blob: 6b1d5f94c864c5e98ffa9ecf238032b1e2902476 [file] [log] [blame]
// Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROMEOS_SERVICES_DEVICE_SYNC_CRYPTAUTH_KEY_BUNDLE_H_
#define CHROMEOS_SERVICES_DEVICE_SYNC_CRYPTAUTH_KEY_BUNDLE_H_
#include "base/containers/flat_map.h"
#include "base/containers/flat_set.h"
#include "base/optional.h"
#include "base/values.h"
#include "chromeos/services/device_sync/cryptauth_key.h"
#include "chromeos/services/device_sync/proto/cryptauth_directive.pb.h"
namespace chromeos {
namespace device_sync {
// A group of related CryptAuthKeys, uniquely identified by their handles.
//
// No more than one key in the bundle can be active at a time, and only the
// active key should be used for encryption, signing, etc. The inactive keys are
// retained in case CryptAuth decides to activate them in a future via a
// SyncSingleKeyResponse::KeyAction.
//
// All key bundles used in Chrome OS are enumerated in the Name enum class. The
// corresponding name string that will be sent to CryptAuth in the
// SyncSingleKeysRequest::key_name protobuf field can be retrieved via
// KeyBundleNameEnumToString().
class CryptAuthKeyBundle {
public:
// Names which uniquely define a CryptAuthKeyBundle.
// TODO(nohle): Add name for DeviceSync keys.
// TODO(nohle): Add additional unit tests for CryptAuthKeyCreatorImpl when
// more Names are added.
enum class Name { kUserKeyPair };
static const base::flat_set<CryptAuthKeyBundle::Name>& AllNames();
static std::string KeyBundleNameEnumToString(CryptAuthKeyBundle::Name name);
static base::Optional<CryptAuthKeyBundle::Name> KeyBundleNameStringToEnum(
const std::string& name);
static base::Optional<CryptAuthKeyBundle> FromDictionary(
const base::Value& dict);
CryptAuthKeyBundle(Name name);
CryptAuthKeyBundle(const CryptAuthKeyBundle&);
~CryptAuthKeyBundle();
Name name() const { return name_; }
const base::flat_map<std::string, CryptAuthKey>& handle_to_key_map() const {
return handle_to_key_map_;
}
const base::Optional<cryptauthv2::KeyDirective>& key_directive() const {
return key_directive_;
}
void set_key_directive(const cryptauthv2::KeyDirective& key_directive) {
key_directive_ = key_directive;
}
// Returns nullptr if there is no active key.
const CryptAuthKey* GetActiveKey() const;
// If the key being added is active, all other keys in the bundle will be
// deactivated. If the handle of the input key matches one in the bundle, the
// existing key will be overwritten.
void AddKey(const CryptAuthKey& key);
// Activates the key corresponding to |handle| in the bundle and deactivates
// the other keys.
void SetActiveKey(const std::string& handle);
// Sets all key statuses to kInactive.
void DeactivateKeys();
// Remove the key corresponding to |handle| from the bundle.
void DeleteKey(const std::string& handle);
base::Value AsDictionary() const;
bool operator==(const CryptAuthKeyBundle& other) const;
bool operator!=(const CryptAuthKeyBundle& other) const;
private:
Name name_;
base::flat_map<std::string, CryptAuthKey> handle_to_key_map_;
base::Optional<cryptauthv2::KeyDirective> key_directive_;
};
} // namespace device_sync
} // namespace chromeos
#endif // CHROMEOS_SERVICES_DEVICE_SYNC_CRYPTAUTH_KEY_BUNDLE_H_