KeyPermissionsService: Separate PrefService utility functions

This CL separates functions interacting with the PrefService from
KeyPermissionsService so that these functions can be used by other
components (such as KeyPermissionsManager see crbug.com/1127284) without
depending on KeyPermissionsService.

Bug: 1127284
Change-Id: I79120c1f05cc2582755ec596eebc4eedfff80e03
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2440475
Commit-Queue: Omar Morsi <omorsi@google.com>
Reviewed-by: Omar Morsi <omorsi@google.com>
Reviewed-by: Pavol Marko <pmarko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#812705}

chrome/browser/chromeos/BUILD.gn

@@ -1952,6 +1952,8 @@ source_set("chromeos") {
     "platform_keys/key_permissions/extension_key_permissions_service_factory.h",
     "platform_keys/key_permissions/key_permissions_policy_handler.cc",
     "platform_keys/key_permissions/key_permissions_policy_handler.h",
+    "platform_keys/key_permissions/key_permissions_pref_util.cc",
+    "platform_keys/key_permissions/key_permissions_pref_util.h",
     "platform_keys/key_permissions/key_permissions_service.cc",
     "platform_keys/key_permissions/key_permissions_service.h",
     "platform_keys/key_permissions/key_permissions_service_factory.cc",

chrome/browser/chromeos/platform_keys/key_permissions/key_permissions_pref_util.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <memory>
+#include <string>
+#include <utility>
+
+#include "base/base64.h"
+#include "base/values.h"
+#include "chrome/common/pref_names.h"
+#include "components/prefs/pref_service.h"
+#include "components/prefs/scoped_user_pref_update.h"
+
+namespace {
+// The profile pref prefs::kPlatformKeys stores a dictionary mapping from
+// public key (base64 encoding of an DER-encoded SPKI) to key properties. The
+// currently only key property is the key usage, which can either be undefined
+// or "corporate". If a key is not present in the pref, the default for the key
+// usage is undefined, which in particular means "not for corporate usage".
+// E.g. the entry in the profile pref might look like:
+// "platform_keys" : {
+//   "ABCDEF123" : {
+//     "keyUsage" : "corporate"
+//   },
+//   "abcdef567" : {
+//     "keyUsage" : "corporate"
+//   }
+// }
+const char kPrefKeyUsage[] = "keyUsage";
+const char kPrefKeyUsageCorporate[] = "corporate";
+
+const base::DictionaryValue* GetPrefsEntry(
+    const std::string& public_key_spki_der_b64,
+    const PrefService* const profile_prefs) {
+  if (!profile_prefs)
+    return nullptr;
+
+  const base::DictionaryValue* platform_keys =
+      profile_prefs->GetDictionary(prefs::kPlatformKeys);
+  if (!platform_keys)
+    return nullptr;
+
+  const base::Value* key_entry_value =
+      platform_keys->FindKey(public_key_spki_der_b64);
+  if (!key_entry_value)
+    return nullptr;
+
+  const base::DictionaryValue* key_entry = nullptr;
+  key_entry_value->GetAsDictionary(&key_entry);
+  return key_entry;
+}
+
+}  // namespace
+
+namespace chromeos {
+namespace platform_keys {
+namespace internal {
+
+bool IsUserKeyMarkedCorporateInPref(const std::string& public_key_spki_der,
+                                    PrefService* profile_prefs) {
+  std::string public_key_spki_der_b64;
+  base::Base64Encode(public_key_spki_der, &public_key_spki_der_b64);
+
+  const base::DictionaryValue* prefs_entry =
+      GetPrefsEntry(public_key_spki_der_b64, profile_prefs);
+  if (prefs_entry) {
+    const base::Value* key_usage = prefs_entry->FindKey(kPrefKeyUsage);
+    if (!key_usage || !key_usage->is_string())
+      return false;
+    return key_usage->GetString() == kPrefKeyUsageCorporate;
+  }
+  return false;
+}
+
+void MarkUserKeyCorporateInPref(const std::string& public_key_spki_der,
+                                PrefService* profile_prefs) {
+  std::string public_key_spki_der_b64;
+  base::Base64Encode(public_key_spki_der, &public_key_spki_der_b64);
+
+  DictionaryPrefUpdate update(profile_prefs, prefs::kPlatformKeys);
+
+  auto new_pref_entry = std::make_unique<base::DictionaryValue>();
+  new_pref_entry->SetKey(kPrefKeyUsage, base::Value(kPrefKeyUsageCorporate));
+
+  update->SetWithoutPathExpansion(public_key_spki_der_b64,
+                                  std::move(new_pref_entry));
+}
+
+}  // namespace internal
+}  // namespace platform_keys
+}  // namespace chromeos

