using the provided
weakptr).
As it should be fine to just drop callbacks when the service is destroyed, I
dropped the explicit WeakPtr argument and made the non-static.

+                                     const GenerateKeyCallback& callback,
+                                     base::WeakPtr<PlatformKeysService> service,
+                                     const std::string& public_key_spki_der,
+                                     const std::string& error_message);
+
+  // Callback used by |RegisterPublicKey|.
+  // Updates the old |platform_keys| read from the StateStore and writes the
+  // updated value back to the StateStore.
+  static void RegisterPublicKeyGotPlatformKeys(
+      const std::string& extension_id,
+      const std::string& public_key_spki_der,
+      const base::Callback<void(bool)>& callback,
+      base::WeakPtr<PlatformKeysService> service,
+      scoped_ptr<base::ListValue> platform_keys);
+
+  // Callback used by |ReadValidityAndInvalidateKey|.
+  // Invalidates the given public key so that future signing is prohibited and
+  // calls |callback| with the old validity.
+  static void InvalidateKey(const std::string& extension_id,
+                            const std::string& public_key_spki_der,
+                            const base::Callback<void(bool)>& callback,
+                            base::WeakPtr<PlatformKeysService> service,
+                            scoped_ptr<base::ListValue> platform_keys);
+
+  // Callback used by |GetPlatformKeysOfExtension|.
+  // Is called with |value| set to the PlatformKeys value read from the
+  // StateStore, which it forwards to |callback|. On error, calls |callback|
+  // with NULL; if no value existed, with an empty list.
+  static void GotPlatformKeysOfExtension(
+      const std::string& extension_id,
+      base::WeakPtr<PlatformKeysService> service,
+      const GetPlatformKeysCallback& callback,
+      scoped_ptr<base::Value> value);
+
+  extensions::StateStore* state_store_;
+  base::WeakPtrFactory<PlatformKeysService> weak_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(PlatformKeysService);
+};
+
+}  // namespace chromeos
+
+#endif  // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_