| Index: chrome/browser/chromeos/platform_keys/platform_keys_service.h
|
| diff --git a/chrome/browser/chromeos/platform_keys/platform_keys_service.h b/chrome/browser/chromeos/platform_keys/platform_keys_service.h
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..e5b12595a310ceba620df2a68b1798fb7d440033
|
| --- /dev/null
|
| +++ b/chrome/browser/chromeos/platform_keys/platform_keys_service.h
|
| @@ -0,0 +1,153 @@
|
| +// Copyright 2014 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_
|
| +#define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_
|
| +
|
| +#include <string>
|
| +
|
| +#include "base/callback_forward.h"
|
| +#include "base/macros.h"
|
| +#include "base/memory/scoped_ptr.h"
|
| +#include "base/memory/weak_ptr.h"
|
| +#include "components/keyed_service/core/keyed_service.h"
|
| +
|
| +namespace content {
|
| +class BrowserContext;
|
| +}
|
| +
|
| +namespace base {
|
| +class ListValue;
|
| +class Value;
|
| +}
|
| +
|
| +namespace extensions {
|
| +class StateStore;
|
| +}
|
| +
|
| +namespace chromeos {
|
| +
|
| +class PlatformKeysService : public KeyedService {
|
| + public:
|
| + // Stores registration information in |state_store|, i.e. for each extension
|
| + // the list of public keys that are valid to be used for signing. Each key can
|
| + // be used for signing at most once.
|
| + // The format written to |state_store| is:
|
| + // kStateStorePlatformKeys maps to a list of strings.
|
| + // Each string is the base64 encoding of the DER representation of a public
|
| + // key's SPKI.
|
| + explicit PlatformKeysService(content::BrowserContext* browser_context,
|
| + extensions::StateStore* state_store);
|
| + virtual ~PlatformKeysService();
|
| +
|
| + // If the generation was successful, |public_key_spki_der| will contain the
|
| + // DER encoding of the SubjectPublicKeyInfo of the generated key and
|
| + // |error_message| will be empty. If it failed, |public_key_spki_der| will be
|
| + // empty and |error_message| contain an error message.
|
| + typedef base::Callback<void(const std::string& public_key_spki_der,
|
| + const std::string& error_message)>
|
| + GenerateKeyCallback;
|
| +
|
| + // Generates a RSA key pair with |modulus_length_bits| and registers the key
|
| + // to allow a single sign operation by the given extension. |token_id| is
|
| + // currently ignored, instead the user token associated with |browser_context|
|
| + // is always used. |callback| will be invoked with the resulting public key or
|
| + // an error.
|
| + // Will only call back during the lifetime of this object.
|
| + void GenerateRSAKey(const std::string& token_id,
|
| + unsigned int modulus_length_bits,
|
| + const std::string& extension_id,
|
| + const GenerateKeyCallback& callback);
|
| +
|
| + // If signing was successful, |signature| will be contain the signature and
|
| + // |error_message| will be empty. If it failed, |signature| will be empty and
|
| + // |error_message| contain an error message.
|
| + typedef base::Callback<void(const std::string& signature,
|
| + const std::string& error_message)> SignCallback;
|
| +
|
| + // Signs |data| with the private key matching |public_key_spki_der|, if that
|
| + // key is stored in the given token and wasn't used for signing before.
|
| + // Unregisters the key so that every future attempt to sign data with this key
|
| + // is rejected. |token_id| is currently ignored, instead the user token
|
| + // associated with |browser_context| is always used. |public_key_spki_der|
|
| + // must be the DER encoding of a SubjectPublicKeyInfo. |callback| will be
|
| + // invoked with the signature or an error message. Currently supports RSA keys
|
| + // only.
|
| + // Will only call back during the lifetime of this object.
|
| + void Sign(const std::string& token_id,
|
| + const std::string& public_key_spki_der,
|
| + const std::string& data,
|
| + const std::string& extension_id,
|
| + const SignCallback& callback);
|
| +
|
| + private:
|
| + typedef base::Callback<void(scoped_ptr<base::ListValue> platform_keys)>
|
| + GetPlatformKeysCallback;
|
| +
|
| + // Registers the given public key as newly generated key, which is allowed to
|
| + // be used for signing for a single time. Afterwards, calls |callback|. If
|
| + // registration was successful, passes |true| otherwise |false| to the
|
| + // callback.
|
| + void RegisterPublicKey(const std::string& extension_id,
|
| + const std::string& public_key_spki_der,
|
| + const base::Callback<void(bool)>& callback);
|
| +
|
| + // Gets the current validity of the given public key by reading StateStore.
|
| + // Invalidates the key if it was found to be valid. Finally, calls |callback|
|
| + // with the old validity.
|
| + void ReadValidityAndInvalidateKey(const std::string& extension_id,
|
| + const std::string& public_key_spki_der,
|
| + const base::Callback<void(bool)>& callback);
|
| +
|
| + // Reads the list of public keys currently registered for |extension_id| from
|
| + // StateStore. Calls |callback| with the read list, or a new empty list if
|
| + // none existed. If an error occurred, calls |callback| with NULL.
|
| + void GetPlatformKeysOfExtension(const std::string& extension_id,
|
| + const GetPlatformKeysCallback& callback);
|
| +
|
| + // Callback used by |GenerateRSAKey|.
|
| + // If the key generation was successful, registers the generated public key
|
| + // for the given extension. If any error occurs during key generation or
|
| + // registration, calls |callback| with an error. Otherwise, on success, calls
|
| + // |callback| with the public key.
|
| + void GenerateRSAKeyCallback(const std::string& extension_id,
|
| + const GenerateKeyCallback& callback,
|
| + const std::string& public_key_spki_der,
|
| + const std::string& error_message);
|
| +
|
| + // Callback used by |RegisterPublicKey|.
|
| + // Updates the old |platform_keys| read from the StateStore and writes the
|
| + // updated value back to the StateStore.
|
| + void RegisterPublicKeyGotPlatformKeys(
|
| + const std::string& extension_id,
|
| + const std::string& public_key_spki_der,
|
| + const base::Callback<void(bool)>& callback,
|
| + scoped_ptr<base::ListValue> platform_keys);
|
| +
|
| + // Callback used by |ReadValidityAndInvalidateKey|.
|
| + // Invalidates the given public key so that future signing is prohibited and
|
| + // calls |callback| with the old validity.
|
| + void InvalidateKey(const std::string& extension_id,
|
| + const std::string& public_key_spki_der,
|
| + const base::Callback<void(bool)>& callback,
|
| + scoped_ptr<base::ListValue> platform_keys);
|
| +
|
| + // Callback used by |GetPlatformKeysOfExtension|.
|
| + // Is called with |value| set to the PlatformKeys value read from the
|
| + // StateStore, which it forwards to |callback|. On error, calls |callback|
|
| + // with NULL; if no value existed, with an empty list.
|
| + void GotPlatformKeysOfExtension(const std::string& extension_id,
|
| + const GetPlatformKeysCallback& callback,
|
| + scoped_ptr<base::Value> value);
|
| +
|
| + content::BrowserContext* browser_context_;
|
| + extensions::StateStore* state_store_;
|
| + base::WeakPtrFactory<PlatformKeysService> weak_factory_;
|
| +
|
| + DISALLOW_COPY_AND_ASSIGN(PlatformKeysService);
|
| +};
|
| +
|
| +} // namespace chromeos
|
| +
|
| +#endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_
|
|
|
Chromium Code Reviews
Issue 323093003:
Add the Sign-At-Most-Once restriction the enterprise.platformKeys API. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src