[refactor] More post-NSS WebCrypto cleanups (utility functions).

components/webcrypto/jwk.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_WEBCRYPTO_JWK_H_
 #define COMPONENTS_WEBCRYPTO_JWK_H_
 
 #include <stdint.h>
 #include <vector>
 
@@ skipping 108 matching lines @@
   void SetBytes(const std::string& member_name, const CryptoData& value);
 
   // Flattens the JWK to JSON (UTF-8 encoded if necessary, however in practice
   // it will be ASCII).
   void ToJson(std::vector<uint8_t>* utf8_bytes) const;
 
  private:
   base::DictionaryValue dict_;
 };
 
-// Writes a JWK-formatted symmetric key to |jwk_key_data|.
-//  * raw_key_data: The actual key data
-//  * algorithm: The JWK algorithm name (i.e. "alg")
-//  * extractable: The JWK extractability (i.e. "ext")
-//  * usages: The JWK usages (i.e. "key_ops")
-void WriteSecretKeyJwk(const CryptoData& raw_key_data,
-                       const std::string& algorithm,
-                       bool extractable,
-                       blink::WebCryptoKeyUsageMask usages,
-                       std::vector<uint8_t>* jwk_key_data);
-
-// Parses a UTF-8 encoded JWK (key_data), and extracts the key material to
-// |*raw_key_data|. Returns Status::Success() on success, otherwise an error.
-// In order for this to succeed:
-//   * expected_extractable must be consistent with the JWK's "ext", if
-//     present.
-//   * expected_usages must be a subset of the JWK's "key_ops" if present.
-Status ReadSecretKeyNoExpectedAlg(const CryptoData& key_data,
-                                  bool expected_extractable,
-                                  blink::WebCryptoKeyUsageMask expected_usages,
-                                  std::vector<uint8_t>* raw_key_data,
-                                  JwkReader* jwk);

[davidben, 2015/09/18 22:16:00]

Is the intent that this file just be a generic JWK reader and that's why this
got moved? (I don't have an opinion. Just not super familiar with this code's
structure.)

[eroman, 2015/09/18 23:13:23]

Yes. I would like jwk.{h, cc} to just contain the JwkReader/JwkWriter classes.
All other algorithm-specific stuff should be in the algorithm-specific files.

I could see it argued either way, but in my vision jwk.cc is just about the JWK
container format (http://tools.ietf.org/html/draft-ietf-jose-json-web-key), and
all the algorithm specific stuff JWA
(http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms) falls into
per-algorithm details (hence files in the algorithms/* directory).

Ultimately I want WebCrypto algorithms to be as self-contained as possible, with
as few tendrils as possible into other files. Pretty much everything should be
possible to keep contained in the file defining the AlgorithmImplementation
subclass. Details on say how RSA encodes parameters into a JWK, or how secret
keys use the "oct" attribute are not general stuff worthy of jwk.cc in my mind,
but rather algorithm details to be hidden away into algorithms/*. In this
instance the RSA key parsing code is now part of algorithms/rsa.cc. And with
this change, the shared secret key JWK stuff is part of
algorithms/secret_key_util.cc

Hopefully the abstraction makes sense in more than just my brain.

-
 // This decodes JWK's flavor of base64 encoding, as described by:
 // https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-36#section-2
 //
 // In essence it is RFC 4648 'base64url' encoding where padding is omitted.
 bool Base64DecodeUrlSafe(const std::string& input, std::string* output);
 
 // Encodes |input| using JWK's flavor of base64 encoding. See the description
 // above for details.
 std::string Base64EncodeUrlSafe(const base::StringPiece& input);
 std::string Base64EncodeUrlSafe(const std::vector<uint8_t>& input);
 
 // Converts a JWK "key_ops" array to the corresponding WebCrypto usages. Used by
 // testing.
 Status GetWebCryptoUsagesFromJwkKeyOpsForTest(
     const base::ListValue* key_ops,
     blink::WebCryptoKeyUsageMask* usages);
 
 }  // namespace webcrypto
 
 #endif  // COMPONENTS_WEBCRYPTO_JWK_H_