OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/extensions/api/certificate_provider/certificate_provide r_api.h" | |
6 | |
7 #include "base/logging.h" | |
8 #include "base/memory/linked_ptr.h" | |
9 #include "base/stl_util.h" | |
10 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv ice.h" | |
11 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv ice_factory.h" | |
12 #include "chrome/common/extensions/api/certificate_provider.h" | |
13 #include "chrome/common/extensions/api/certificate_provider_internal.h" | |
14 #include "net/cert/x509_certificate.h" | |
15 | |
16 namespace extensions { | |
17 | |
18 namespace api_cp = api::certificate_provider; | |
19 namespace api_cpi = api::certificate_provider_internal; | |
20 | |
21 namespace { | |
22 | |
23 const char kErrorInvalidX509Cert[] = | |
24 "Certificate is not a valid X.509 certificate."; | |
25 const char kErrorECDSANotSupported[] = "Key type ECDSA not supported."; | |
26 const char kErrorUnknownKeyType[] = "Key type unknown."; | |
27 | |
28 } // namespace | |
29 | |
30 CertificateProviderInternalReportCertificatesFunction:: | |
31 ~CertificateProviderInternalReportCertificatesFunction() {} | |
32 | |
33 ExtensionFunction::ResponseAction | |
34 CertificateProviderInternalReportCertificatesFunction::Run() { | |
35 scoped_ptr<api_cpi::ReportCertificates::Params> params( | |
bartfab (slow)
2015/09/03 17:30:52
Nit: #include "base/memory/scoped_ptr.h"
pneubeck (no reviews)
2015/09/07 17:21:32
Done.
| |
36 api_cpi::ReportCertificates::Params::Create(*args_)); | |
37 EXTENSION_FUNCTION_VALIDATE(params); | |
38 | |
39 chromeos::CertificateProviderService* service = | |
bartfab (slow)
2015/09/03 17:30:52
Nit: const pointer.
pneubeck (no reviews)
2015/09/07 17:21:31
Done.
| |
40 chromeos::CertificateProviderServiceFactory::GetForBrowserContext( | |
41 browser_context()); | |
42 DCHECK(service); | |
43 | |
44 if (!params->certificates) | |
45 return RespondNow(Error("Failure")); | |
46 | |
47 chromeos::certificate_provider::CertificateInfoList cert_infos; | |
48 std::vector<std::vector<char>> rejected_certificates; | |
bartfab (slow)
2015/09/03 17:30:52
Nit: #include <vector>
pneubeck (no reviews)
2015/09/07 17:21:32
Done.
| |
49 for (linked_ptr<api_cp::CertificateInfo> input_cert_info : | |
50 *params->certificates) { | |
51 chromeos::certificate_provider::CertificateInfo parsed_cert_info; | |
52 | |
53 if (ParseCertificateInfo(*input_cert_info, &parsed_cert_info)) | |
54 cert_infos.push_back(parsed_cert_info); | |
55 else | |
56 rejected_certificates.push_back(input_cert_info->certificate); | |
57 } | |
58 | |
59 if (service->SetCertificatesProvidedByExtension( | |
60 extension_id(), params->request_id, cert_infos)) { | |
61 return RespondNow(ArgumentList( | |
62 api_cpi::ReportCertificates::Results::Create(rejected_certificates))); | |
63 } else { | |
64 return RespondNow(Error("Failure")); | |
65 } | |
66 } | |
67 | |
68 bool CertificateProviderInternalReportCertificatesFunction:: | |
69 ParseCertificateInfo( | |
70 const api_cp::CertificateInfo& info, | |
71 chromeos::certificate_provider::CertificateInfo* out_info) { | |
72 const std::vector<char>& cert_der = info.certificate; | |
73 if (cert_der.empty()) { | |
74 WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, kErrorInvalidX509Cert); | |
bartfab (slow)
2015/09/03 17:30:52
Nit: #include "content/public/common/console_messa
pneubeck (no reviews)
2015/09/07 17:21:31
Done.
