From c7bf410deedf2ee6be9439411ea362341c63bc43 Mon Sep 17 00:00:00 2001
From: Yuri Gorshenin <ygorshenin@chromium.org>
Date: Mon, 15 Sep 2014 17:07:49 +0400
Subject: Non-plafrom-specific part of an OwnerSettingsService is moved to
 components/ownership/*.

BUG=398856
TEST=existing browser_tests and unit_tests
R=erg@chromium.org, jochen@chromium.org, nkostylev@chromium.org, pastarmovj@chromium.org

Committed: https://chromium.googlesource.com/chromium/src/+/46a58bffbe303d3484d7cc288b47bfae5388109c

Committed: https://chromium.googlesource.com/chromium/src/+/40979bf265c3ffbe1736a87935418da72be5d1f1

Review URL: https://codereview.chromium.org/548323003

Cr-Commit-Position: refs/heads/master@{#294810}
---
 components/ownership/BUILD.gn                  |   6 ++
 components/ownership/DEPS                      |   4 +
 components/ownership/owner_settings_service.cc | 118 +++++++++++++++++++++++++
 components/ownership/owner_settings_service.h  | 102 +++++++++++++++++++++
 4 files changed, 230 insertions(+)
 create mode 100644 components/ownership/owner_settings_service.cc
 create mode 100644 components/ownership/owner_settings_service.h

(limited to 'components/ownership')

diff --git a/components/ownership/BUILD.gn b/components/ownership/BUILD.gn
index 2e53f12..ad11a79 100644
--- a/components/ownership/BUILD.gn
+++ b/components/ownership/BUILD.gn
@@ -10,6 +10,8 @@ component("ownership") {
     "owner_key_util.h",
     "owner_key_util_impl.cc",
     "owner_key_util_impl.h",
+    "owner_settings_service.cc",
+    "owner_settings_service.h",
   ]
 
