OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/extensions/api/certificate_provider/certificate_provide r_api.h" | |
6 | |
7 #include <stddef.h> | |
8 #include <stdint.h> | |
9 | |
10 #include <vector> | |
11 | |
12 #include "base/logging.h" | |
13 #include "base/memory/linked_ptr.h" | |
14 #include "base/memory/scoped_ptr.h" | |
15 #include "base/stl_util.h" | |
16 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv ice.h" | |
17 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv ice_factory.h" | |
18 #include "chrome/common/extensions/api/certificate_provider.h" | |
19 #include "chrome/common/extensions/api/certificate_provider_internal.h" | |
20 #include "content/public/common/console_message_level.h" | |
21 #include "net/cert/x509_certificate.h" | |
22 #include "net/ssl/ssl_private_key.h" | |
23 | |
24 namespace extensions { | |
25 | |
26 namespace api_cp = api::certificate_provider; | |
27 namespace api_cpi = api::certificate_provider_internal; | |
28 | |
29 namespace { | |
30 | |
31 const char kErrorInvalidX509Cert[] = | |
32 "Certificate is not a valid X.509 certificate."; | |
33 const char kErrorECDSANotSupported[] = "Key type ECDSA not supported."; | |
34 const char kErrorUnknownKeyType[] = "Key type unknown."; | |
35 | |
36 } // namespace | |
37 | |
38 CertificateProviderInternalReportCertificatesFunction:: | |
39 ~CertificateProviderInternalReportCertificatesFunction() {} | |
40 | |
41 ExtensionFunction::ResponseAction | |
42 CertificateProviderInternalReportCertificatesFunction::Run() { | |
43 scoped_ptr<api_cpi::ReportCertificates::Params> params( | |
44 api_cpi::ReportCertificates::Params::Create(*args_)); | |
45 EXTENSION_FUNCTION_VALIDATE(params); | |
46 | |
47 chromeos::CertificateProviderService* const service = | |
48 chromeos::CertificateProviderServiceFactory::GetForBrowserContext( | |
49 browser_context()); | |
50 DCHECK(service); | |
51 | |
52 if (!params->certificates) | |
53 return RespondNow(Error("Failure")); | |
emaxx
2015/09/07 17:35:14
Is it really OK to provide no error details here?
pneubeck (no reviews)
2015/09/08 15:30:50
Done.
| |
54 | |
55 chromeos::certificate_provider::CertificateInfoList cert_infos; | |
56 std::vector<std::vector<char>> rejected_certificates; | |
57 for (linked_ptr<api_cp::CertificateInfo> input_cert_info : | |
58 *params->certificates) { | |
59 chromeos::certificate_provider::CertificateInfo parsed_cert_info; | |
60 | |
61 if (ParseCertificateInfo(*input_cert_info, &parsed_cert_info)) | |
62 cert_infos.push_back(parsed_cert_info); | |
63 else | |
64 rejected_certificates.push_back(input_cert_info->certificate); | |
65 } | |
66 | |
67 if (service->SetCertificatesProvidedByExtension( | |
68 extension_id(), params->request_id, cert_infos)) { | |
69 return RespondNow(ArgumentList( | |
70 api_cpi::ReportCertificates::Results::Create(rejected_certificates))); | |
71 } else { | |
72 return RespondNow(Error("Failure")); | |
73 } | |
74 } | |
75 | |
76 bool CertificateProviderInternalReportCertificatesFunction:: | |
77 ParseCertificateInfo( | |
78 const api_cp::CertificateInfo& info, | |
79 chromeos::certificate_provider::CertificateInfo* out_info) { | |
80 const std::vector<char>& cert_der = info.certificate; | |
81 if (cert_der.empty()) { | |
82 WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, kErrorInvalidX509Cert); | |
83 return false; | |
84 } | |
85 | |
86 out_info->certificate = net::X509Certificate::CreateFromBytes( | |
87 vector_as_array(&cert_der), cert_der.size()); | |
88 if (!out_info->certificate) { | |
89 WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, kErrorInvalidX509Cert); | |
90 return false; | |
91 } | |
92 | |
93 size_t public_key_length_in_bits = 0; | |
94 net::X509Certificate::PublicKeyType type = | |
95 net::X509Certificate::kPublicKeyTypeUnknown; | |
96 net::X509Certificate::GetPublicKeyInfo( | |
97 out_info->certificate->os_cert_handle(), &public_key_length_in_bits, | |
98 &type); | |
99 | |
100 switch (type) { | |
101 case net::X509Certificate::kPublicKeyTypeRSA: | |
102 DCHECK(public_key_length_in_bits); | |
103 | |
104 // Convert bits to bytes. | |
105 out_info->max_signature_length_in_bytes = | |
106 (public_key_length_in_bits + 7) / 8; | |
107 out_info->type = net::SSLPrivateKey::Type::RSA; | |
108 break; | |
109 case net::X509Certificate::kPublicKeyTypeECDSA: | |
110 WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, | |
111 kErrorECDSANotSupported); | |
112 return false; | |
113 default: | |
114 WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, | |
115 kErrorUnknownKeyType); | |
116 return false; | |
117 } | |
118 | |
119 for (const api_cp::Hash hash : info.supported_hashes) { | |
120 switch (hash) { | |
121 case api_cp::HASH_MD5_SHA1: | |
122 out_info->supported_hashes.push_back( | |
123 net::SSLPrivateKey::Hash::MD5_SHA1); | |
124 break; | |
125 case api_cp::HASH_SHA1: | |
126 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA1); | |
127 break; | |
128 case api_cp::HASH_SHA256: | |
129 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA256); | |
130 break; | |
131 case api_cp::HASH_SHA384: | |
132 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA384); | |
133 break; | |
134 case api_cp::HASH_SHA512: | |
135 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA512); | |
136 break; | |
137 case api_cp::HASH_NONE: | |
138 NOTREACHED(); | |
139 return false; | |
140 } | |
141 } | |
142 return true; | |
143 } | |
144 | |
145 CertificateProviderInternalReportSignatureFunction:: | |
146 ~CertificateProviderInternalReportSignatureFunction() {} | |
147 | |
148 ExtensionFunction::ResponseAction | |
149 CertificateProviderInternalReportSignatureFunction::Run() { | |
150 scoped_ptr<api_cpi::ReportSignature::Params> params( | |
151 api_cpi::ReportSignature::Params::Create(*args_)); | |
152 EXTENSION_FUNCTION_VALIDATE(params); | |
153 | |
154 chromeos::CertificateProviderService* const service = | |
155 chromeos::CertificateProviderServiceFactory::GetForBrowserContext( | |
156 browser_context()); | |
157 DCHECK(service); | |
158 | |
159 std::vector<uint8_t> signature; | |
160 // If an error occurred, |signature| will not be set. | |
161 if (params->signature) | |
162 signature.assign(params->signature->begin(), params->signature->end()); | |
163 | |
164 service->ReplyToSignRequest(extension_id(), params->request_id, signature); | |
165 return RespondNow(NoArguments()); | |
166 } | |
167 | |
168 } // namespace extensions | |
OLD | NEW |