Chromium Code Reviews Chromium Code Reviews
Issue 2094333002:
Implementation for chrome.certificateProvider.requestPin/stopPinRequest (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/api/certificate_provider/certificate_provide r_api.h" | 5 #include "chrome/browser/extensions/api/certificate_provider/certificate_provide r_api.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <memory> | 10 #include <memory> |
| 11 #include <vector> | 11 #include <vector> |
| 12 | 12 |
| 13 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv ice.h" | 14 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv ice.h" |
| 15 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv ice_factory.h" | 15 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv ice_factory.h" |
| 16 #include "chrome/common/extensions/api/certificate_provider.h" | 16 #include "chrome/common/extensions/api/certificate_provider.h" |
| 17 #include "chrome/common/extensions/api/certificate_provider_internal.h" | 17 #include "chrome/common/extensions/api/certificate_provider_internal.h" |
| 18 #include "content/public/common/console_message_level.h" | 18 #include "content/public/common/console_message_level.h" |
| 19 #include "net/cert/x509_certificate.h" | 19 #include "net/cert/x509_certificate.h" |
| 20 #include "net/ssl/ssl_private_key.h" | 20 #include "net/ssl/ssl_private_key.h" |
| 21 | 21 |
| 22 namespace api_cp = extensions::api::certificate_provider; | |
| 23 namespace api_cpi = extensions::api::certificate_provider_internal; | |
| 24 | |
| 25 chromeos::RequestPinView::RequestPinErrorType GetErrorTypeForView( | |
|
emaxx
2016/09/19 14:01:42
nit: This function has to be put into an anonymous
| |
| 26 api_cp::PinRequestErrorType error_type) { | |
| 27 switch (error_type) { | |
| 28 case api_cp::PinRequestErrorType::PIN_REQUEST_ERROR_TYPE_INVALID_PIN: | |
| 29 return chromeos::RequestPinView::RequestPinErrorType::INVALID_PIN; | |
| 30 case api_cp::PinRequestErrorType::PIN_REQUEST_ERROR_TYPE_INVALID_PUK: | |
| 31 return chromeos::RequestPinView::RequestPinErrorType::INVALID_PUK; | |
| 32 case api_cp::PinRequestErrorType:: | |
| 33 PIN_REQUEST_ERROR_TYPE_MAX_ATTEMPTS_EXCEEDED: | |
| 34 return chromeos::RequestPinView::RequestPinErrorType:: | |
| 35 MAX_ATTEMPTS_EXCEEDED; | |
| 36 case api_cp::PinRequestErrorType::PIN_REQUEST_ERROR_TYPE_UNKNOWN_ERROR: | |
| 37 return chromeos::RequestPinView::RequestPinErrorType::UNKNOWN_ERROR; | |
| 38 case api_cp::PinRequestErrorType::PIN_REQUEST_ERROR_TYPE_NONE: | |
| 39 return chromeos::RequestPinView::RequestPinErrorType::NONE; | |
| 40 } | |
| 41 } | |
| 42 | |
| 22 namespace extensions { | 43 namespace extensions { |
| 23 | 44 |
| 24 namespace api_cp = api::certificate_provider; | |
| 25 namespace api_cpi = api::certificate_provider_internal; | |
| 26 | |
| 27 namespace { | 45 namespace { |
| 28 | 46 |
| 29 const char kErrorInvalidX509Cert[] = | 47 const char kErrorInvalidX509Cert[] = |
| 30 "Certificate is not a valid X.509 certificate."; | 48 "Certificate is not a valid X.509 certificate."; |
| 31 const char kErrorECDSANotSupported[] = "Key type ECDSA not supported."; | 49 const char kErrorECDSANotSupported[] = "Key type ECDSA not supported."; |
| 32 const char kErrorUnknownKeyType[] = "Key type unknown."; | 50 const char kErrorUnknownKeyType[] = "Key type unknown."; |
| 33 const char kErrorAborted[] = "Request was aborted."; | 51 const char kErrorAborted[] = "Request was aborted."; |
| 34 const char kErrorTimeout[] = "Request timed out, reply rejected."; | 52 const char kErrorTimeout[] = "Request timed out, reply rejected."; |
| 35 | 53 |
| 54 // requestPin constants. | |
| 55 const char kNoActiveDialog[] = "No active dialog from extension."; | |
| 56 const char kInvalidId[] = "Invalid signRequestId"; | |
| 57 const char kOtherFlowInProgress[] = "Other flow in progress"; | |
| 58 const char kPreviousDialogActive[] = "Previous request not finished"; | |
| 59 | |
| 36 } // namespace | 60 } // namespace |
| 37 | 61 |
| 62 const int api::certificate_provider::kMaxClosedDialogsPer10Mins = 2; | |
| 63 | |
| 38 CertificateProviderInternalReportCertificatesFunction:: | 64 CertificateProviderInternalReportCertificatesFunction:: |
| 39 ~CertificateProviderInternalReportCertificatesFunction() {} | 65 ~CertificateProviderInternalReportCertificatesFunction() {} |
| 40 | 66 |
| 41 ExtensionFunction::ResponseAction | 67 ExtensionFunction::ResponseAction |