   defines = [
@@ -18,6 +20,10 @@ component("ownership") {
 
   deps = [
     "//base",
+    "//components/keyed_service/core",
+    "//components/policy",
+    "//components/policy/proto",
+    "//components/policy:policy_component_common",
     "//crypto",
   ]
 }
diff --git a/components/ownership/DEPS b/components/ownership/DEPS
index bc55362..a169ab8 100644
--- a/components/ownership/DEPS
+++ b/components/ownership/DEPS
@@ -1,3 +1,7 @@
 include_rules = [
+"+components/keyed_service",
 "+crypto",
+
+# This is generated from components/policy/proto
+"+policy/proto/device_management_backend.pb.h",
 ]
diff --git a/components/ownership/owner_settings_service.cc b/components/ownership/owner_settings_service.cc
new file mode 100644
index 0000000..09c88d3
--- /dev/null
+++ b/components/ownership/owner_settings_service.cc
@@ -0,0 +1,118 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/ownership/owner_settings_service.h"
+
+#include "base/basictypes.h"
+#include "base/bind.h"
+#include "base/callback.h"
+#include "base/location.h"
+#include "base/logging.h"
+#include "base/message_loop/message_loop.h"
+#include "base/task_runner.h"
+#include "base/task_runner_util.h"
+#include "components/ownership/owner_key_util.h"
+#include "crypto/signature_creator.h"
+
+namespace em = enterprise_management;
+
+namespace ownership {
+
+namespace {
+
+std::string AssembleAndSignPolicy(scoped_ptr<em::PolicyData> policy,
+                                  crypto::RSAPrivateKey* private_key) {
+  // Assemble the policy.
+  em::PolicyFetchResponse policy_response;
+  if (!policy->SerializeToString(policy_response.mutable_policy_data())) {
+    LOG(ERROR) << "Failed to encode policy payload.";
+    return std::string();
+  }
+
+  // Generate the signature.
+  scoped_ptr<crypto::SignatureCreator> signature_creator(
+      crypto::SignatureCreator::Create(private_key));
+  signature_creator->Update(
+      reinterpret_cast<const uint8*>(policy_response.policy_data().c_str()),
+      policy_response.policy_data().size());
+  std::vector<uint8> signature_bytes;
+  std::string policy_blob;
+  if (!signature_creator->Final(&signature_bytes)) {
+    LOG(ERROR) << "Failed to create policy signature.";
+    return std::string();
+  }
+
+  policy_response.mutable_policy_data_signature()->assign(
+      reinterpret_cast<const char*>(vector_as_array(&signature_bytes)),
+      signature_bytes.size());
+  return policy_response.SerializeAsString();
+}
+
+}  // namepace
+
+OwnerSettingsService::OwnerSettingsService(
+    const scoped_refptr<ownership::OwnerKeyUtil>& owner_key_util)
+    : owner_key_util_(owner_key_util), weak_factory_(this) {
+}
+
+OwnerSettingsService::~OwnerSettingsService() {
+  DCHECK(thread_checker_.CalledOnValidThread());
+}
+
+bool OwnerSettingsService::IsOwner() {
+  DCHECK(thread_checker_.CalledOnValidThread());
+  return private_key_.get() && private_key_->key();
+}
+
+void OwnerSettingsService::IsOwnerAsync(const IsOwnerCallback& callback) {
+  DCHECK(thread_checker_.CalledOnValidThread());
+  if (private_key_.get()) {
+    base::MessageLoop::current()->PostTask(FROM_HERE,
+                                           base::Bind(callback, IsOwner()));
+  } else {
+    pending_is_owner_callbacks_.push_back(callback);
+  }
+}
+
+bool OwnerSettingsService::AssembleAndSignPolicyAsync(
+    base::TaskRunner* task_runner,
+    scoped_ptr<em::PolicyData> policy,
+    const AssembleAndSignPolicyAsyncCallback& callback) {
+  DCHECK(thread_checker_.CalledOnValidThread());
+  if (!task_runner || !IsOwner())
+    return false;
+  return base::PostTaskAndReplyWithResult(
+      task_runner,
+      FROM_HERE,
+      base::Bind(
+          &AssembleAndSignPolicy, base::Passed(&policy), private_key_->key()),
+      callback);
+}
+
+void OwnerSettingsService::ReloadKeypair() {
+  ReloadKeypairImpl(
+      base::Bind(&OwnerSettingsService::OnKeypairLoaded, as_weak_ptr()));
+}
+
+void OwnerSettingsService::OnKeypairLoaded(
+    const scoped_refptr<PublicKey>& public_key,
+    const scoped_refptr<PrivateKey>& private_key) {
+  DCHECK(thread_checker_.CalledOnValidThread());
+
+  public_key_ = public_key;
+  private_key_ = private_key;
+
+  const bool is_owner = IsOwner();
+  std::vector<IsOwnerCallback> is_owner_callbacks;
+  is_owner_callbacks.swap(pending_is_owner_callbacks_);
+  for (std::vector<IsOwnerCallback>::iterator it(is_owner_callbacks.begin());
+       it != is_owner_callbacks.end();
+       ++it) {
+    it->Run(is_owner);
+  }
+
+  OnPostKeypairLoadedActions();
+}
+
+}  // namespace ownership
diff --git a/components/ownership/owner_settings_service.h b/components/ownership/owner_settings_service.h
new file mode 100644
index 0000000..ed4a1b5
--- /dev/null
+++ b/components/ownership/owner_settings_service.h
@@ -0,0 +1,102 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_
+#define COMPONENTS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_
+
+#include <string>
+#include <vector>
+
+#include "base/callback_forward.h"
+#include "base/macros.h"
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/memory/weak_ptr.h"
+#include "base/threading/thread_checker.h"
+#include "components/keyed_service/core/keyed_service.h"
+#include "components/ownership/ownership_export.h"
+#include "policy/proto/device_management_backend.pb.h"
+
+namespace base {
+class TaskRunner;
+}
+
+namespace ownership {
+class OwnerKeyUtil;
+class PrivateKey;
+class PublicKey;
+
+// This class is a common interface for platform-specific classes
+// which deal with ownership, keypairs and owner-related settings.
+class OWNERSHIP_EXPORT OwnerSettingsService : public KeyedService {
+ public:
+  typedef base::Callback<void(std::string policy_blob)>
+      AssembleAndSignPolicyAsyncCallback;
+
+  typedef base::Callback<void(bool is_owner)> IsOwnerCallback;
+
+  explicit OwnerSettingsService(
+      const scoped_refptr<ownership::OwnerKeyUtil>& owner_key_util);
+  virtual ~OwnerSettingsService();
+
+  base::WeakPtr<OwnerSettingsService> as_weak_ptr() {
+    return weak_factory_.GetWeakPtr();
+  }
+
+  // Returns whether current user is owner or not. When this method
+  // is called too early, incorrect result can be returned because
+  // private key loading may be in progress.
+  bool IsOwner();
+
+  // Determines whether current user is owner or not, responds via
+  // |callback|.
+  void IsOwnerAsync(const IsOwnerCallback& callback);
+
+  // Assembles and signs |policy| on the |task_runner|, responds on
+  // the original thread via |callback|.
+  bool AssembleAndSignPolicyAsync(
+      base::TaskRunner* task_runner,
+      scoped_ptr<enterprise_management::PolicyData> policy,
+      const AssembleAndSignPolicyAsyncCallback& callback);
+
+  // Signs |settings| with the private half of the owner key and sends
+  // the resulting policy blob for storage. The
+  // result of the operation is reported through |callback|.
+  virtual void SignAndStorePolicyAsync(
+      scoped_ptr<enterprise_management::PolicyData> policy,
+      const base::Closure& callback) = 0;
+
+ protected:
+  void ReloadKeypair();
+
+  void OnKeypairLoaded(const scoped_refptr<PublicKey>& public_key,
+                       const scoped_refptr<PrivateKey>& private_key);
+
+  // Platform-specific keypair loading algorithm.
+  virtual void ReloadKeypairImpl(const base::Callback<
+      void(const scoped_refptr<PublicKey>& public_key,
+           const scoped_refptr<PrivateKey>& private_key)>& callback) = 0;
+
+  // Plafrom-specific actions which should be performed when keypair is loaded.
+  virtual void OnPostKeypairLoadedActions() = 0;
+
+  scoped_refptr<ownership::PublicKey> public_key_;
+
+  scoped_refptr<ownership::PrivateKey> private_key_;
+
+  scoped_refptr<ownership::OwnerKeyUtil> owner_key_util_;
+
+  std::vector<IsOwnerCallback> pending_is_owner_callbacks_;
+
+  base::ThreadChecker thread_checker_;
+
+ private:
+  base::WeakPtrFactory<OwnerSettingsService> weak_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(OwnerSettingsService);
+};
+
+}  // namespace ownership
+
+#endif  // COMPONENTS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_
-- 
cgit v1.1