File: signature_provider.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (118 lines) | stat: -rw-r--r-- 4,129 bytes parent folder | download | duplicates (9) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
 
// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef COMPONENTS_POLICY_TEST_SUPPORT_SIGNATURE_PROVIDER_H_
#define COMPONENTS_POLICY_TEST_SUPPORT_SIGNATURE_PROVIDER_H_

#include <map>
#include <memory>
#include <string>
#include <vector>

#include "components/policy/proto/device_management_backend.pb.h"

namespace crypto {
class RSAPrivateKey;
}  // namespace crypto

namespace em = enterprise_management;

namespace policy {

// Provides access to predefined test signing keys and allows for data signing
// using those keys. Keys are indexed and retrieved by 1-based key versions.
class SignatureProvider {
 public:
  // Provides access to a predefined test signing key.
  class SigningKey {
   public:
    SigningKey(std::unique_ptr<crypto::RSAPrivateKey> private_key,
               const std::map<std::string, std::string>& signatures);
    SigningKey(SigningKey&& signing_key);
    SigningKey& operator=(SigningKey&& signing_key);
    ~SigningKey();

    // Looks up the domain's signature in the passed dictionary. Returns true if
    // domain is in |signatures_| or false otherwise.
    bool GetSignatureForDomain(const std::string& domain,
                               std::string* signature) const;

    // Signs |str| using the private key.
    bool Sign(const std::string& str,
              em::PolicyFetchRequest::SignatureType signature_type,
              std::string* signature) const;

    const std::string& public_key() const { return public_key_; }

   private:
    // The key used for signing.
    std::unique_ptr<crypto::RSAPrivateKey> private_key_;

    // The public key corresponding to |private_key_|.
    std::string public_key_;

    // Maps domains to the corresponding signatures.
    std::map<std::string, std::string> signatures_;
  };

  // Domains with pre-computed signatures.
  static constexpr char kTestDomain1[] = "example.com";
  static constexpr char kTestDomain2[] = "chromepolicytest.com";
  static constexpr char kTestDomain3[] = "managedchrome.com";

  SignatureProvider();
  SignatureProvider(SignatureProvider&& signature_provider);
  SignatureProvider& operator=(SignatureProvider&& signature_provider);
  virtual ~SignatureProvider();

  // Returns the key corresponding to |key_version| (1-based) or nullptr if
  // |key_version| is out-of-bounds. Used when a key version is specified by the
  // client.
  const SigningKey* GetKeyByVersion(int key_version) const;

  // Shortcut for |GetKeyByVersion(current_key_version_)|, used when the client
  // doesn't specify the key version to be used.
  const SigningKey* GetCurrentKey() const;

  const std::vector<SigningKey>& signing_keys() const { return signing_keys_; }
  void set_signing_keys(std::vector<SigningKey> signing_keys) {
    signing_keys_ = std::move(signing_keys);
  }

  int current_key_version() const { return current_key_version_; }
  void set_current_key_version(int current_key_version) {
    current_key_version_ = current_key_version;
  }

  bool rotate_keys() const { return rotate_keys_; }
  void set_rotate_keys(bool rotate_keys) { rotate_keys_ = rotate_keys; }

  // Sets universal signing keys that can sign any domain.
  void SetUniversalSigningKeys();

  // Set the signing key signature for child domain (gmail.com).
  void SetSigningKeysForChildDomain();

  bool SignVerificationData(const std::string& data,
                            std::string* signature) const;

  std::string GetVerificationPublicKey();

 private:
  std::vector<SigningKey> signing_keys_;
  std::unique_ptr<crypto::RSAPrivateKey> verification_key_;

  // The key version to be used if no key version is defined by the client.
  int current_key_version_ = 1;

  // Whether to rotate signing keys or to fail when last key is reached. The
  // policy keys will be rotated in a round-robin fashion for each policy
  // request (by default, the |current_key_version_| will be used for all
  // requests).
  bool rotate_keys_ = false;
};

}  // namespace policy

#endif  // COMPONENTS_POLICY_TEST_SUPPORT_SIGNATURE_PROVIDER_H_