File: key_permissions_util.cc

package info (click to toggle)
chromium 138.0.7204.183-1~deb12u1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm-proposed-updates
  • size: 6,080,960 kB
  • sloc: cpp: 34,937,079; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,954; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,811; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (100 lines) | stat: -rw-r--r-- 3,196 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome/browser/ash/platform_keys/key_permissions/key_permissions_util.h"

#include <stdint.h>

#include <memory>
#include <string>
#include <utility>
#include <vector>

#include "base/base64.h"
#include "base/values.h"
#include "chrome/common/pref_names.h"
#include "chromeos/ash/components/kcer/key_permissions.pb.h"
#include "components/prefs/pref_service.h"
#include "components/prefs/scoped_user_pref_update.h"

namespace ash::platform_keys::internal {

namespace {
// The profile pref prefs::kPlatformKeys stores a dictionary mapping from
// public key (base64 encoding of an DER-encoded SPKI) to key properties. The
// currently only key property is the key usage, which can either be undefined
// or "corporate". If a key is not present in the pref, the default for the key
// usage is undefined, which in particular means "not for corporate usage".
// E.g. the entry in the profile pref might look like:
// "platform_keys" : {
//   "ABCDEF123" : {
//     "keyUsage" : "corporate"
//   },
//   "abcdef567" : {
//     "keyUsage" : "corporate"
//   }
// }
const char kPrefKeyUsage[] = "keyUsage";
const char kPrefKeyUsageCorporate[] = "corporate";

const base::Value* GetPrefsEntry(const std::string& public_key_spki_der_b64,
                                 const PrefService* const profile_prefs) {
  if (!profile_prefs) {
    return nullptr;
  }

  const base::Value::Dict& platform_keys =
      profile_prefs->GetDict(prefs::kPlatformKeys);

  return platform_keys.Find(public_key_spki_der_b64);
}

}  // namespace

bool IsUserKeyMarkedCorporateInPref(
    const std::vector<uint8_t>& public_key_spki_der,
    PrefService* profile_prefs) {
  const base::Value* prefs_entry =
      GetPrefsEntry(base::Base64Encode(public_key_spki_der), profile_prefs);
  if (prefs_entry) {
    const std::string* key_usage =
        prefs_entry->GetDict().FindString(kPrefKeyUsage);
    if (!key_usage) {
      return false;
    }

    return *key_usage == kPrefKeyUsageCorporate;
  }
  return false;
}

void MarkUserKeyCorporateInPref(const std::vector<uint8_t>& public_key_spki_der,
                                PrefService* profile_prefs) {
  ScopedDictPrefUpdate update(profile_prefs, prefs::kPlatformKeys);

  base::Value::Dict new_pref_entry;
  new_pref_entry.Set(kPrefKeyUsage, kPrefKeyUsageCorporate);

  update->Set(base::Base64Encode(public_key_spki_der),
              std::move(new_pref_entry));
}

// Serializes the KeyPermissions `message` as bytes.
std::vector<uint8_t> KeyPermissionsProtoToBytes(
    const chaps::KeyPermissions& message) {
  std::vector<uint8_t> result;
  result.resize(message.ByteSizeLong());
  message.SerializeToArray(result.data(), result.size());
  return result;
}

// Deserializes the KeyPermissions `message` from `bytes`. Returns true on
// success, false on failure.
[[nodiscard]] bool KeyPermissionsProtoFromBytes(
    const std::vector<uint8_t>& bytes,
    chaps::KeyPermissions& message) {
  return message.ParseFromArray(bytes.data(), bytes.size());
}

}  // namespace ash::platform_keys::internal