diff options
author | Yuri Gorshenin <ygorshenin@chromium.org> | 2014-09-15 17:07:49 +0400 |
---|---|---|
committer | Yuri Gorshenin <ygorshenin@chromium.org> | 2014-09-15 13:13:21 +0000 |
commit | c7bf410deedf2ee6be9439411ea362341c63bc43 (patch) | |
tree | 3f571ced608eb51f35b031bf632db70a9cefbdbf /components | |
parent | cc5ee03cb5fe12f5ba3954961bd9963a5e83753c (diff) | |
download | chromium_src-c7bf410deedf2ee6be9439411ea362341c63bc43.zip chromium_src-c7bf410deedf2ee6be9439411ea362341c63bc43.tar.gz chromium_src-c7bf410deedf2ee6be9439411ea362341c63bc43.tar.bz2 |
Non-plafrom-specific part of an OwnerSettingsService is moved to components/ownership/*.
BUG=398856
TEST=existing browser_tests and unit_tests
R=erg@chromium.org, jochen@chromium.org, nkostylev@chromium.org, pastarmovj@chromium.org
Committed: https://chromium.googlesource.com/chromium/src/+/46a58bffbe303d3484d7cc288b47bfae5388109c
Committed: https://chromium.googlesource.com/chromium/src/+/40979bf265c3ffbe1736a87935418da72be5d1f1
Review URL: https://codereview.chromium.org/548323003
Cr-Commit-Position: refs/heads/master@{#294810}
Diffstat (limited to 'components')
-rw-r--r-- | components/ownership.gypi | 9 | ||||
-rw-r--r-- | components/ownership/BUILD.gn | 6 | ||||
-rw-r--r-- | components/ownership/DEPS | 4 | ||||
-rw-r--r-- | components/ownership/owner_settings_service.cc | 118 | ||||
-rw-r--r-- | components/ownership/owner_settings_service.h | 102 |
5 files changed, 239 insertions, 0 deletions
diff --git a/components/ownership.gypi b/components/ownership.gypi index 46a7a51..6f4befa 100644 --- a/components/ownership.gypi +++ b/components/ownership.gypi @@ -8,11 +8,18 @@ 'type': '<(component)', 'dependencies': [ '<(DEPTH)/base/base.gyp:base', + '<(DEPTH)/components/components.gyp:cloud_policy_proto', + '<(DEPTH)/components/components.gyp:keyed_service_core', + '<(DEPTH)/components/components.gyp:policy', + '<(DEPTH)/components/components.gyp:policy_component_common', '<(DEPTH)/crypto/crypto.gyp:crypto', ], 'defines': [ 'OWNERSHIP_IMPLEMENTATION', ], + 'include_dirs': [ + '<(SHARED_INTERMEDIATE_DIR)', + ], 'sources': [ 'ownership/mock_owner_key_util.cc', 'ownership/mock_owner_key_util.h', @@ -20,6 +27,8 @@ 'ownership/owner_key_util.h', 'ownership/owner_key_util_impl.cc', 'ownership/owner_key_util_impl.h', + 'ownership/owner_settings_service.cc', + 'ownership/owner_settings_service.h', ], }], } diff --git a/components/ownership/BUILD.gn b/components/ownership/BUILD.gn index 2e53f12..ad11a79 100644 --- a/components/ownership/BUILD.gn +++ b/components/ownership/BUILD.gn @@ -10,6 +10,8 @@ component("ownership") { "owner_key_util.h", "owner_key_util_impl.cc", "owner_key_util_impl.h", + "owner_settings_service.cc", + "owner_settings_service.h", ] defines = [ @@ -18,6 +20,10 @@ component("ownership") { deps = [ "//base", + "//components/keyed_service/core", + "//components/policy", + "//components/policy/proto", + "//components/policy:policy_component_common", "//crypto", ] } diff --git a/components/ownership/DEPS b/components/ownership/DEPS index bc55362..a169ab8 100644 --- a/components/ownership/DEPS +++ b/components/ownership/DEPS @@ -1,3 +1,7 @@ include_rules = [ +"+components/keyed_service", "+crypto", + +# This is generated from components/policy/proto +"+policy/proto/device_management_backend.pb.h", ] diff --git a/components/ownership/owner_settings_service.cc b/components/ownership/owner_settings_service.cc new file mode 100644 index 0000000..09c88d3 --- /dev/null +++ b/components/ownership/owner_settings_service.cc @@ -0,0 +1,118 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "components/ownership/owner_settings_service.h" + +#include "base/basictypes.h" +#include "base/bind.h" +#include "base/callback.h" +#include "base/location.h" +#include "base/logging.h" +#include "base/message_loop/message_loop.h" +#include "base/task_runner.h" +#include "base/task_runner_util.h" +#include "components/ownership/owner_key_util.h" +#include "crypto/signature_creator.h" + +namespace em = enterprise_management; + +namespace ownership { + +namespace { + +std::string AssembleAndSignPolicy(scoped_ptr<em::PolicyData> policy, + crypto::RSAPrivateKey* private_key) { + // Assemble the policy. + em::PolicyFetchResponse policy_response; + if (!policy->SerializeToString(policy_response.mutable_policy_data())) { + LOG(ERROR) << "Failed to encode policy payload."; + return std::string(); + } + + // Generate the signature. + scoped_ptr<crypto::SignatureCreator> signature_creator( + crypto::SignatureCreator::Create(private_key)); + signature_creator->Update( + reinterpret_cast<const uint8*>(policy_response.policy_data().c_str()), + policy_response.policy_data().size()); + std::vector<uint8> signature_bytes; + std::string policy_blob; + if (!signature_creator->Final(&signature_bytes)) { + LOG(ERROR) << "Failed to create policy signature."; + return std::string(); + } + + policy_response.mutable_policy_data_signature()->assign( + reinterpret_cast<const char*>(vector_as_array(&signature_bytes)), + signature_bytes.size()); + return policy_response.SerializeAsString(); +} + +} // namepace + +OwnerSettingsService::OwnerSettingsService( + const scoped_refptr<ownership::OwnerKeyUtil>& owner_key_util) + : owner_key_util_(owner_key_util), weak_factory_(this) { +} + +OwnerSettingsService::~OwnerSettingsService() { + DCHECK(thread_checker_.CalledOnValidThread()); +} + +bool OwnerSettingsService::IsOwner() { + DCHECK(thread_checker_.CalledOnValidThread()); + return private_key_.get() && private_key_->key(); +} + +void OwnerSettingsService::IsOwnerAsync(const IsOwnerCallback& callback) { + DCHECK(thread_checker_.CalledOnValidThread()); + if (private_key_.get()) { + base::MessageLoop::current()->PostTask(FROM_HERE, + base::Bind(callback, IsOwner())); + } else { + pending_is_owner_callbacks_.push_back(callback); + } +} + +bool OwnerSettingsService::AssembleAndSignPolicyAsync( + base::TaskRunner* task_runner, + scoped_ptr<em::PolicyData> policy, + const AssembleAndSignPolicyAsyncCallback& callback) { + DCHECK(thread_checker_.CalledOnValidThread()); + if (!task_runner || !IsOwner()) + return false; + return base::PostTaskAndReplyWithResult( + task_runner, + FROM_HERE, + base::Bind( + &AssembleAndSignPolicy, base::Passed(&policy), private_key_->key()), + callback); +} + +void OwnerSettingsService::ReloadKeypair() { + ReloadKeypairImpl( + base::Bind(&OwnerSettingsService::OnKeypairLoaded, as_weak_ptr())); +} + +void OwnerSettingsService::OnKeypairLoaded( + const scoped_refptr<PublicKey>& public_key, + const scoped_refptr<PrivateKey>& private_key) { + DCHECK(thread_checker_.CalledOnValidThread()); + + public_key_ = public_key; + private_key_ = private_key; + + const bool is_owner = IsOwner(); + std::vector<IsOwnerCallback> is_owner_callbacks; + is_owner_callbacks.swap(pending_is_owner_callbacks_); + for (std::vector<IsOwnerCallback>::iterator it(is_owner_callbacks.begin()); + it != is_owner_callbacks.end(); + ++it) { + it->Run(is_owner); + } + + OnPostKeypairLoadedActions(); +} + +} // namespace ownership diff --git