| |
75 return false; | |
76 } | |
77 | |
78 out_info->certificate = net::X509Certificate::CreateFromBytes( | |
79 vector_as_array(&cert_der), cert_der.size()); | |
80 if (!out_info->certificate) { | |
81 WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, kErrorInvalidX509Cert); | |
82 return false; | |
83 } | |
84 | |
85 size_t public_key_length_in_bits = 0; | |
bartfab (slow)
2015/09/03 17:30:52
Nit: #include <stddef.h>
pneubeck (no reviews)
2015/09/07 17:21:31
Done.
| |
86 net::X509Certificate::PublicKeyType type = | |
87 net::X509Certificate::kPublicKeyTypeUnknown; | |
88 net::X509Certificate::GetPublicKeyInfo( | |
89 out_info->certificate->os_cert_handle(), &public_key_length_in_bits, | |
90 &type); | |
91 | |
92 switch (type) { | |
93 case net::X509Certificate::kPublicKeyTypeRSA: | |
94 DCHECK(public_key_length_in_bits != 0); | |
bartfab (slow)
2015/09/03 17:30:52
Nit: DCHECK(public_key_length_in_bits) is sufficie
pneubeck (no reviews)
2015/09/07 17:21:31
Done.
| |
95 | |
96 // Convert bits to bytes. | |
97 out_info->max_signature_length_in_bytes = | |
98 (public_key_length_in_bits + 7) / 8; | |
99 out_info->type = net::SSLPrivateKey::Type::RSA; | |
bartfab (slow)
2015/09/03 17:30:52
Nit: #include "net/ssl/ssl_private_key.h"
pneubeck (no reviews)
2015/09/07 17:21:31
Done.
| |
100 break; | |
101 case net::X509Certificate::kPublicKeyTypeECDSA: | |
102 WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, | |
103 kErrorECDSANotSupported); | |
104 return false; | |
105 default: | |
106 WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, | |
107 kErrorUnknownKeyType); | |
108 return false; | |
109 } | |
110 | |
111 for (const api_cp::Hash hash : info.supported_hashes) { | |
112 switch (hash) { | |
113 case api_cp::HASH_MD5_SHA1: | |
114 out_info->supported_hashes.push_back( | |
115 net::SSLPrivateKey::Hash::MD5_SHA1); | |
116 break; | |
117 case api_cp::HASH_SHA1: | |
118 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA1); | |
119 break; | |
120 case api_cp::HASH_SHA256: | |
121 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA256); | |
122 break; | |
123 case api_cp::HASH_SHA384: | |
124 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA384); | |
125 break; | |
126 case api_cp::HASH_SHA512: | |
127 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA512); | |
128 break; | |
129 case api_cp::HASH_NONE: | |
130 NOTREACHED(); | |
131 return false; | |
132 } | |
133 } | |
134 return true; | |
135 } | |
136 | |
137 CertificateProviderInternalReportSignatureFunction:: | |
138 ~CertificateProviderInternalReportSignatureFunction() {} | |
139 | |
140 ExtensionFunction::ResponseAction | |
141 CertificateProviderInternalReportSignatureFunction::Run() { | |
142 scoped_ptr<api_cpi::ReportSignature::Params> params( | |
143 api_cpi::ReportSignature::Params::Create(*args_)); | |
144 EXTENSION_FUNCTION_VALIDATE(params); | |
145 | |
146 chromeos::CertificateProviderService* service = | |
bartfab (slow)
2015/09/03 17:30:52
Nit: const pointer.
pneubeck (no reviews)
2015/09/07 17:21:32
Done.
| |
147 chromeos::CertificateProviderServiceFactory::GetForBrowserContext( | |
148 browser_context()); | |
149 DCHECK(service); | |
150 | |
151 std::vector<uint8_t> signature; | |
bartfab (slow)
2015/09/03 17:30:52
Nit: #include <stdint.h>
pneubeck (no reviews)
2015/09/07 17:21:31
Done.
| |
152 // If an error occurred, |signature| will not be set. | |
153 if (params->signature) | |
154 signature.assign(params->signature->begin(), params->signature->end()); | |
155 | |
156 service->ReplyToSignRequest(extension_id(), params->request_id, signature); | |
157 return RespondNow(NoArguments()); | |
158 } | |
159 | |
160 } // namespace extensions | |
OLD | NEW |