summaryrefslogtreecommitdiffstats
path: root/components
diff options
context:
space:
mode:
authorYuri Gorshenin <ygorshenin@chromium.org>2014-09-15 17:07:49 +0400
committerYuri Gorshenin <ygorshenin@chromium.org>2014-09-15 13:13:21 +0000
commitc7bf410deedf2ee6be9439411ea362341c63bc43 (patch)
tree3f571ced608eb51f35b031bf632db70a9cefbdbf /components
parentcc5ee03cb5fe12f5ba3954961bd9963a5e83753c (diff)
downloadchromium_src-c7bf410deedf2ee6be9439411ea362341c63bc43.zip
chromium_src-c7bf410deedf2ee6be9439411ea362341c63bc43.tar.gz
chromium_src-c7bf410deedf2ee6be9439411ea362341c63bc43.tar.bz2
Non-plafrom-specific part of an OwnerSettingsService is moved to components/ownership/*.
BUG=398856 TEST=existing browser_tests and unit_tests R=erg@chromium.org, jochen@chromium.org, nkostylev@chromium.org, pastarmovj@chromium.org Committed: https://chromium.googlesource.com/chromium/src/+/46a58bffbe303d3484d7cc288b47bfae5388109c Committed: https://chromium.googlesource.com/chromium/src/+/40979bf265c3ffbe1736a87935418da72be5d1f1 Review URL: https://codereview.chromium.org/548323003 Cr-Commit-Position: refs/heads/master@{#294810}
Diffstat (limited to 'components')
-rw-r--r--components/ownership.gypi9
-rw-r--r--components/ownership/BUILD.gn6
-rw-r--r--components/ownership/DEPS4
-rw-r--r--components/ownership/owner_settings_service.cc118
-rw-r--r--components/ownership/owner_settings_service.h102
5 files changed, 239 insertions, 0 deletions
diff --git a/components/ownership.gypi b/components/ownership.gypi
index 46a7a51..6f4befa 100644
--- a/components/ownership.gypi
+++ b/components/ownership.gypi
@@ -8,11 +8,18 @@
'type': '<(component)',
'dependencies': [
'<(DEPTH)/base/base.gyp:base',
+ '<(DEPTH)/components/components.gyp:cloud_policy_proto',
+ '<(DEPTH)/components/components.gyp:keyed_service_core',
+ '<(DEPTH)/components/components.gyp:policy',
+ '<(DEPTH)/components/components.gyp:policy_component_common',
'<(DEPTH)/crypto/crypto.gyp:crypto',
],
'defines': [
'OWNERSHIP_IMPLEMENTATION',
],
+ 'include_dirs': [
+ '<(SHARED_INTERMEDIATE_DIR)',
+ ],
'sources': [
'ownership/mock_owner_key_util.cc',
'ownership/mock_owner_key_util.h',
@@ -20,6 +27,8 @@
'ownership/owner_key_util.h',
'ownership/owner_key_util_impl.cc',
'ownership/owner_key_util_impl.h',
+ 'ownership/owner_settings_service.cc',
+ 'ownership/owner_settings_service.h',
],
}],
}
diff --git a/components/ownership/BUILD.gn b/components/ownership/BUILD.gn
index 2e53f12..ad11a79 100644
--- a/components/ownership/BUILD.gn
+++ b/components/ownership/BUILD.gn
@@ -10,6 +10,8 @@ component("ownership") {
"owner_key_util.h",
"owner_key_util_impl.cc",
"owner_key_util_impl.h",
+ "owner_settings_service.cc",
+ "owner_settings_service.h",
]
defines = [
@@ -18,6 +20,10 @@ component("ownership") {
deps = [
"//base",
+ "//components/keyed_service/core",
+ "//components/policy",
+ "//components/policy/proto",
+ "//components/policy:policy_component_common",
"//crypto",
]
}
diff --git a/components/ownership/DEPS b/components/ownership/DEPS
index bc55362..a169ab8 100644
--- a/components/ownership/DEPS
+++ b/components/ownership/DEPS
@@ -1,3 +1,7 @@
include_rules = [
+"+components/keyed_service",
"+crypto",
+
+# This is generated from components/policy/proto
+"+policy/proto/device_management_backend.pb.h",
]
diff --git a/components/ownership/owner_settings_service.cc b/components/ownership/owner_settings_service.cc
new file mode 100644
index 0000000..09c88d3
--- /dev/null
+++ b/components/ownership/owner_settings_service.cc
@@ -0,0 +1,118 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/ownership/owner_settings_service.h"
+
+#include "base/basictypes.h"
+#include "base/bind.h"
+#include "base/callback.h"
+#include "base/location.h"
+#include "base/logging.h"
+#include "base/message_loop/message_loop.h"
+#include "base/task_runner.h"
+#include "base/task_runner_util.h"
+#include "components/ownership/owner_key_util.h"
+#include "crypto/signature_creator.h"
+
+namespace em = enterprise_management;
+
+namespace ownership {
+
+namespace {
+
+std::string AssembleAndSignPolicy(scoped_ptr<em::PolicyData> policy,
+ crypto::RSAPrivateKey* private_key) {
+ // Assemble the policy.
