First implementation of chrome.platformKeys.

chrome/browser/chromeos/platform_keys/platform_keys_service.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_
 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_
 
 #include <string>
+#include <vector>
 
 #include "base/callback_forward.h"
 #include "base/macros.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "chrome/browser/chromeos/platform_keys/platform_keys.h"
 #include "components/keyed_service/core/keyed_service.h"
 
 namespace content {
 class BrowserContext;
 }
 
 namespace base {
 class ListValue;
 class Value;
 }
 
 namespace extensions {
 class StateStore;
 }
 
+namespace net {
+class X509Certificate;
+typedef std::vector<scoped_refptr<X509Certificate>> CertificateList;
+}
+
 namespace chromeos {
 
 class PlatformKeysService : public KeyedService {
  public:
   // Stores registration information in |state_store|, i.e. for each extension
   // the list of public keys that are valid to be used for signing. Each key can
   // be used for signing at most once.
   // The format written to |state_store| is:
   //   kStateStorePlatformKeys maps to a list of strings.
   //   Each string is the base64 encoding of the DER representation of a public
   //   key's SPKI.
   explicit PlatformKeysService(content::BrowserContext* browser_context,
                                extensions::StateStore* state_store);
   ~PlatformKeysService() override;
 
+  // Disables the checks whether an extension is allowed to read client
+  // certificates.
+  // TODO(pneubeck): Remove this once a permissions are implemented.
+  void DisablePermissionCheckForTesting();
+
   // If the generation was successful, |public_key_spki_der| will contain the
   // DER encoding of the SubjectPublicKeyInfo of the generated key and
   // |error_message| will be empty. If it failed, |public_key_spki_der| will be
   // empty and |error_message| contain an error message.
   typedef base::Callback<void(const std::string& public_key_spki_der,
                               const std::string& error_message)>
       GenerateKeyCallback;
 
   // Generates a RSA key pair with |modulus_length_bits| and registers the key
   // to allow a single sign operation by the given extension. |token_id| is
@@ skipping 22 matching lines @@
   // invoked with the signature or an error message. Currently supports RSA keys
   // only.
   // Will only call back during the lifetime of this object.
   void Sign(const std::string& token_id,
             const std::string& public_key_spki_der,
             platform_keys::HashAlgorithm hash_algorithm,
             const std::string& data,
             const std::string& extension_id,
             const SignCallback& callback);
 
+  // If the certificate request could be processed successfully, |matches| will
+  // contain the list of matching certificates (maybe empty) and |error_message|
+  // will be empty. If an error occurred, |matches| will be null and
+  // |error_message| contain an error message.
+  typedef base::Callback<void(scoped_ptr<net::CertificateList> matches,
+                              const std::string& error_message)>
+      SelectCertificatesCallback;
+
+  // Returns the list of all certificates that match |request|. |callback| will
+  // be invoked with these matches or an error message.
+  // Will only call back during the lifetime of this object.
+  // TODO(pneubeck): Add the interactive option and integrate the select
+  // certificate dialog.
+  void SelectClientCertificates(
+      const platform_keys::ClientCertificateRequest& request,
+      const std::string& extension_id,
+      const SelectCertificatesCallback& callback);
+
  private:
   using GetPlatformKeysCallback =
       base::Callback<void(scoped_ptr<base::ListValue> platform_keys)>;
 
   // Registers the given public key as newly generated key, which is allowed to
   // be used for signing for a single time. Afterwards, calls |callback|. If
   // registration was successful, passes |true| otherwise |false| to the
   // callback.
   void RegisterPublicKey(const std::string& extension_id,
                          const std::string& public_key_spki_der,
@@ skipping 20 matching lines @@
   // Callback used by |GenerateRSAKey|.
   // If the key generation was successful, registers the generated public key
   // for the given extension. If any error occurs during key generation or
   // registration, calls |callback| with an error. Otherwise, on success, calls
   // |callback| with the public key.
   void GenerateRSAKeyCallback(const std::string& extension_id,
                               const GenerateKeyCallback& callback,
                               const std::string& public_key_spki_der,
                               const std::string& error_message);
 
+  // Calback used by |SelectClientCertificates|.
+  // If the certificate request could be processed successfully, |matches| will
+  // contain the list of matching certificates (maybe empty) and |error_message|
+  // will be empty. If an error occurred, |matches| will be null and
+  // |error_message| contain an error message.
+  void SelectClientCertificatesCallback(
+      const std::string& extension_id,
+      const SelectCertificatesCallback& callback,
+      scoped_ptr<net::CertificateList> matches,
+      const std::string& error_message);
+
   // Callback used by |RegisterPublicKey|.
   // Updates the old |platform_keys| read from the StateStore and writes the
   // updated value back to the StateStore.
   void RegisterPublicKeyGotPlatformKeys(
       const std::string& extension_id,
       const std::string& public_key_spki_der,
       const base::Closure& callback,
       scoped_ptr<base::ListValue> platform_keys);
 
   // Callback used by |ReadValidityAndInvalidateKey|.
   // Invalidates the given public key so that future signing is prohibited and
   // calls |callback| with the old validity.
   void InvalidateKey(const std::string& extension_id,
                      const std::string& public_key_spki_der,
                      const base::Callback<void(bool)>& callback,
                      scoped_ptr<base::ListValue> platform_keys);
 
   // Callback used by |GetPlatformKeysOfExtension|.
   // Is called with |value| set to the PlatformKeys value read from the
   // StateStore, which it forwards to |callback|. On error, calls |callback|
   // with NULL; if no value existed, with an empty list.
   void GotPlatformKeysOfExtension(const std::string& extension_id,
                                   const GetPlatformKeysCallback& callback,
                                   scoped_ptr<base::Value> value);
 
   content::BrowserContext* browser_context_;
   extensions::StateStore* state_store_;
+  bool permission_check_enabled_ = true;
   base::WeakPtrFactory<PlatformKeysService> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(PlatformKeysService);
 };
 
 }  // namespace chromeos
 
 #endif  // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_