1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_ 6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_ 7 8 #include <string> 9 10 #include "base/callback_forward.h" 11 #include "base/macros.h" 12 #include "base/memory/scoped_ptr.h" 13 #include "base/memory/weak_ptr.h" 14 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" 15 #include "components/keyed_service/core/keyed_service.h" 16 17 namespace content { 18 class BrowserContext; 19 } 20 21 namespace base { 22 class ListValue; 23 class Value; 24 } 25 26 namespace extensions { 27 class StateStore; 28 } 29 30 namespace chromeos { 31 32 class PlatformKeysService : public KeyedService { 33 public: 34 // Stores registration information in |state_store|, i.e. for each extension 35 // the list of public keys that are valid to be used for signing. Each key can 36 // be used for signing at most once. 37 // The format written to |state_store| is: 38 // kStateStorePlatformKeys maps to a list of strings. 39 // Each string is the base64 encoding of the DER representation of a public 40 // key's SPKI. 41 explicit PlatformKeysService(content::BrowserContext* browser_context, 42 extensions::StateStore* state_store); 43 virtual ~PlatformKeysService(); 44 45 // If the generation was successful, |public_key_spki_der| will contain the 46 // DER encoding of the SubjectPublicKeyInfo of the generated key and 47 // |error_message| will be empty. If it failed, |public_key_spki_der| will be 48 // empty and |error_message| contain an error message. 49 typedef base::Callback<void(const std::string& public_key_spki_der, 50 const std::string& error_message)> 51 GenerateKeyCallback; 52 53 // Generates a RSA key pair with |modulus_length_bits| and registers the key 54 // to allow a single sign operation by the given extension. |token_id| is 55 // currently ignored, instead the user token associated with |browser_context| 56 // is always used. |callback| will be invoked with the resulting public key or 57 // an error. 58 // Will only call back during the lifetime of this object. 59 void GenerateRSAKey(const std::string& token_id, 60 unsigned int modulus_length_bits, 61 const std::string& extension_id, 62 const GenerateKeyCallback& callback); 63 64 // If signing was successful, |signature| will be contain the signature and 65 // |error_message| will be empty. If it failed, |signature| will be empty and 66 // |error_message| contain an error message. 67 typedef base::Callback<void(const std::string& signature, 68 const std::string& error_message)> SignCallback; 69 70 // Digests |data| with |hash_algorithm| and afterwards signs the digest with 71 // the private key matching |public_key_spki_der|, if that key is stored in 72 // the given token and wasn't used for signing before. 73 // Unregisters the key so that every future attempt to sign data with this key 74 // is rejected. |token_id| is currently ignored, instead the user token 75 // associated with |browser_context| is always used. |public_key_spki_der| 76 // must be the DER encoding of a SubjectPublicKeyInfo. |callback| will be 77 // invoked with the signature or an error message. Currently supports RSA keys 78 // only. 79 // Will only call back during the lifetime of this object. 80 void Sign(const std::string& token_id, 81 const std::string& public_key_spki_der, 82 platform_keys::HashAlgorithm hash_algorithm, 83 const std::string& data, 84 const std::string& extension_id, 85 const SignCallback& callback); 86 87 private: 88 typedef base::Callback<void(scoped_ptr<base::ListValue> platform_keys)> 89 GetPlatformKeysCallback; 90 91 // Registers the given public key as newly generated key, which is allowed to 92 // be used for signing for a single time. Afterwards, calls |callback|. If 93 // registration was successful, passes |true| otherwise |false| to the 94 // callback. 95 void RegisterPublicKey(const std::string& extension_id, 96 const std::string& public_key_spki_der, 97 const base::Callback<void(bool)>& callback); 98 99 // Gets the current validity of the given public key by reading StateStore. 100 // Invalidates the key if it was found to be valid. Finally, calls |callback| 101 // with the old validity. 102 void ReadValidityAndInvalidateKey(const std::string& extension_id, 103 const std::string& public_key_spki_der, 104 const base::Callback<void(bool)>& callback); 105 106 // Reads the list of public keys currently registered for |extension_id| from 107 // StateStore. Calls |callback| with the read list, or a new empty list if 108 // none existed. If an error occurred, calls |callback| with NULL. 109 void GetPlatformKeysOfExtension(const std::string& extension_id, 110 const GetPlatformKeysCallback& callback); 111 112 // Callback used by |GenerateRSAKey|. 113 // If the key generation was successful, registers the generated public key 114 // for the given extension. If any error occurs during key generation or 115 // registration, calls |callback| with an error. Otherwise, on success, calls 116 // |callback| with the public key. 117 void GenerateRSAKeyCallback(const std::string& extension_id, 118 const GenerateKeyCallback& callback, 119 const std::string& public_key_spki_der, 120 const std::string& error_message); 121 122 // Callback used by |RegisterPublicKey|. 123 // Updates the old |platform_keys| read from the StateStore and writes the 124 // updated value back to the StateStore. 125 void RegisterPublicKeyGotPlatformKeys( 126 const std::string& extension_id, 127 const std::string& public_key_spki_der, 128 const base::Callback<void(bool)>& callback, 129 scoped_ptr<base::ListValue> platform_keys); 130 131 // Callback used by |ReadValidityAndInvalidateKey|. 132 // Invalidates the given public key so that future signing is prohibited and 133 // calls |callback| with the old validity. 134 void InvalidateKey(const std::string& extension_id, 135 const std::string& public_key_spki_der, 136 const base::Callback<void(bool)>& callback, 137 scoped_ptr<base::ListValue> platform_keys); 138 139 // Callback used by |GetPlatformKeysOfExtension|. 140 // Is called with |value| set to the PlatformKeys value read from the 141 // StateStore, which it forwards to |callback|. On error, calls |callback| 142 // with NULL; if no value existed, with an empty list. 143 void GotPlatformKeysOfExtension(const std::string& extension_id, 144 const GetPlatformKeysCallback& callback, 145 scoped_ptr<base::Value> value); 146 147 content::BrowserContext* browser_context_; 148 extensions::StateStore* state_store_; 149 base::WeakPtrFactory<PlatformKeysService> weak_factory_; 150 151 DISALLOW_COPY_AND_ASSIGN(PlatformKeysService); 152 }; 153 154 } // namespace chromeos 155 156 #endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_ 157