+ em::PolicyFetchResponse policy_response;
+ if (!policy->SerializeToString(policy_response.mutable_policy_data())) {
+ LOG(ERROR) << "Failed to encode policy payload.";
+ return std::string();
+ }
+
+ // Generate the signature.
+ scoped_ptr<crypto::SignatureCreator> signature_creator(
+ crypto::SignatureCreator::Create(private_key));
+ signature_creator->Update(
+ reinterpret_cast<const uint8*>(policy_response.policy_data().c_str()),
+ policy_response.policy_data().size());
+ std::vector<uint8> signature_bytes;
+ std::string policy_blob;
+ if (!signature_creator->Final(&signature_bytes)) {
+ LOG(ERROR) << "Failed to create policy signature.";
+ return std::string();
+ }
+
+ policy_response.mutable_policy_data_signature()->assign(
+ reinterpret_cast<const char*>(vector_as_array(&signature_bytes)),
+ signature_bytes.size());
+ return policy_response.SerializeAsString();
+}
+
+} // namepace
+
+OwnerSettingsService::OwnerSettingsService(
+ const scoped_refptr<ownership::OwnerKeyUtil>& owner_key_util)
+ : owner_key_util_(owner_key_util), weak_factory_(this) {
+}
+
+OwnerSettingsService::~OwnerSettingsService() {
+ DCHECK(thread_checker_.CalledOnValidThread());
+}
+
+bool OwnerSettingsService::IsOwner() {
+ DCHECK(thread_checker_.CalledOnValidThread());
+ return private_key_.get() && private_key_->key();
+}
+
+void OwnerSettingsService::IsOwnerAsync(const IsOwnerCallback& callback) {
+ DCHECK(thread_checker_.CalledOnValidThread());
+ if (private_key_.get()) {
+ base::MessageLoop::current()->PostTask(FROM_HERE,
+ base::Bind(callback, IsOwner()));
+ } else {
+ pending_is_owner_callbacks_.push_back(callback);
+ }
+}
+
+bool OwnerSettingsService::AssembleAndSignPolicyAsync(
+ base::TaskRunner* task_runner,
+ scoped_ptr<em::PolicyData> policy,
+ const AssembleAndSignPolicyAsyncCallback& callback) {
+ DCHECK(thread_checker_.CalledOnValidThread());
+ if (!task_runner || !IsOwner())
+ return false;
+ return base::PostTaskAndReplyWithResult(
+ task_runner,
+ FROM_HERE,
+ base::Bind(
+ &AssembleAndSignPolicy, base::Passed(&policy), private_key_->key()),
+ callback);
+}
+
+void OwnerSettingsService::ReloadKeypair() {
+ ReloadKeypairImpl(
+ base::Bind(&OwnerSettingsService::OnKeypairLoaded, as_weak_ptr()));
+}
+
+void OwnerSettingsService::OnKeypairLoaded(
+ const scoped_refptr<PublicKey>& public_key,
+ const scoped_refptr<PrivateKey>& private_key) {
+ DCHECK(thread_checker_.CalledOnValidThread());
+
+ public_key_ = public_key;
+ private_key_ = private_key;
+
+ const bool is_owner = IsOwner();
+ std::vector<IsOwnerCallback> is_owner_callbacks;
+ is_owner_callbacks.swap(pending_is_owner_callbacks_);
+ for (std::vector<IsOwnerCallback>::iterator it(is_owner_callbacks.begin());
+ it != is_owner_callbacks.end();
+ ++it) {
+ it->Run(is_owner);
+ }
+
+ OnPostKeypairLoadedActions();
+}
+
+} // namespace ownership
diff --git a/components/ownership/owner_settings_service.h b/components/ownership/owner_settings_service.h
new file mode 100644
index 0000000..ed4a1b5
--- /dev/null
+++ b/components/ownership/owner_settings_service.h
@@ -0,0 +1,102 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_
