Popular sites on the NTP: check that experiment group StartsWith (rather than IS...
[chromium-blink-merge.git] / chrome / browser / chromeos / platform_keys / key_permissions.h
blob69eb4038aebb24ef81c4a5a6719be3953ef9367b
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_KEY_PERMISSIONS_H_
6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_KEY_PERMISSIONS_H_
8 #include <string>
9 #include <vector>
11 #include "base/callback_forward.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/memory/weak_ptr.h"
15 class PrefService;
17 namespace base {
18 class DictionaryValue;
19 class Value;
22 namespace extensions {
23 class StateStore;
26 namespace policy {
27 class PolicyService;
30 namespace user_prefs {
31 class PrefRegistrySyncable;
34 namespace chromeos {
36 // This class manages permissions for extensions to use private keys through
37 // chrome.platformKeys or chrome.enterprise.platformKeys .
38 // The permission model depends on whether the user account is managed or not.
40 // ** If the user account is not managed **
41 // The user is under full control of the keys that are generated or imported
42 // while the device is not managed. For that, a user can grant a specific
43 // extension the permission to sign arbitrary data with a specific key for an
44 // unlimited number of times.
46 // ** If the user account is managed **
47 // The administrator is in charge of granting access to keys that are meant for
48 // corporate usage.
50 // As not every key is meant for corporate usage but probably for the user's
51 // private usage, this class introduces the concept of tagging keys with the
52 // intended purpose of the key. Currently, the only usage that can be assigned
53 // to a key is "corporate".
55 // Every key that is generated by the chrome.enterprise.platformKeys API (which
56 // requires the user account to be managed), is marked for corporate usage.
57 // Any key that is generated or imported by other means is currently not marked
58 // for corporate usage.
60 // The KeyPermissions policy allows the administrator to list exactly the
61 // extensions that are allowed to use such corporate keys. Non-corporate keys
62 // are not affected. This policy is the only means to grant this permission.
64 // ** One-off Permission for the Certification Requests **
65 // Independent of the above, the extension that generates a key using the
66 // chrome.enterprise.platformKeys API is allowed to sign arbitrary data with the
67 // private key for a single time in order to create a certification request.
68 // The assumption is that certification requests usually require a signature of
69 // data including the public key. So the one-off permission implies that once a
70 // certificate authority creates the certificate of the generated key, the
71 // generating extension isn't able to use the key anymore except if explicitly
72 // permitted by the administrator.
73 class KeyPermissions {
74 public:
75 // Allows querying and modifying permissions and registering keys for a
76 // specific extension.
77 class PermissionsForExtension {
78 public:
79 // |key_permissions| must not be null and outlive this object.
80 // Methods of this object refer implicitly to the extension with the id
81 // |extension_id|. Don't use this constructor directly. Call
82 // |KeyPermissions::GetPermissionsForExtension| instead.
83 PermissionsForExtension(const std::string& extension_id,
84 scoped_ptr<base::Value> state_store_value,
85 PrefService* profile_prefs,
86 policy::PolicyService* profile_policies,
87 KeyPermissions* key_permissions);
89 ~PermissionsForExtension();
91 // Returns true if the private key matching |public_key_spki_der| can be
92 // used for signing by the extension with id |extension_id|.
93 // |public_key_spki_der| must be the DER of a Subject Public Key Info.
94 bool CanUseKeyForSigning(const std::string& public_key_spki_der);
96 // Registers the key |public_key_spki_der| as being generated by the
97 // extension with id |extension_id| and marks it for corporate usage.
98 // |public_key_spki_der| must be the DER of a Subject Public Key Info.
99 void RegisterKeyForCorporateUsage(const std::string& public_key_spki_der);
101 // Sets the user granted permission that the extension with id
102 // |extension_id| can use the private key matching |public_key_spki_der| for
103 // signing.
104 // |public_key_spki_der| must be the DER of a Subject Public Key Info.