a/components/ownership/owner_settings_service.h b/components/ownership/owner_settings_service.h new file mode 100644 index 0000000..ed4a1b5 --- /dev/null +++ b/components/ownership/owner_settings_service.h @@ -0,0 +1,102 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef COMPONENTS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_ +#define COMPONENTS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_ + +#include <string> +#include <vector> + +#include "base/callback_forward.h" +#include "base/macros.h" +#include "base/memory/ref_counted.h" +#include "base/memory/scoped_ptr.h" +#include "base/memory/weak_ptr.h" +#include "base/threading/thread_checker.h" +#include "components/keyed_service/core/keyed_service.h" +#include "components/ownership/ownership_export.h" +#include "policy/proto/device_management_backend.pb.h" + +namespace base { +class TaskRunner; +} + +namespace ownership { +class OwnerKeyUtil; +class PrivateKey; +class PublicKey; + +// This class is a common interface for platform-specific classes +// which deal with ownership, keypairs and owner-related settings. +class OWNERSHIP_EXPORT OwnerSettingsService : public KeyedService { + public: + typedef base::Callback<void(std::string policy_blob)> + AssembleAndSignPolicyAsyncCallback; + + typedef base::Callback<void(bool is_owner)> IsOwnerCallback; + + explicit OwnerSettingsService( + const scoped_refptr<ownership::OwnerKeyUtil>& owner_key_util); + virtual ~OwnerSettingsService(); + + base::WeakPtr<OwnerSettingsService> as_weak_ptr() { + return weak_factory_.GetWeakPtr(); + } + + // Returns whether current user is owner or not. When this method + // is called too early, incorrect result can be returned because + // private key loading may be in progress. + bool IsOwner(); + + // Determines whether current user is owner or not, responds via + // |callback|. + void IsOwnerAsync(const IsOwnerCallback& callback); + + // Assembles and signs |policy| on the |task_runner|, responds on + // the original thread via |callback|. + bool AssembleAndSignPolicyAsync( + base::TaskRunner* task_runner, + scoped_ptr<enterprise_management::PolicyData> policy, + const AssembleAndSignPolicyAsyncCallback& callback); + + // Signs |settings| with the private half of the owner key and sends + // the resulting policy blob for storage. The + // result of the operation is reported through |callback|. + virtual void SignAndStorePolicyAsync( + scoped_ptr<enterprise_management::PolicyData> policy, + const base::Closure& callback) = 0; + + protected: + void ReloadKeypair(); + + void OnKeypairLoaded(const scoped_refptr<PublicKey>& public_key, + const scoped_refptr<PrivateKey>& private_key); + + // Platform-specific keypair loading algorithm. + virtual void ReloadKeypairImpl(const base::Callback< + void(const scoped_refptr<PublicKey>& public_key, + const scoped_refptr<PrivateKey>& private_key)>& callback) = 0; + + // Plafrom-specific actions which should be performed when keypair is loaded. + virtual void OnPostKeypairLoadedActions() = 0; + + scoped_refptr<ownership::PublicKey> public_key_; + + scoped_refptr<ownership::PrivateKey> private_key_; + + scoped_refptr<ownership::OwnerKeyUtil> owner_key_util_; + + std::vector<IsOwnerCallback> pending_is_owner_callbacks_; + + base::ThreadChecker thread_checker_; + + private: + base::WeakPtrFactory<OwnerSettingsService> weak_factory_; + + DISALLOW_COPY_AND_ASSIGN(OwnerSettingsService); +}; + +} // namespace ownership + +#endif // COMPONENTS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_ |