| blob | 4579ad341abb01ad5fb7043ead6730abc6699c92 |
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_
6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_
8 #include <queue>
9 #include <string>
10 #include <vector>
26 }
31 }
35 }
40 }
44 }
50 // The SelectDelegate is used to select a single certificate from all
51 // certificates matching a request (see SelectClientCertificates). E.g. this
52 // can happen by exposing UI to let the user select.
61 // Called on an interactive SelectClientCertificates call with the list of
62 // matching certificates, |certs|.
63 // The certificate passed to |callback| will be forwarded to the
64 // calling extension and the extension will get unlimited sign permission
65 // for this cert. By passing null to |callback|, no cert will be selected.
66 // Must eventually call |callback| or be destructed. |callback| must not be
67 // called after this delegate is destructed.
68 // |web_contents| and |context| provide the context in which the
69 // certificates were requested and are not null.
78 };
80 // Stores registration information in |state_store|, i.e. for each extension
81 // the list of public keys that are valid to be used for signing. See
82 // |KeyPermissions| for details.
83 // |browser_context| and |state_store| must not be null and outlive this
84 // object.
93 // Sets the delegate which will be used for interactive
94 // SelectClientCertificates calls.
97 // If the generation was successful, |public_key_spki_der| will contain the
98 // DER encoding of the SubjectPublicKeyInfo of the generated key and
99 // |error_message| will be empty. If it failed, |public_key_spki_der| will be
100 // empty and |error_message| contain an error message.
105 // Generates an RSA key pair with |modulus_length_bits| and registers the key
106 // to allow a single sign operation by the given extension. |token_id| is
107 // currently ignored, instead the user token associated with |browser_context|
108 // is always used. |callback| will be invoked with the resulting public key or
109 // an error.
110 // Will only call back during the lifetime of this object.
116 // If signing was successful, |signature| will be contain the signature and
117 // |error_message| will be empty. If it failed, |signature| will be empty and
118 // |error_message| contain an error message.
122 // Digests |data|, applies PKCS1 padding and afterwards signs the data with
123 // the private key matching |params.public_key|. If a non empty token id is
124 // provided and the key is not found in that token, the operation aborts.
125 // If the extension does not have permissions for signing with this key, the
126 // operation aborts. In case of a one time permission (granted after
127 // generating the key), this function also removes the permission to prevent
128 // future signing attempts.
129 // |callback| will be invoked with the signature or an error message.
130 // Will only call back during the lifetime of this object.
138 // Applies PKCS1 padding and afterwards signs the data with the private key
139 // matching |params.public_key|. |data| is not digested. If a non empty token
140 // id is provided and the key is not found in that token, the operation
141 // aborts.
142 // The size of |data| (number of octets) must be smaller than k - 11, where k
143 // is the key size in octets.
144 // If the extension does not have permissions for signing with this key, the
145 // operation aborts. In case of a one time permission (granted after
146 // generating the key), this function also removes the permission to prevent
147 // future signing attempts.
148 // |callback| will be invoked with the signature or an error message.
149 // Will only call back during the lifetime of this object.
156 // If the certificate request could be processed successfully, |matches| will
157 // contain the list of matching certificates (maybe empty) and |error_message|
158 // will be empty. If an error occurred, |matches| will be null and
159 // |error_message| contain an error message.
164 // Returns a list of certificates matching |request|.
165 // 1) all certificates that match the request (like being rooted in one of the
166 // give CAs) are determined.
167 // 2) if |client_certificates| is not null, drops all certificates that are
168 // not elements of |client_certificates|,
169 // 3) if |interactive| is true, the currently set SelectDelegate is used to
170 // select a single certificate from these matches
171 // which will the extension will also be granted access to.
172 // 4) only certificates, that the extension has unlimited sign permission for,
173 // will be returned.
174 // |callback| will be invoked with these certificates or an error message.
175 // Will only call back during the lifetime of this object. |web_contents| must
176 // not be null.
191 // Starts |task| eventually. To ensure that at most one |Task| is running at a
192 // time, it queues |task| for later execution if necessary.
195 // Must be called after |task| is done. |task| will be invalid after this
196 // call. This must not be called for any but the task that ran last. If any
197 // other tasks are queued (see StartOrQueueTask()), it will start the next
198 // one.
201 // Callback used by |GenerateRSAKey|.
202 // If the key generation was successful, registers the generated public key
203 // for the given extension. If any error occurs during key generation or
204 // registration, calls |callback| with an error. Otherwise, on success, calls
205 // |callback| with the public key.
211 // Callback used by |GeneratedKey|.
212 // |public_key_spki_der| will contain the X.509 Subject Public Key Info of
213 // the generated key in DER encoding. |task| points to the finished |Task|
214 // object.
220 KeyPermissions key_permissions_;
226 };