Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(81)

Side by Side Diff: chrome/browser/extensions/api/certificate_provider/certificate_provider_api.cc

Issue 1232553003: Add new certificateProvider extension API. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Addressed feedback, fixed bug. Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/extensions/api/certificate_provider/certificate_provide r_api.h"
6
7 #include <stddef.h>
8 #include <stdint.h>
9
10 #include <vector>
11
12 #include "base/logging.h"
13 #include "base/memory/linked_ptr.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "base/stl_util.h"
16 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv ice.h"
17 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv ice_factory.h"
18 #include "chrome/common/extensions/api/certificate_provider.h"
19 #include "chrome/common/extensions/api/certificate_provider_internal.h"
20 #include "content/public/common/console_message_level.h"
21 #include "net/cert/x509_certificate.h"
22 #include "net/ssl/ssl_private_key.h"
23
24 namespace extensions {
25
26 namespace api_cp = api::certificate_provider;
27 namespace api_cpi = api::certificate_provider_internal;
28
29 namespace {
30
31 const char kErrorInvalidX509Cert[] =
32 "Certificate is not a valid X.509 certificate.";
33 const char kErrorECDSANotSupported[] = "Key type ECDSA not supported.";
34 const char kErrorUnknownKeyType[] = "Key type unknown.";
35
36 } // namespace
37
38 CertificateProviderInternalReportCertificatesFunction::
39 ~CertificateProviderInternalReportCertificatesFunction() {}
40
41 ExtensionFunction::ResponseAction
42 CertificateProviderInternalReportCertificatesFunction::Run() {
43 scoped_ptr<api_cpi::ReportCertificates::Params> params(
44 api_cpi::ReportCertificates::Params::Create(*args_));
45 EXTENSION_FUNCTION_VALIDATE(params);
46
47 chromeos::CertificateProviderService* const service =
48 chromeos::CertificateProviderServiceFactory::GetForBrowserContext(
49 browser_context());
50 DCHECK(service);
51
52 if (!params->certificates)
53 return RespondNow(Error("Failure"));
emaxx 2015/09/07 17:35:14 Is it really OK to provide no error details here?
pneubeck (no reviews) 2015/09/08 15:30:50 Done.
54
55 chromeos::certificate_provider::CertificateInfoList cert_infos;
56 std::vector<std::vector<char>> rejected_certificates;
57 for (linked_ptr<api_cp::CertificateInfo> input_cert_info :
58 *params->certificates) {
59 chromeos::certificate_provider::CertificateInfo parsed_cert_info;
60
61 if (ParseCertificateInfo(*input_cert_info, &parsed_cert_info))
62 cert_infos.push_back(parsed_cert_info);
63 else
64 rejected_certificates.push_back(input_cert_info->certificate);
65 }
66
67 if (service->SetCertificatesProvidedByExtension(
68 extension_id(), params->request_id, cert_infos)) {
69 return RespondNow(ArgumentList(
70 api_cpi::ReportCertificates::Results::Create(rejected_certificates)));
71 } else {
72 return RespondNow(Error("Failure"));
73 }
74 }
75
76 bool CertificateProviderInternalReportCertificatesFunction::
77 ParseCertificateInfo(
78 const api_cp::CertificateInfo& info,
79 chromeos::certificate_provider::CertificateInfo* out_info) {
80 const std::vector<char>& cert_der = info.certificate;
81 if (cert_der.empty()) {
82 WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, kErrorInvalidX509Cert);
83 return false;
84 }
85
86 out_info->certificate = net::X509Certificate::CreateFromBytes(
87 vector_as_array(&cert_der), cert_der.size());
88 if (!out_info->certificate) {
89 WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, kErrorInvalidX509Cert);
90 return false;
91 }
92
93 size_t public_key_length_in_bits = 0;
94 net::X509Certificate::PublicKeyType type =
95 net::X509Certificate::kPublicKeyTypeUnknown;
96 net::X509Certificate::GetPublicKeyInfo(
97 out_info->certificate->os_cert_handle(), &public_key_length_in_bits,
98 &type);
99
100 switch (type) {
101 case net::X509Certificate::kPublicKeyTypeRSA:
102 DCHECK(public_key_length_in_bits);
103
104 // Convert bits to bytes.
105 out_info->max_signature_length_in_bytes =
106 (public_key_length_in_bits + 7) / 8;
107 out_info->type = net::SSLPrivateKey::Type::RSA;
108 break;
109 case net::X509Certificate::kPublicKeyTypeECDSA:
110 WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR,
111 kErrorECDSANotSupported);
112 return false;
113 default:
114 WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR,
115 kErrorUnknownKeyType);
116 return false;
117 }
118
119 for (const api_cp::Hash hash : info.supported_hashes) {
120 switch (hash) {
121 case api_cp::HASH_MD5_SHA1:
122 out_info->supported_hashes.push_back(
123 net::SSLPrivateKey::Hash::MD5_SHA1);
124 break;
125 case api_cp::HASH_SHA1:
126 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA1);
127 break;
128 case api_cp::HASH_SHA256:
129 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA256);
130 break;
131 case api_cp::HASH_SHA384:
132 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA384);
133 break;
134 case api_cp::HASH_SHA512:
135 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA512);
136 break;
137 case api_cp::HASH_NONE:
138 NOTREACHED();
139 return false;
140 }
141 }
142 return true;
143 }
144
145 CertificateProviderInternalReportSignatureFunction::
146 ~CertificateProviderInternalReportSignatureFunction() {}
147
148 ExtensionFunction::ResponseAction
149 CertificateProviderInternalReportSignatureFunction::Run() {
150 scoped_ptr<api_cpi::ReportSignature::Params> params(
151 api_cpi::ReportSignature::Params::Create(*args_));
152 EXTENSION_FUNCTION_VALIDATE(params);
153
154 chromeos::CertificateProviderService* const service =
155 chromeos::CertificateProviderServiceFactory::GetForBrowserContext(
156 browser_context());
157 DCHECK(service);
158
159 std::vector<uint8_t> signature;
160 // If an error occurred, |signature| will not be set.
161 if (params->signature)
162 signature.assign(params->signature->begin(), params->signature->end());
163
164 service->ReplyToSignRequest(extension_id(), params->request_id, signature);
165 return RespondNow(NoArguments());
166 }
167
168 } // namespace extensions
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698