chrome/browser/extensions/api/certificate_provider/certificate_provider_api.cc - Issue 1232553003: Add new certificateProvider extension API.

Side by Side Diff: chrome/browser/extensions/api/certificate_provider/certificate_provider_api.cc

Issue 1232553003: Add new certificateProvider extension API. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Addressed feedback, fixed bug. Created 5 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« chrome/browser/extensions/api/certificate_provider/certificate_provider_api.h ('K') | « chrome/browser/extensions/api/certificate_provider/certificate_provider_api.h ('k') | chrome/browser/extensions/api/certificate_provider/certificate_provider_apitest.cc » ('j') | chrome/browser/extensions/api/certificate_provider/certificate_provider_apitest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/browser/extensions/api/certificate_provider/certificate_provide r_api.h"

	6

	7 #include <stddef.h>

	8 #include <stdint.h>

	9

	10 #include <vector>

	11

	12 #include "base/logging.h"

	13 #include "base/memory/linked_ptr.h"

	14 #include "base/memory/scoped_ptr.h"

	15 #include "base/stl_util.h"

	16 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv ice.h"

	17 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv ice_factory.h"

	18 #include "chrome/common/extensions/api/certificate_provider.h"

	19 #include "chrome/common/extensions/api/certificate_provider_internal.h"

	20 #include "content/public/common/console_message_level.h"

	21 #include "net/cert/x509_certificate.h"

	22 #include "net/ssl/ssl_private_key.h"

	23

	24 namespace extensions {

	25

	26 namespace api_cp = api::certificate_provider;

	27 namespace api_cpi = api::certificate_provider_internal;

	28

	29 namespace {

	30

	31 const char kErrorInvalidX509Cert[] =

	32 "Certificate is not a valid X.509 certificate.";

	33 const char kErrorECDSANotSupported[] = "Key type ECDSA not supported.";

	34 const char kErrorUnknownKeyType[] = "Key type unknown.";

	35

	36 } // namespace

	37

	38 CertificateProviderInternalReportCertificatesFunction::

	39 ~CertificateProviderInternalReportCertificatesFunction() {}

	40

	41 ExtensionFunction::ResponseAction

	42 CertificateProviderInternalReportCertificatesFunction::Run() {

	43 scoped_ptr<api_cpi::ReportCertificates::Params> params(

	44 api_cpi::ReportCertificates::Params::Create(*args_));

	45 EXTENSION_FUNCTION_VALIDATE(params);

	46

	47 chromeos::CertificateProviderService* const service =

	48 chromeos::CertificateProviderServiceFactory::GetForBrowserContext(

	49 browser_context());

	50 DCHECK(service);

	51

	52 if (!params->certificates)

	53 return RespondNow(Error("Failure"));
	emaxx 2015/09/07 17:35:14 Is it really OK to provide no error details here? Is it really OK to provide no error details here? pneubeck (no reviews) 2015/09/08 15:30:50 Done. Show quoted text On 2015/09/07 17:35:14, emaxx wrote: > Is it really OK to provide no error details here? Done.
	54

	55 chromeos::certificate_provider::CertificateInfoList cert_infos;

	56 std::vector<std::vector<char>> rejected_certificates;

	57 for (linked_ptr<api_cp::CertificateInfo> input_cert_info :

	58 *params->certificates) {

	59 chromeos::certificate_provider::CertificateInfo parsed_cert_info;

	60

	61 if (ParseCertificateInfo(*input_cert_info, &parsed_cert_info))

	62 cert_infos.push_back(parsed_cert_info);

	63 else

	64 rejected_certificates.push_back(input_cert_info->certificate);

	65 }

	66

	67 if (service->SetCertificatesProvidedByExtension(

	68 extension_id(), params->request_id, cert_infos)) {

	69 return RespondNow(ArgumentList(

	70 api_cpi::ReportCertificates::Results::Create(rejected_certificates)));

	71 } else {

	72 return RespondNow(Error("Failure"));

	73 }

	74 }

	75

	76 bool CertificateProviderInternalReportCertificatesFunction::

	77 ParseCertificateInfo(

	78 const api_cp::CertificateInfo& info,

	79 chromeos::certificate_provider::CertificateInfo* out_info) {

	80 const std::vector<char>& cert_der = info.certificate;

	81 if (cert_der.empty()) {

	82 WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, kErrorInvalidX509Cert);

	83 return false;

	84 }

	85

	86 out_info->certificate = net::X509Certificate::CreateFromBytes(

	87 vector_as_array(&cert_der), cert_der.size());

	88 if (!out_info->certificate) {

	89 WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, kErrorInvalidX509Cert);

	90 return false;

	91 }

	92

	93 size_t public_key_length_in_bits = 0;

	94 net::X509Certificate::PublicKeyType type =

	95 net::X509Certificate::kPublicKeyTypeUnknown;

	96 net::X509Certificate::GetPublicKeyInfo(

	97 out_info->certificate->os_cert_handle(), &public_key_length_in_bits,

	98 &type);

	99

	100 switch (type) {

	101 case net::X509Certificate::kPublicKeyTypeRSA:

	102 DCHECK(public_key_length_in_bits);

	103

	104 // Convert bits to bytes.

	105 out_info->max_signature_length_in_bytes =

	106 (public_key_length_in_bits + 7) / 8;

	107 out_info->type = net::SSLPrivateKey::Type::RSA;

	108 break;

	109 case net::X509Certificate::kPublicKeyTypeECDSA:

	110 WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR,

	111 kErrorECDSANotSupported);

	112 return false;

	113 default:

	114 WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR,

	115 kErrorUnknownKeyType);

	116 return false;

	117 }

	118

	119 for (const api_cp::Hash hash : info.supported_hashes) {

	120 switch (hash) {

	121 case api_cp::HASH_MD5_SHA1:

	122 out_info->supported_hashes.push_back(

	123 net::SSLPrivateKey::Hash::MD5_SHA1);

	124 break;

	125 case api_cp::HASH_SHA1:

	126 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA1);

	127 break;

	128 case api_cp::HASH_SHA256:

	129 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA256);

	130 break;

	131 case api_cp::HASH_SHA384:

	132 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA384);

	133 break;

	134 case api_cp::HASH_SHA512:

	135 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA512);

	136 break;

	137 case api_cp::HASH_NONE:

	138 NOTREACHED();

	139 return false;

	140 }

	141 }

	142 return true;

	143 }

	144

	145 CertificateProviderInternalReportSignatureFunction::

	146 ~CertificateProviderInternalReportSignatureFunction() {}

	147

	148 ExtensionFunction::ResponseAction

	149 CertificateProviderInternalReportSignatureFunction::Run() {

	150 scoped_ptr<api_cpi::ReportSignature::Params> params(

	151 api_cpi::ReportSignature::Params::Create(*args_));

	152 EXTENSION_FUNCTION_VALIDATE(params);

	153

	154 chromeos::CertificateProviderService* const service =

	155 chromeos::CertificateProviderServiceFactory::GetForBrowserContext(

	156 browser_context());

	157 DCHECK(service);

	158

	159 std::vector<uint8_t> signature;

	160 // If an error occurred, \|signature\| will not be set.

	161 if (params->signature)

	162 signature.assign(params->signature->begin(), params->signature->end());

	163

	164 service->ReplyToSignRequest(extension_id(), params->request_id, signature);

	165 return RespondNow(NoArguments());

	166 }

	167

	168 } // namespace extensions

OLD	NEW