1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
|
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_
#define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_
#include <string>
#include "base/callback_forward.h"
#include "base/macros.h"
#include "base/memory/scoped_ptr.h"
#include "base/memory/weak_ptr.h"
#include "chrome/browser/chromeos/platform_keys/platform_keys.h"
#include "components/keyed_service/core/keyed_service.h"
namespace content {
class BrowserContext;
}
namespace base {
class ListValue;
class Value;
}
namespace extensions {
class StateStore;
}
namespace chromeos {
class PlatformKeysService : public KeyedService {
public:
// Stores registration information in |state_store|, i.e. for each extension
// the list of public keys that are valid to be used for signing. Each key can
// be used for signing at most once.
// The format written to |state_store| is:
// kStateStorePlatformKeys maps to a list of strings.
// Each string is the base64 encoding of the DER representation of a public
// key's SPKI.
explicit PlatformKeysService(content::BrowserContext* browser_context,
extensions::StateStore* state_store);
virtual ~PlatformKeysService();
// If the generation was successful, |public_key_spki_der| will contain the
// DER encoding of the SubjectPublicKeyInfo of the generated key and
// |error_message| will be empty. If it failed, |public_key_spki_der| will be
// empty and |error_message| contain an error message.
typedef base::Callback<void(const std::string& public_key_spki_der,
const std::string& error_message)>
GenerateKeyCallback;
// Generates a RSA key pair with |modulus_length_bits| and registers the key
// to allow a single sign operation by the given extension. |token_id| is
// currently ignored, instead the user token associated with |browser_context|
// is always used. |callback| will be invoked with the resulting public key or
// an error.
// Will only call back during the lifetime of this object.
void GenerateRSAKey(const std::string& token_id,
unsigned int modulus_length_bits,
const std::string& extension_id,
const GenerateKeyCallback& callback);
// If signing was successful, |signature| will be contain the signature and
// |error_message| will be empty. If it failed, |signature| will be empty and
// |error_message| contain an error message.
typedef base::Callback<void(const std::string& signature,
const std::string& error_message)> SignCallback;
// Digests |data| with |hash_algorithm| and afterwards signs the digest with
// the private key matching |public_key_spki_der|, if that key is stored in
// the given token and wasn't used for signing before.
// Unregisters the key so that every future attempt to sign data with this key
// is rejected. |token_id| is currently ignored, instead the user token
// associated with |browser_context| is always used. |public_key_spki_der|
// must be the DER encoding of a SubjectPublicKeyInfo. |callback| will be
// invoked with the signature or an error message. Currently supports RSA keys
// only.
// Will only call back during the lifetime of this object.
void Sign(const std::string& token_id,
const std::string& public_key_spki_der,
platform_keys::HashAlgorithm hash_algorithm,
const std::string& data,
const std::string& extension_id,
const SignCallback& callback);
private:
typedef base::Callback<void(scoped_ptr<base::ListValue> platform_keys)>
GetPlatformKeysCallback;
// Registers the given public key as newly generated key, which is allowed to
// be used for signing for a single time. Afterwards, calls |callback|. If
// registration was successful, passes |true| otherwise |false| to the
// callback.
void RegisterPublicKey(const std::string& extension_id,
const std::string& public_key_spki_der,
const base::Callback<void(bool)>& callback);
// Gets the current validity of the given public key by reading StateStore.
// Invalidates the key if it was found to be valid. Finally, calls |callback|
// with the old validity.
void ReadValidityAndInvalidateKey(const std::string& extension_id,
const std::string& public_key_spki_der,
const base::Callback<void(bool)>& callback);
// Reads the list of public keys currently registered for |extension_id| from
// StateStore. Calls |callback| with the read list, or a new empty list if
// none existed. If an error occurred, calls |callback| with NULL.
void GetPlatformKeysOfExtension(const std::string& extension_id,
const GetPlatformKeysCallback& callback);
// Callback used by |GenerateRSAKey|.
// If the key generation was successful, registers the generated public key
// for the given extension. If any error occurs during key generation or
// registration, calls |callback| with an error. Otherwise, on success, calls
// |callback| with the public key.
void GenerateRSAKeyCallback(const std::string& extension_id,
const GenerateKeyCallback& callback,
const std::string& public_key_spki_der,
const std::string& error_message);
// Callback used by |RegisterPublicKey|.
// Updates the old |platform_keys| read from the StateStore and writes the
// updated value back to the StateStore.
void RegisterPublicKeyGotPlatformKeys(
const std::string& extension_id,
const std::string& public_key_spki_der,
const base::Callback<void(bool)>& callback,
scoped_ptr<base::ListValue> platform_keys);
// Callback used by |ReadValidityAndInvalidateKey|.
// Invalidates the given public key so that future signing is prohibited and
// calls |callback| with the old validity.
void InvalidateKey(const std::string& extension_id,
const std::string& public_key_spki_der,
const base::Callback<void(bool)>& callback,
scoped_ptr<base::ListValue> platform_keys);
// Callback used by |GetPlatformKeysOfExtension|.
// Is called with |value| set to the PlatformKeys value read from the
// StateStore, which it forwards to |callback|. On error, calls |callback|
// with NULL; if no value existed, with an empty list.
void GotPlatformKeysOfExtension(const std::string& extension_id,
const GetPlatformKeysCallback& callback,
scoped_ptr<base::Value> value);
content::BrowserContext* browser_context_;
extensions::StateStore* state_store_;
base::WeakPtrFactory<PlatformKeysService> weak_factory_;
DISALLOW_COPY_AND_ASSIGN(PlatformKeysService);
};
} // namespace chromeos
#endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_
|
