chrome/browser/chromeos/login/owner_manager.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

// Copyright (c) 2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_OWNER_MANAGER_H_
#define CHROME_BROWSER_CHROMEOS_LOGIN_OWNER_MANAGER_H_
#pragma once

#include <vector>

#include "base/basictypes.h"
#include "base/crypto/rsa_private_key.h"
#include "base/ref_counted.h"
#include "chrome/browser/browser_thread.h"
#include "chrome/browser/chromeos/cros/login_library.h"
#include "chrome/browser/chromeos/login/owner_key_utils.h"

class FilePath;
class NotificationDetails;
class NotificationType;

namespace chromeos {

// This class allows the registration of an Owner of a Chromium OS device.
// It handles generating the appropriate keys and storing them in the
// appropriate locations.
class OwnerManager : public base::RefCountedThreadSafe<OwnerManager>,
                     public LoginLibrary::Delegate {
 public:
  // Return codes for public/private key operations.
  enum KeyOpCode {
    SUCCESS,
    KEY_UNAVAILABLE,  // The necessary key isn't available yet.
    OPERATION_FAILED  // The crypto operation failed.
  };

  class Delegate {
   public:
    // Upon completion of a key operation, this method will be called.
    // |return_code| indicates what happened, |payload| will be used to pass
    // back any artifacts of the operation.  For example, if the operation
    // was a signature attempt, the signature blob would come back in |payload|.
    virtual void OnKeyOpComplete(const KeyOpCode return_code,
                                 const std::vector<uint8>& payload) = 0;
  };

  OwnerManager();
  virtual ~OwnerManager();

  // Pulls the owner's public key off disk and into memory.
  //
  // Call this on the FILE thread.
  void LoadOwnerKey();

  // Generates the owner's keys in the default NSS token.  Also stores
  // them in |public_key_| and |private_key_|.  When done, causes the
  // public key to get exported via DBus.
  //
  // Call this on the FILE thread.
  void GenerateKeysAndExportPublic();

  // Exports |public_key_| via DBus.
  //
  // Call this on the UI thread (because of DBus usage).
  void ExportKey();

  // Overridden from LoginLibrary::Delegate
  void OnComplete(bool value);

  bool EnsurePublicKey();
  bool EnsurePrivateKey();

  // Do the actual work of signing |data| with |private_key_|.  First,
  // ensures that we have the keys we need.  Then, computes the signature.
  //
  // On success, calls d->OnKeyOpComplete() on |thread_id| with a
  // successful return code, passing the signaure blob in |payload|.
  // On failure, calls d->OnKeyOpComplete() on |thread_id| with an appropriate
  // error and passes an empty string for |payload|.
  void Sign(const BrowserThread::ID thread_id,
            const std::string& data,
            Delegate* d);

  // Do the actual work of verifying that |signature| is valid over
  // |data| with |public_key_|.  First, ensures we have the key we
  // need, then does the verify.
  //
  // On success, calls d->OnKeyOpComplete() on |thread_id| with a
  // successful return code, passing an empty string for |payload|.
  // On failure, calls d->OnKeyOpComplete() on |thread_id| with an appropriate
  // error code, passing an empty string for |payload|.
  void Verify(const BrowserThread::ID thread_id,
              const std::string& data,
              const std::vector<uint8>& signature,
              Delegate* d);

 private:
  // A helper method to send a notification on another thread.
  void SendNotification(NotificationType type,
                        const NotificationDetails& details);

  // A helper method to call back a delegte on another thread.
  void CallDelegate(Delegate* d,
                    const KeyOpCode return_code,
                    const std::vector<uint8>& payload) {
    d->OnKeyOpComplete(return_code, payload);
  }

  scoped_ptr<base::RSAPrivateKey> private_key_;
  std::vector<uint8> public_key_;

  scoped_refptr<OwnerKeyUtils> utils_;

  friend class OwnerManagerTest;

  DISALLOW_COPY_AND_ASSIGN(OwnerManager);
};

}  // namespace chromeos

#endif  // CHROME_BROWSER_CHROMEOS_LOGIN_OWNER_MANAGER_H_