chrome/browser/chromeos/platform_keys/key_permissions/key_permissions_pref_util.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_KEY_PERMISSIONS_KEY_PERMISSIONS_PREF_UTIL_H_
+#define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_KEY_PERMISSIONS_KEY_PERMISSIONS_PREF_UTIL_H_
+
+#include <string>
+
+class PrefService;
+
+namespace chromeos {
+namespace platform_keys {
+
+// Note: Functions in this namespace are meant for internal use by key
+// permissions classes. Please use KeyPermissionsService instead.
+namespace internal {
+
+// Returns true if |public_key_spki_der| is marked for corporate usage in
+// |profile_prefs|. Note: Only user keys are explicitly marked for corporate
+// usage in the PrefService corresponding to the user's profile.
+bool IsUserKeyMarkedCorporateInPref(const std::string& public_key_spki_der,
+                                    PrefService* profile_prefs);
+
+// Marks |public_key_spki_der| for corporate usage in |profile_prefs|.
+// Note: This function will mark the key for corporate usage in |profile_prefs|
+// even if the key is not accessible to that profile, so use it after making
+// sure that the key is accessible to the user's profile.
+void MarkUserKeyCorporateInPref(const std::string& public_key_spki_der,
+                                PrefService* profile_prefs);
+
+}  // namespace internal
+}  // namespace platform_keys
+}  // namespace chromeos
+
+#endif  // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_KEY_PERMISSIONS_KEY_PERMISSIONS_PREF_UTIL_H_

chrome/browser/chromeos/platform_keys/key_permissions/key_permissions_service_impl.cc

@@ -17,6 +17,7 @@
 #include "base/logging.h"
 #include "base/stl_util.h"
 #include "base/values.h"
+#include "chrome/browser/chromeos/platform_keys/key_permissions/key_permissions_pref_util.h"
 #include "chrome/browser/chromeos/platform_keys/platform_keys.h"
 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h"
 #include "chrome/browser/policy/profile_policy_connector.h"
@@ -32,47 +33,6 @@
 namespace chromeos {
 namespace platform_keys {
 
-namespace {
-// The profile pref prefs::kPlatformKeys stores a dictionary mapping from
-// public key (base64 encoding of an DER-encoded SPKI) to key properties. The
-// currently only key property is the key usage, which can either be undefined
-// or "corporate". If a key is not present in the pref, the default for the key
-// usage is undefined, which in particular means "not for corporate usage".
-// E.g. the entry in the profile pref might look like:
-// "platform_keys" : {
-//   "ABCDEF123" : {
-//     "keyUsage" : "corporate"
-//   },
-//   "abcdef567" : {
-//     "keyUsage" : "corporate"
-//   }
-// }
-const char kPrefKeyUsage[] = "keyUsage";
-const char kPrefKeyUsageCorporate[] = "corporate";
-
-const base::DictionaryValue* GetPrefsEntry(
-    const std::string& public_key_spki_der_b64,
-    const PrefService* const profile_prefs) {
-  if (!profile_prefs)
-    return nullptr;
-
-  const base::DictionaryValue* platform_keys =
-      profile_prefs->GetDictionary(prefs::kPlatformKeys);
-  if (!platform_keys)
-    return nullptr;
-
-  const base::Value* key_entry_value =
-      platform_keys->FindKey(public_key_spki_der_b64);
-  if (!key_entry_value)
-    return nullptr;
-
-  const base::DictionaryValue* key_entry = nullptr;
-  key_entry_value->GetAsDictionary(&key_entry);
-  return key_entry;
-}
-
-}  // namespace
-
 KeyPermissionsServiceImpl::KeyPermissionsServiceImpl(
     bool profile_is_managed,
     PrefService* profile_prefs,
@@ -166,13 +126,11 @@ void KeyPermissionsServiceImpl::IsCorporateKeyWithLocations(
     std::move(callback).Run(/*corporate=*/false);
   }
 
-  std::string public_key_spki_der_b64;
-  base::Base64Encode(public_key_spki_der, &public_key_spki_der_b64);
-
   for (const auto key_location : key_locations) {
     switch (key_location) {
       case TokenId::kUser:
-        if (IsUserKeyCorporate(public_key_spki_der_b64)) {
+        if (internal::IsUserKeyMarkedCorporateInPref(public_key_spki_der,
+                                                     profile_prefs_)) {
           std::move(callback).Run(/*corporate=*/true);
           return;
         }
@@ -221,36 +179,12 @@ void KeyPermissionsServiceImpl::SetCorporateKeyWithLocations(
       std::move(callback).Run(Status::kSuccess);
       return;
     case TokenId::kUser: {
-      std::string public_key_spki_der_b64;
-      base::Base64Encode(public_key_spki_der, &public_key_spki_der_b64);
-
-      DictionaryPrefUpdate update(profile_prefs_, prefs::kPlatformKeys);
-
-      std::unique_ptr<base::DictionaryValue> new_pref_entry(
-          new base::DictionaryValue);
-      new_pref_entry->SetKey(kPrefKeyUsage,
-                             base::Value(kPrefKeyUsageCorporate));
-
-      update->SetWithoutPathExpansion(public_key_spki_der_b64,
-                                      std::move(new_pref_entry));
+      internal::MarkUserKeyCorporateInPref(public_key_spki_der, profile_prefs_);
       std::move(callback).Run(Status::kSuccess);
       return;
     }
   }
 }
 
-bool KeyPermissionsServiceImpl::IsUserKeyCorporate(
-    const std::string& public_key_spki_der_b64) const {
-  const base::DictionaryValue* prefs_entry =
-      GetPrefsEntry(public_key_spki_der_b64, profile_prefs_);
-  if (prefs_entry) {
-    const base::Value* key_usage = prefs_entry->FindKey(kPrefKeyUsage);
-    if (!key_usage || !key_usage->is_string())
-      return false;
-    return key_usage->GetString() == kPrefKeyUsageCorporate;
-  }
-  return false;
-}
-
 }  // namespace platform_keys
 }  // namespace chromeos