chrome/browser/extensions/api/certificate_provider/certificate_provider_api.cc - Issue 1232553003: Add new certificateProvider extension API.

Unified Diff: chrome/browser/extensions/api/certificate_provider/certificate_provider_api.cc

Issue 1232553003: Add new certificateProvider extension API. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Addressed feedback, fixed bug. Created 5 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chrome/browser/extensions/api/certificate_provider/certificate_provider_api.h ('K') | « chrome/browser/extensions/api/certificate_provider/certificate_provider_api.h ('k') | chrome/browser/extensions/api/certificate_provider/certificate_provider_apitest.cc » ('j') | chrome/browser/extensions/api/certificate_provider/certificate_provider_apitest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/extensions/api/certificate_provider/certificate_provider_api.cc

diff --git a/chrome/browser/extensions/api/certificate_provider/certificate_provider_api.cc b/chrome/browser/extensions/api/certificate_provider/certificate_provider_api.cc

new file mode 100644

index 0000000000000000000000000000000000000000..e78153aa8fb43aa8870b4134491aa19011058458

--- /dev/null

+++ b/chrome/browser/extensions/api/certificate_provider/certificate_provider_api.cc

@@ -0,0 +1,168 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#include "chrome/browser/extensions/api/certificate_provider/certificate_provider_api.h"

+#include <stddef.h>

+#include <stdint.h>

+#include <vector>

+#include "base/logging.h"

+#include "base/memory/linked_ptr.h"

+#include "base/memory/scoped_ptr.h"

+#include "base/stl_util.h"

+#include "chrome/browser/chromeos/certificate_provider/certificate_provider_service.h"

+#include "chrome/browser/chromeos/certificate_provider/certificate_provider_service_factory.h"

+#include "chrome/common/extensions/api/certificate_provider.h"

+#include "chrome/common/extensions/api/certificate_provider_internal.h"

+#include "content/public/common/console_message_level.h"

+#include "net/cert/x509_certificate.h"

+#include "net/ssl/ssl_private_key.h"

+namespace extensions {

+namespace api_cp = api::certificate_provider;

+namespace api_cpi = api::certificate_provider_internal;

+namespace {

+const char kErrorInvalidX509Cert[] =

+ "Certificate is not a valid X.509 certificate.";

+const char kErrorECDSANotSupported[] = "Key type ECDSA not supported.";

+const char kErrorUnknownKeyType[] = "Key type unknown.";

+} // namespace

+CertificateProviderInternalReportCertificatesFunction::

+ ~CertificateProviderInternalReportCertificatesFunction() {}

+ExtensionFunction::ResponseAction

+CertificateProviderInternalReportCertificatesFunction::Run() {

+ scoped_ptr<api_cpi::ReportCertificates::Params> params(

+ api_cpi::ReportCertificates::Params::Create(*args_));

+ EXTENSION_FUNCTION_VALIDATE(params);

+ chromeos::CertificateProviderService* const service =

+ chromeos::CertificateProviderServiceFactory::GetForBrowserContext(

+ browser_context());

+ DCHECK(service);

+ if (!params->certificates)

+ return RespondNow(Error("Failure"));

emaxx 2015/09/07 17:35:14 Is it really OK to provide no error details here?

pneubeck (no reviews) 2015/09/08 15:30:50 Done.

+ chromeos::certificate_provider::CertificateInfoList cert_infos;

+ std::vector<std::vector<char>> rejected_certificates;

+ for (linked_ptr<api_cp::CertificateInfo> input_cert_info :

+ *params->certificates) {

+ chromeos::certificate_provider::CertificateInfo parsed_cert_info;

+ if (ParseCertificateInfo(*input_cert_info, &parsed_cert_info))

+ cert_infos.push_back(parsed_cert_info);

+ else

+ rejected_certificates.push_back(input_cert_info->certificate);

+ }

+ if (service->SetCertificatesProvidedByExtension(

+ extension_id(), params->request_id, cert_infos)) {

+ return RespondNow(ArgumentList(

+ api_cpi::ReportCertificates::Results::Create(rejected_certificates)));

+ } else {

+ return RespondNow(Error("Failure"));

+ }

+bool CertificateProviderInternalReportCertificatesFunction::

+ ParseCertificateInfo(

+ const api_cp::CertificateInfo& info,

+ chromeos::certificate_provider::CertificateInfo* out_info) {

+ const std::vector<char>& cert_der = info.certificate;

+ if (cert_der.empty()) {

+ WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, kErrorInvalidX509Cert);

+ return false;

+ }

+ out_info->certificate = net::X509Certificate::CreateFromBytes(

+ vector_as_array(&cert_der), cert_der.size());

+ if (!out_info->certificate) {

+ WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, kErrorInvalidX509Cert);

+ return false;

+ }

+ size_t public_key_length_in_bits = 0;

+ net::X509Certificate::PublicKeyType type =

+ net::X509Certificate::kPublicKeyTypeUnknown;

+ net::X509Certificate::GetPublicKeyInfo(

+ out_info->certificate->os_cert_handle(), &public_key_length_in_bits,

+ &type);

+ switch (type) {

+ case net::X509Certificate::kPublicKeyTypeRSA:

+ DCHECK(public_key_length_in_bits);

+ // Convert bits to bytes.

+ out_info->max_signature_length_in_bytes =

+ (public_key_length_in_bits + 7) / 8;

+ out_info->type = net::SSLPrivateKey::Type::RSA;

+ break;

+ case net::X509Certificate::kPublicKeyTypeECDSA:

+ WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR,

+ kErrorECDSANotSupported);

+ return false;

+ default:

+ WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR,

+ kErrorUnknownKeyType);

+ return false;

+ }

+ for (const api_cp::Hash hash : info.supported_hashes) {

+ switch (hash) {

+ case api_cp::HASH_MD5_SHA1:

+ out_info->supported_hashes.push_back(

+ net::SSLPrivateKey::Hash::MD5_SHA1);

+ break;

+ case api_cp::HASH_SHA1:

+ out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA1);

+ break;

+ case api_cp::HASH_SHA256:

+ out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA256);

+ break;

+ case api_cp::HASH_SHA384:

+ out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA384);

+ break;

+ case api_cp::HASH_SHA512:

+ out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA512);

+ break;

+ case api_cp::HASH_NONE:

+ NOTREACHED();

+ return false;

+ }

+ return true;

+CertificateProviderInternalReportSignatureFunction::

+ ~CertificateProviderInternalReportSignatureFunction() {}

+ExtensionFunction::ResponseAction

+CertificateProviderInternalReportSignatureFunction::Run() {

+ scoped_ptr<api_cpi::ReportSignature::Params> params(

+ api_cpi::ReportSignature::Params::Create(*args_));

+ EXTENSION_FUNCTION_VALIDATE(params);

+ chromeos::CertificateProviderService* const service =

+ chromeos::CertificateProviderServiceFactory::GetForBrowserContext(

+ browser_context());

+ DCHECK(service);

+ std::vector<uint8_t> signature;

+ // If an error occurred, |signature| will not be set.

+ if (params->signature)

+ signature.assign(params->signature->begin(), params->signature->end());

+ service->ReplyToSignRequest(extension_id(), params->request_id, signature);

+ return RespondNow(NoArguments());

+} // namespace extensions