105 void SetUserGrantedPermission(const std::string& public_key_spki_der);
107 // Must be called when the extension with id |extension_id| used the private
108 // key matching |public_key_spki_der| for signing.
109 // Updates the permissions accordingly. E.g. if this extension generated the
110 // key and no other permission was granted then the permission to sign with
111 // this key is removed.
112 // |public_key_spki_der| must be the DER of a Subject Public Key Info.
113 void SetKeyUsedForSigning(const std::string& public_key_spki_der);
115 private:
116 struct KeyEntry;
118 // Writes the current |state_store_entries_| to the state store of
119 // |extension_id_|.
120 void WriteToStateStore();
122 // Reads a KeyEntry list from |state| and stores them in
123 // |state_store_entries_|.
124 void KeyEntriesFromState(const base::Value& state);
126 // Converts |state_store_entries_| to a base::Value for storing in the state
127 // store.
128 scoped_ptr<base::Value> KeyEntriesToState();
130 // Returns an existing entry for |public_key_spki_der_b64| from
131 // |state_store_entries_|. If there is no existing entry, creates, adds and
132 // returns a new entry.
133 // |public_key_spki_der| must be the base64 encoding of the DER of a Subject
134 // Public Key Info.
135 KeyPermissions::PermissionsForExtension::KeyEntry* GetStateStoreEntry(
136 const std::string& public_key_spki_der_b64);
138 bool PolicyAllowsCorporateKeyUsage() const;
140 const std::string extension_id_;
141 std::vector<KeyEntry> state_store_entries_;
142 PrefService* const profile_prefs_;
143 policy::PolicyService* const profile_policies_;
144 KeyPermissions* const key_permissions_;
146 DISALLOW_COPY_AND_ASSIGN(PermissionsForExtension);
149 // |profile_prefs| and |extensions_state_store| must not be null and must
150 // outlive this object.
151 // If |profile_is_managed| is false, |profile_policies| is ignored. Otherwise,
152 // |profile_policies| must not be null and must outlive this object.
153 // |profile_is_managed| determines the default usage and permissions for
154 // keys without explicitly assigned usage.
155 KeyPermissions(bool profile_is_managed,
156 PrefService* profile_prefs,
157 policy::PolicyService* profile_policies,
158 extensions::StateStore* extensions_state_store);
160 ~KeyPermissions();
162 using PermissionsCallback =
163 base::Callback<void(scoped_ptr<PermissionsForExtension>)>;
165 // Passes an object managing the key permissions of the extension with id
166 // |extension_id| to |callback|. This can happen synchronously or
167 // asynchronously.
168 void GetPermissionsForExtension(const std::string& extension_id,
169 const PermissionsCallback& callback);
171 // Returns true if the user can grant any permission for |public_key_spki_der|
172 // to extensions. |public_key_spki_der| must be the DER of a Subject Public
173 // Key Info.
174 bool CanUserGrantPermissionFor(const std::string& public_key_spki_der) const;
176 static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
178 private:
179 bool IsCorporateKey(const std::string& public_key_spki_der_b64) const;
181 // Creates a PermissionsForExtension object from |extension_id| and |value|
182 // and passes the object to |callback|.
183 void CreatePermissionObjectAndPassToCallback(
184 const std::string& extension_id,
185 const PermissionsCallback& callback,
186 scoped_ptr<base::Value> value);
188 // Writes |value| to the state store of the extension with id |extension_id|.
189 void SetPlatformKeysOfExtension(const std::string& extension_id,
190 scoped_ptr<base::Value> value);
192 const base::DictionaryValue* GetPrefsEntry(
193 const std::string& public_key_spki_der_b64) const;
195 const bool profile_is_managed_;
196 PrefService* const profile_prefs_;
197 policy::PolicyService* const profile_policies_;
198 extensions::StateStore* const extensions_state_store_;
199 base::WeakPtrFactory<KeyPermissions> weak_factory_;
201 DISALLOW_COPY_AND_ASSIGN(KeyPermissions);
204 } // namespace chromeos
206 #endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_KEY_PERMISSIONS_H_