1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_KEY_PERMISSIONS_H_
6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_KEY_PERMISSIONS_H_
11 #include "base/callback_forward.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/memory/weak_ptr.h"
18 class DictionaryValue
;
22 namespace extensions
{
30 namespace user_prefs
{
31 class PrefRegistrySyncable
;
36 // This class manages permissions for extensions to use private keys through
37 // chrome.platformKeys or chrome.enterprise.platformKeys .
38 // The permission model depends on whether the user account is managed or not.
40 // ** If the user account is not managed **
41 // The user is under full control of the keys that are generated or imported
42 // while the device is not managed. For that, a user can grant a specific
43 // extension the permission to sign arbitrary data with a specific key for an
44 // unlimited number of times.
46 // ** If the user account is managed **
47 // The administrator is in charge of granting access to keys that are meant for
50 // As not every key is meant for corporate usage but probably for the user's
51 // private usage, this class introduces the concept of tagging keys with the
52 // intended purpose of the key. Currently, the only usage that can be assigned
53 // to a key is "corporate".
55 // Every key that is generated by the chrome.enterprise.platformKeys API (which
56 // requires the user account to be managed), is marked for corporate usage.
57 // Any key that is generated or imported by other means is currently not marked
58 // for corporate usage.
60 // The KeyPermissions policy allows the administrator to list exactly the
61 // extensions that are allowed to use such corporate keys. Non-corporate keys
62 // are not affected. This policy is the only means to grant this permission.
64 // ** One-off Permission for the Certification Requests **
65 // Independent of the above, the extension that generates a key using the
66 // chrome.enterprise.platformKeys API is allowed to sign arbitrary data with the
67 // private key for a single time in order to create a certification request.
68 // The assumption is that certification requests usually require a signature of
69 // data including the public key. So the one-off permission implies that once a
70 // certificate authority creates the certificate of the generated key, the
71 // generating extension isn't able to use the key anymore except if explicitly
72 // permitted by the administrator.
73 class KeyPermissions
{
75 // Allows querying and modifying permissions and registering keys for a
76 // specific extension.
77 class PermissionsForExtension
{
79 // |key_permissions| must not be null and outlive this object.
80 // Methods of this object refer implicitly to the extension with the id
81 // |extension_id|. Don't use this constructor directly. Call
82 // |KeyPermissions::GetPermissionsForExtension| instead.
83 PermissionsForExtension(const std::string
& extension_id
,
84 scoped_ptr
<base::Value
> state_store_value
,
85 PrefService
* profile_prefs
,
86 policy::PolicyService
* profile_policies
,
87 KeyPermissions
* key_permissions
);
89 ~PermissionsForExtension();
91 // Returns true if the private key matching |public_key_spki_der| can be
92 // used for signing by the extension with id |extension_id|.
93 // |public_key_spki_der| must be the DER of a Subject Public Key Info.
94 bool CanUseKeyForSigning(const std::string
& public_key_spki_der
);
96 // Registers the key |public_key_spki_der| as being generated by the
97 // extension with id |extension_id| and marks it for corporate usage.
98 // |public_key_spki_der| must be the DER of a Subject Public Key Info.
99 void RegisterKeyForCorporateUsage(const std::string
& public_key_spki_der
);
101 // Sets the user granted permission that the extension with id
102 // |extension_id| can use the private key matching |public_key_spki_der| for
104 // |public_key_spki_der| must be the DER of a Subject Public Key Info.
105 void SetUserGrantedPermission(const std::string
& public_key_spki_der
);
107 // Must be called when the extension with id |extension_id| used the private
108 // key matching |public_key_spki_der| for signing.
109 // Updates the permissions accordingly. E.g. if this extension generated the
110 // key and no other permission was granted then the permission to sign with
111 // this key is removed.
112 // |public_key_spki_der| must be the DER of a Subject Public Key Info.
113 void SetKeyUsedForSigning(const std::string
& public_key_spki_der
);
118 // Writes the current |state_store_entries_| to the state store of
120 void WriteToStateStore();
122 // Reads a KeyEntry list from |state| and stores them in
123 // |state_store_entries_|.
124 void KeyEntriesFromState(const base::Value
& state
);
126 // Converts |state_store_entries_| to a base::Value for storing in the state
128 scoped_ptr
<base::Value
> KeyEntriesToState();
130 // Returns an existing entry for |public_key_spki_der_b64| from
131 // |state_store_entries_|. If there is no existing entry, creates, adds and
132 // returns a new entry.
133 // |public_key_spki_der| must be the base64 encoding of the DER of a Subject
135 KeyPermissions::PermissionsForExtension::KeyEntry
* GetStateStoreEntry(
136 const std::string
& public_key_spki_der_b64
);
138 bool PolicyAllowsCorporateKeyUsage() const;
140 const std::string extension_id_
;
141 std::vector
<KeyEntry
> state_store_entries_
;
142 PrefService
* const profile_prefs_
;
143 policy::PolicyService
* const profile_policies_
;
144 KeyPermissions
* const key_permissions_
;
146 DISALLOW_COPY_AND_ASSIGN(PermissionsForExtension
);
149 // |profile_prefs| and |extensions_state_store| must not be null and must
150 // outlive this object.
151 // If |profile_is_managed| is false, |profile_policies| is ignored. Otherwise,
152 // |profile_policies| must not be null and must outlive this object.
153 // |profile_is_managed| determines the default usage and permissions for
154 // keys without explicitly assigned usage.
155 KeyPermissions(bool profile_is_managed
,
156 PrefService
* profile_prefs
,
157 policy::PolicyService
* profile_policies
,
158 extensions::StateStore
* extensions_state_store
);
162 using PermissionsCallback
=
163 base::Callback
<void(scoped_ptr
<PermissionsForExtension
>)>;
165 // Passes an object managing the key permissions of the extension with id
166 // |extension_id| to |callback|. This can happen synchronously or
168 void GetPermissionsForExtension(const std::string
& extension_id
,
169 const PermissionsCallback
& callback
);
171 // Returns true if the user can grant any permission for |public_key_spki_der|
172 // to extensions. |public_key_spki_der| must be the DER of a Subject Public
174 bool CanUserGrantPermissionFor(const std::string
& public_key_spki_der
) const;
176 static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable
* registry
);
179 bool IsCorporateKey(const std::string
& public_key_spki_der_b64
) const;
181 // Creates a PermissionsForExtension object from |extension_id| and |value|
182 // and passes the object to |callback|.
183 void CreatePermissionObjectAndPassToCallback(
184 const std::string
& extension_id
,
185 const PermissionsCallback
& callback
,
186 scoped_ptr
<base::Value
> value
);
188 // Writes |value| to the state store of the extension with id |extension_id|.
189 void SetPlatformKeysOfExtension(const std::string
& extension_id
,
190 scoped_ptr
<base::Value
> value
);
192 const base::DictionaryValue
* GetPrefsEntry(
193 const std::string
& public_key_spki_der_b64
) const;
195 const bool profile_is_managed_
;
196 PrefService
* const profile_prefs_
;
197 policy::PolicyService
* const profile_policies_
;
198 extensions::StateStore
* const extensions_state_store_
;
199 base::WeakPtrFactory
<KeyPermissions
> weak_factory_
;
201 DISALLOW_COPY_AND_ASSIGN(KeyPermissions
);
204 } // namespace chromeos
206 #endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_KEY_PERMISSIONS_H_