+#define COMPONENTS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_
+
+#include <string>
+#include <vector>
+
+#include "base/callback_forward.h"
+#include "base/macros.h"
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/memory/weak_ptr.h"
+#include "base/threading/thread_checker.h"
+#include "components/keyed_service/core/keyed_service.h"
+#include "components/ownership/ownership_export.h"
+#include "policy/proto/device_management_backend.pb.h"
+
+namespace base {
+class TaskRunner;
+}
+
+namespace ownership {
+class OwnerKeyUtil;
+class PrivateKey;
+class PublicKey;
+
+// This class is a common interface for platform-specific classes
+// which deal with ownership, keypairs and owner-related settings.
+class OWNERSHIP_EXPORT OwnerSettingsService : public KeyedService {
+ public:
+ typedef base::Callback<void(std::string policy_blob)>
+ AssembleAndSignPolicyAsyncCallback;
+
+ typedef base::Callback<void(bool is_owner)> IsOwnerCallback;
+
+ explicit OwnerSettingsService(
+ const scoped_refptr<ownership::OwnerKeyUtil>& owner_key_util);
+ virtual ~OwnerSettingsService();
+
+ base::WeakPtr<OwnerSettingsService> as_weak_ptr() {
+ return weak_factory_.GetWeakPtr();
+ }
+
+ // Returns whether current user is owner or not. When this method
+ // is called too early, incorrect result can be returned because
+ // private key loading may be in progress.
+ bool IsOwner();
+
+ // Determines whether current user is owner or not, responds via
+ // |callback|.
+ void IsOwnerAsync(const IsOwnerCallback& callback);
+
+ // Assembles and signs |policy| on the |task_runner|, responds on
+ // the original thread via |callback|.
+ bool AssembleAndSignPolicyAsync(
+ base::TaskRunner* task_runner,
+ scoped_ptr<enterprise_management::PolicyData> policy,
+ const AssembleAndSignPolicyAsyncCallback& callback);
+
+ // Signs |settings| with the private half of the owner key and sends
+ // the resulting policy blob for storage. The
+ // result of the operation is reported through |callback|.
+ virtual void SignAndStorePolicyAsync(
+ scoped_ptr<enterprise_management::PolicyData> policy,
+ const base::Closure& callback) = 0;
+
+ protected:
+ void ReloadKeypair();
+
+ void OnKeypairLoaded(const scoped_refptr<PublicKey>& public_key,
+ const scoped_refptr<PrivateKey>& private_key);
+
+ // Platform-specific keypair loading algorithm.
+ virtual void ReloadKeypairImpl(const base::Callback<
+ void(const scoped_refptr<PublicKey>& public_key,
+ const scoped_refptr<PrivateKey>& private_key)>& callback) = 0;
+
+ // Plafrom-specific actions which should be performed when keypair is loaded.
+ virtual void OnPostKeypairLoadedActions() = 0;
+
+ scoped_refptr<ownership::PublicKey> public_key_;
+
+ scoped_refptr<ownership::PrivateKey> private_key_;
+
+ scoped_refptr<ownership::OwnerKeyUtil> owner_key_util_;
+
+ std::vector<IsOwnerCallback> pending_is_owner_callbacks_;
+
+ base::ThreadChecker thread_checker_;
+
+ private:
+ base::WeakPtrFactory<OwnerSettingsService> weak_factory_;
+
+ DISALLOW_COPY_AND_ASSIGN(OwnerSettingsService);
+};
+
+} // namespace ownership
+
+#endif // COMPONENTS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_