login_manager/nss_util.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef LOGIN_MANAGER_NSS_UTIL_H_
 #define LOGIN_MANAGER_NSS_UTIL_H_

 #include <stdint.h>

 #include <memory>
 #include <string>
 #include <vector>

 #include <base/files/file_path.h>
 #include <base/macros.h>
 #include <base/optional.h>
 #include <crypto/scoped_nss_types.h>

 namespace crypto {
 class RSAPrivateKey;
 }

 namespace login_manager {
 // Forward declaration.
 typedef struct PK11SlotInfoStr PK11SlotInfo;

 struct PK11SlotDescriptor {
   crypto::ScopedPK11Slot slot;
   base::Optional<base::FilePath> ns_mnt_path;
 };

 using OptionalFilePath = base::Optional<base::FilePath>;

 using ScopedPK11SlotDescriptor = std::unique_ptr<PK11SlotDescriptor>;

 // An interface to wrap the usage of crypto/nss_util.h and allow for mocking.
 class NssUtil {
  public:
   NssUtil();
   virtual ~NssUtil();

   // Creates an NssUtil. If there is no Factory (the default) this creates and
   // returns a new NssUtil.
   static std::unique_ptr<NssUtil> Create();

   // Returns empty ScopedPK11Slot in the event that the database
   // cannot be opened.
   // Will attempt to enter the mount namespace at |ns_mnt_path|, if present.
   virtual ScopedPK11SlotDescriptor OpenUserDB(
       const base::FilePath& user_homedir,
       const OptionalFilePath& ns_mnt_path) = 0;

   // Will attempt to enter the mount namespace at |user_slot->ns_mnt_path|,
   // if present.
   virtual std::unique_ptr<crypto::RSAPrivateKey> GetPrivateKeyForUser(
       const std::vector<uint8_t>& public_key_der,
       PK11SlotDescriptor* user_slot) = 0;

   // Will attempt to enter the mount namespace at |user_slot->ns_mnt_path|,
   // if present.
   virtual std::unique_ptr<crypto::RSAPrivateKey> GenerateKeyPairForUser(
       PK11SlotDescriptor* user_slot) = 0;

   virtual base::FilePath GetOwnerKeyFilePath() = 0;

   // Returns subpath of the NSS DB; e.g. '.pki/nssdb'
   virtual base::FilePath GetNssdbSubpath() = 0;

   // Returns true if |blob| is a validly encoded NSS SubjectPublicKeyInfo.
   virtual bool CheckPublicKeyBlob(const std::vector<uint8_t>& blob) = 0;

   virtual bool Verify(const std::vector<uint8_t>& signature,
                       const std::vector<uint8_t>& data,
                       const std::vector<uint8_t>& public_key) = 0;

   virtual bool Sign(const std::vector<uint8_t>& data,
                     crypto::RSAPrivateKey* key,
                     std::vector<uint8_t>* out_signature) = 0;

  private:
   DISALLOW_COPY_AND_ASSIGN(NssUtil);
 };
 }  // namespace login_manager

 #endif  // LOGIN_MANAGER_NSS_UTIL_H_
	// Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef LOGIN_MANAGER_NSS_UTIL_H_
	#define LOGIN_MANAGER_NSS_UTIL_H_

	#include <stdint.h>

	#include <memory>
	#include <string>
	#include <vector>

	#include <base/files/file_path.h>
	#include <base/macros.h>
	#include <base/optional.h>
	#include <crypto/scoped_nss_types.h>

	namespace crypto {
	class RSAPrivateKey;
	}

	namespace login_manager {
	// Forward declaration.
	typedef struct PK11SlotInfoStr PK11SlotInfo;

	struct PK11SlotDescriptor {
	crypto::ScopedPK11Slot slot;
	base::Optional<base::FilePath> ns_mnt_path;
	};

	using OptionalFilePath = base::Optional<base::FilePath>;

	using ScopedPK11SlotDescriptor = std::unique_ptr<PK11SlotDescriptor>;

	// An interface to wrap the usage of crypto/nss_util.h and allow for mocking.
	class NssUtil {
	public:
	NssUtil();
	virtual ~NssUtil();

	// Creates an NssUtil. If there is no Factory (the default) this creates and
	// returns a new NssUtil.
	static std::unique_ptr<NssUtil> Create();

	// Returns empty ScopedPK11Slot in the event that the database
	// cannot be opened.
	// Will attempt to enter the mount namespace at \|ns_mnt_path\|, if present.
	virtual ScopedPK11SlotDescriptor OpenUserDB(
	const base::FilePath& user_homedir,
	const OptionalFilePath& ns_mnt_path) = 0;

	// Will attempt to enter the mount namespace at \|user_slot->ns_mnt_path\|,
	// if present.
	virtual std::unique_ptr<crypto::RSAPrivateKey> GetPrivateKeyForUser(
	const std::vector<uint8_t>& public_key_der,
	PK11SlotDescriptor* user_slot) = 0;

	// Will attempt to enter the mount namespace at \|user_slot->ns_mnt_path\|,
	// if present.
	virtual std::unique_ptr<crypto::RSAPrivateKey> GenerateKeyPairForUser(
	PK11SlotDescriptor* user_slot) = 0;

	virtual base::FilePath GetOwnerKeyFilePath() = 0;

	// Returns subpath of the NSS DB; e.g. '.pki/nssdb'
	virtual base::FilePath GetNssdbSubpath() = 0;

	// Returns true if \|blob\| is a validly encoded NSS SubjectPublicKeyInfo.
	virtual bool CheckPublicKeyBlob(const std::vector<uint8_t>& blob) = 0;

	virtual bool Verify(const std::vector<uint8_t>& signature,
	const std::vector<uint8_t>& data,
	const std::vector<uint8_t>& public_key) = 0;

	virtual bool Sign(const std::vector<uint8_t>& data,
	crypto::RSAPrivateKey* key,
	std::vector<uint8_t>* out_signature) = 0;

	private:
	DISALLOW_COPY_AND_ASSIGN(NssUtil);
	};
	} // namespace login_manager

	#endif // LOGIN_MANAGER_NSS_UTIL_H_