Chromium Code Reviews Chromium Code Reviews
Issue 1232553003:
Add new certificateProvider extension API. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/extensions/api/certificate_provider/certificate_provider_api.cc |
| diff --git a/chrome/browser/extensions/api/certificate_provider/certificate_provider_api.cc b/chrome/browser/extensions/api/certificate_provider/certificate_provider_api.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..5e4eaf0b13a78db3a8b155d19c1b7260db2206d8 |
| --- /dev/null |
| +++ b/chrome/browser/extensions/api/certificate_provider/certificate_provider_api.cc |
| @@ -0,0 +1,160 @@ |
| +// Copyright 2015 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "chrome/browser/extensions/api/certificate_provider/certificate_provider_api.h" |
| + |
| +#include "base/logging.h" |
| +#include "base/memory/linked_ptr.h" |
| +#include "base/stl_util.h" |
| +#include "chrome/browser/chromeos/certificate_provider/certificate_provider_service.h" |
| +#include "chrome/browser/chromeos/certificate_provider/certificate_provider_service_factory.h" |
| +#include "chrome/common/extensions/api/certificate_provider.h" |
| +#include "chrome/common/extensions/api/certificate_provider_internal.h" |
| +#include "net/cert/x509_certificate.h" |
| + |
| +namespace extensions { |
| + |
| +namespace api_cp = api::certificate_provider; |
| +namespace api_cpi = api::certificate_provider_internal; |
| + |
| +namespace { |
| + |
| +const char kErrorInvalidX509Cert[] = |
| + "Certificate is not a valid X.509 certificate."; |
| +const char kErrorECDSANotSupported[] = "Key type ECDSA not supported."; |
| +const char kErrorUnknownKeyType[] = "Key type unknown."; |
| + |
| +} // namespace |
| + |
| +CertificateProviderInternalReportCertificatesFunction:: |
| + ~CertificateProviderInternalReportCertificatesFunction() {} |
| + |
| +ExtensionFunction::ResponseAction |
| +CertificateProviderInternalReportCertificatesFunction::Run() { |
| + scoped_ptr<api_cpi::ReportCertificates::Params> params( |
|
bartfab (slow)
2015/09/03 17:30:52
Nit: #include "base/memory/scoped_ptr.h"
pneubeck (no reviews)
2015/09/07 17:21:32
Done.
|
| + api_cpi::ReportCertificates::Params::Create(*args_)); |
| + EXTENSION_FUNCTION_VALIDATE(params); |
| + |
| + chromeos::CertificateProviderService* service = |
|
bartfab (slow)
2015/09/03 17:30:52
Nit: const pointer.
pneubeck (no reviews)
2015/09/07 17:21:31
Done.
|
| + chromeos::CertificateProviderServiceFactory::GetForBrowserContext( |
| + browser_context()); |
| + DCHECK(service); |
| + |
| + if (!params->certificates) |
| + return RespondNow(Error("Failure")); |
| + |
| + chromeos::certificate_provider::CertificateInfoList cert_infos; |
| + std::vector<std::vector<char>> rejected_certificates; |
|
bartfab (slow)
2015/09/03 17:30:52
Nit: #include <vector>
pneubeck (no reviews)
2015/09/07 17:21:32
Done.
|
| + for (linked_ptr<api_cp::CertificateInfo> input_cert_info : |
| + *params->certificates) { |
| + chromeos::certificate_provider::CertificateInfo parsed_cert_info; |
| + |
| + if (ParseCertificateInfo(*input_cert_info, &parsed_cert_info)) |
| + cert_infos.push_back(parsed_cert_info); |
| + else |
| + rejected_certificates.push_back(input_cert_info->certificate); |
| + } |
| + |
| + if (service->SetCertificatesProvidedByExtension( |
| + extension_id(), params->request_id, cert_infos)) { |
| + return RespondNow(ArgumentList( |
| + api_cpi::ReportCertificates::Results::Create(rejected_certificates))); |
| + } else { |
| + return RespondNow(Error("Failure")); |
| + } |
| +} |
| + |
| +bool CertificateProviderInternalReportCertificatesFunction:: |
| + ParseCertificateInfo( |
| + const api_cp::CertificateInfo& info, |
| + chromeos::certificate_provider::CertificateInfo* out_info) { |
| + const std::vector<char>& cert_der = info.certificate; |
| + if (cert_der.empty()) { |
| + WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, kErrorInvalidX509Cert); |
|
bartfab (slow)
2015/09/03 17:30:52
Nit: #include "content/public/common/console_messa
pneubeck (no reviews)
2015/09/07 17:21:31
Done.
