Add new certificateProvider extension API.

chrome/test/data/extensions/api_test/certificate_provider/basic.js

Index: chrome/test/data/extensions/api_test/certificate_provider/basic.js
diff --git a/chrome/test/data/extensions/api_test/certificate_provider/basic.js b/chrome/test/data/extensions/api_test/certificate_provider/basic.js
new file mode 100644
index 0000000000000000000000000000000000000000..d1e1c7755456c6aa955ec71115422395d86a51cd
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/certificate_provider/basic.js
@@ -0,0 +1,109 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+'use strict';
+
+var assertEq = chrome.test.assertEq;
+var assertTrue = chrome.test.assertTrue;
+var callbackPass = chrome.test.callbackPass;
+var succeed = chrome.test.succeed;
+
+// X.509 certificate in DER encoding issued by 'root.pem' which is set to be
+// trusted by the test setup.
+// Read from 'l1_leaf.der', generated by create_test_certs.sh .
+var l1_leaf_cert = null;
+
+// Reads the binary file at |path| and passes it as a Uint8Array to |callback|.
+function readFile(path, callback) {
+  var oReq = new XMLHttpRequest();
+  oReq.responseType = "arraybuffer";
+  oReq.open("GET", path, true /* asynchronous */);
+  oReq.onload = function() {
+    var arrayBuffer = oReq.response;
+    if (arrayBuffer) {
+      callback(new Uint8Array(arrayBuffer));
+    } else {
+      callback(null);
+    }
+  };
+  oReq.send(null);
+}
+
+function compareBuffers(a, b) {
+  if (a.length != b.length)
+    return false;
+  for (var i = 0; i < a.length; i++) {
+    if (a[i] != b[i])
+      return false;
+  }
+  return true;
+}
+
+var signDigestRequest;
+var signCallback;
+
+function register() {
+  assertTrue(!!chrome.certificateProvider);
+  assertTrue(!!chrome.certificateProvider.onCertificatesRequested);
+  assertTrue(!!chrome.certificateProvider.onSignDigestRequested);
+
+  var validCertInfo = {
+    certificate: l1_leaf_cert.buffer,
+    supportedHashes: ['SHA1']
+  };
+  var invalidCert = new Uint8Array([1, 2, 3, 4, 5]);
+  var invalidCertInfo = {
+    certificate: invalidCert.buffer,
+    supportedHashes: ['SHA256']
+  };
+
+  function checkResult(rejectedCerts) {
+    assertEq(1, rejectedCerts.length);
+    assertTrue(compareBuffers(invalidCert, new Uint8Array(rejectedCerts[0])));
+  }
+
+  function reportCertificates(reportCallback) {
+    reportCallback([validCertInfo, invalidCertInfo], callbackPass(checkResult));
+  }
+
+  chrome.certificateProvider.onCertificatesRequested.addListener(
+      callbackPass(reportCertificates));
+
+  chrome.certificateProvider.onSignDigestRequested.addListener(function(
+      request, callback) {
+    assertTrue(
+        compareBuffers(l1_leaf_cert, new Uint8Array(request.certificate)));
+    // The sign request must refer to the only hash that was declared to be
+    // supported.
+    assertEq(validCertInfo.supportedHashes[0], request.hash);

[bartfab (slow), 2015/09/08 14:55:17]

Nit: Assert first that |supportedHashes| has length 1.

[pneubeck (no reviews), 2015/09/08 15:30:51]

Done.

+    signCallback = callback;
+    signDigestRequest = request;
+    succeed();
+  });
+
+  succeed();
+}
+
+function replyWithSignature(signature) {
+  signCallback(signature.buffer);
+}
+
+function replyWithSignatureSecondTime() {
+  var signature = new Uint8Array([1,2,3]);
+  try {
+    signCallback(signature.buffer);
+  } catch (e) {
+    return true;
+  }
+  return false;
+}
+
+function runTest() {
+  chrome.test.runTests([register]);
+}
+
+readFile('l1_leaf.der', function(cert) {
+  l1_leaf_cert = cert;
+  runTest();
+});