|
| + return false; |
| + } |
| + |
| + out_info->certificate = net::X509Certificate::CreateFromBytes( |
| + vector_as_array(&cert_der), cert_der.size()); |
| + if (!out_info->certificate) { |
| + WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, kErrorInvalidX509Cert); |
| + return false; |
| + } |
| + |
| + size_t public_key_length_in_bits = 0; |
|
bartfab (slow)
2015/09/03 17:30:52
Nit: #include <stddef.h>
pneubeck (no reviews)
2015/09/07 17:21:31
Done.
|
| + net::X509Certificate::PublicKeyType type = |
| + net::X509Certificate::kPublicKeyTypeUnknown; |
| + net::X509Certificate::GetPublicKeyInfo( |
| + out_info->certificate->os_cert_handle(), &public_key_length_in_bits, |
| + &type); |
| + |
| + switch (type) { |
| + case net::X509Certificate::kPublicKeyTypeRSA: |
| + DCHECK(public_key_length_in_bits != 0); |
|
bartfab (slow)
2015/09/03 17:30:52
Nit: DCHECK(public_key_length_in_bits) is sufficie
pneubeck (no reviews)
2015/09/07 17:21:31
Done.
|
| + |
| + // Convert bits to bytes. |
| + out_info->max_signature_length_in_bytes = |
| + (public_key_length_in_bits + 7) / 8; |
| + out_info->type = net::SSLPrivateKey::Type::RSA; |
|
bartfab (slow)
2015/09/03 17:30:52
Nit: #include "net/ssl/ssl_private_key.h"
pneubeck (no reviews)
2015/09/07 17:21:31
Done.
|
| + break; |
| + case net::X509Certificate::kPublicKeyTypeECDSA: |
| + WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, |
| + kErrorECDSANotSupported); |
| + return false; |
| + default: |
| + WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, |
| + kErrorUnknownKeyType); |
| + return false; |
| + } |
| + |
| + for (const api_cp::Hash hash : info.supported_hashes) { |
| + switch (hash) { |
| + case api_cp::HASH_MD5_SHA1: |
| + out_info->supported_hashes.push_back( |
| + net::SSLPrivateKey::Hash::MD5_SHA1); |
| + break; |
| + case api_cp::HASH_SHA1: |
| + out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA1); |
| + break; |
| + case api_cp::HASH_SHA256: |
| + out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA256); |
| + break; |
| + case api_cp::HASH_SHA384: |
| + out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA384); |
| + break; |
| + case api_cp::HASH_SHA512: |
| + out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA512); |
| + break; |
| + case api_cp::HASH_NONE: |
| + NOTREACHED(); |
| + return false; |
| + } |
| + } |
| + return true; |
| +} |
| + |
| +CertificateProviderInternalReportSignatureFunction:: |
| + ~CertificateProviderInternalReportSignatureFunction() {} |
| + |
| +ExtensionFunction::ResponseAction |
| +CertificateProviderInternalReportSignatureFunction::Run() { |
| + scoped_ptr<api_cpi::ReportSignature::Params> params( |
| + api_cpi::ReportSignature::Params::Create(*args_)); |
| + EXTENSION_FUNCTION_VALIDATE(params); |
| + |
| + chromeos::CertificateProviderService* service = |
|
bartfab (slow)
2015/09/03 17:30:52
Nit: const pointer.
pneubeck (no reviews)
2015/09/07 17:21:32
Done.
|
| + chromeos::CertificateProviderServiceFactory::GetForBrowserContext( |
| + browser_context()); |
| + DCHECK(service); |
| + |
| + std::vector<uint8_t> signature; |
|
bartfab (slow)
2015/09/03 17:30:52
Nit: #include <stdint.h>
pneubeck (no reviews)
2015/09/07 17:21:31
Done.
|
| + // If an error occurred, |signature| will not be set. |
| + if (params->signature) |
| + signature.assign(params->signature->begin(), params->signature->end()); |
| + |
| + service->ReplyToSignRequest(extension_id(), params->request_id, signature); |
| + return RespondNow(NoArguments()); |
| +} |
| + |
| +} // namespace extensions |