| 42 CertificateProviderInternalReportCertificatesFunction::Run() { | 68 CertificateProviderInternalReportCertificatesFunction::Run() { |
| 43 std::unique_ptr<api_cpi::ReportCertificates::Params> params( | 69 std::unique_ptr<api_cpi::ReportCertificates::Params> params( |
| 44 api_cpi::ReportCertificates::Params::Create(*args_)); | 70 api_cpi::ReportCertificates::Params::Create(*args_)); |
| 45 EXTENSION_FUNCTION_VALIDATE(params); | 71 EXTENSION_FUNCTION_VALIDATE(params); |
| 46 | 72 |
| 47 chromeos::CertificateProviderService* const service = | 73 chromeos::CertificateProviderService* const service = |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 141 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA512); | 167 out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA512); |
| 142 break; | 168 break; |
| 143 case api_cp::HASH_NONE: | 169 case api_cp::HASH_NONE: |
| 144 NOTREACHED(); | 170 NOTREACHED(); |
| 145 return false; | 171 return false; |
| 146 } | 172 } |
| 147 } | 173 } |
| 148 return true; | 174 return true; |
| 149 } | 175 } |
| 150 | 176 |
| 177 CertificateProviderStopPinRequestFunction:: | |
| 178 ~CertificateProviderStopPinRequestFunction() {} | |
| 179 | |
| 180 ExtensionFunction::ResponseAction | |
| 181 CertificateProviderStopPinRequestFunction::Run() { | |
| 182 std::unique_ptr<api_cp::RequestPin::Params> params( | |
| 183 api_cp::RequestPin::Params::Create(*args_)); | |
| 184 EXTENSION_FUNCTION_VALIDATE(params.get()); | |
| 185 | |
| 186 chromeos::CertificateProviderService* const service = | |
| 187 chromeos::CertificateProviderServiceFactory::GetForBrowserContext( | |
| 188 browser_context()); | |
| 189 DCHECK(service); | |
| 190 if (params->details.error_type == | |
| 191 api_cp::PinRequestErrorType::PIN_REQUEST_ERROR_TYPE_NONE) { | |
| 192 bool dialog_closed = | |
| 193 service->pin_dialog_manager()->CloseDialog(extension_id()); | |
| 194 if (!dialog_closed) { | |
| 195 // This might happen if the user closed the dialog while extension was | |
| 196 // processing the input. | |
| 197 LOG(ERROR) << "Wrong extension requesting to close the dialog"; | |
| 198 return RespondNow(Error(kNoActiveDialog)); | |
| 199 } | |
| 200 | |
| 201 std::unique_ptr<base::ListValue> create_results(new base::ListValue()); | |
| 202 return RespondNow(ArgumentList(std::move(create_results))); | |
| 203 } | |
| 204 | |
| 205 chromeos::RequestPinView::RequestPinErrorType error_type = | |
| 206 GetErrorTypeForView(params->details.error_type); | |
| 207 bool success = service->pin_dialog_manager()->UpdatePinDialog( | |
| 208 extension()->id(), error_type, | |
| 209 false, // Don't accept any input. | |
| 210 base::Bind(&CertificateProviderStopPinRequestFunction::DialogClosed, | |
| 211 this)); | |
| 212 if (!success) { | |
| 213 return RespondNow(Error(kNoActiveDialog)); | |
| 214 } | |
| 215 | |
| 216 return RespondLater(); | |
| 217 } | |
| 218 | |
| 219 void CertificateProviderStopPinRequestFunction::DialogClosed( | |
| 220 const base::string16& value) { | |
| 221 std::unique_ptr<base::ListValue> create_results(new base::ListValue()); | |
| 222 chromeos::CertificateProviderService* const service = | |
| 223 chromeos::CertificateProviderServiceFactory::GetForBrowserContext( | |
| 224 browser_context()); | |
| 225 DCHECK(service); | |
| 226 | |
| 227 Respond(ArgumentList(std::move(create_results))); | |
| 228 service->pin_dialog_manager()->OnPinDialogClosed(); | |
| 229 } | |
| 230 | |
| 231 CertificateProviderRequestPinFunction:: | |
| 232 ~CertificateProviderRequestPinFunction() {} | |
| 233 | |
| 234 bool CertificateProviderRequestPinFunction::ShouldSkipQuotaLimiting() const { | |
| 235 chromeos::CertificateProviderService* const service = | |
| 236 chromeos::CertificateProviderServiceFactory::GetForBrowserContext( | |
| 237 browser_context()); | |
| 238 DCHECK(service); | |
| 239 | |
| 240 return !service->pin_dialog_manager()->LastPinDialogClosed(extension_id()); | |
| 241 } | |
| 242 | |
| 243 void CertificateProviderRequestPinFunction::GetQuotaLimitHeuristics( | |
| 244 extensions::QuotaLimitHeuristics* heuristics) const { | |
| 245 QuotaLimitHeuristic::Config short_limit_config = { | |
| 246 api::certificate_provider::kMaxClosedDialogsPer10Mins, | |
| 247 base::TimeDelta::FromMinutes(1)}; | |
| 248 heuristics->push_back(new QuotaService::TimedLimit( | |
| 249 short_limit_config, new QuotaLimitHeuristic::SingletonBucketMapper(), | |
| 250 "MAX_PIN_DIALOGS_CLOSED_PER_10_MINUTES")); | |
| 251 } | |
| 252 | |
| 253 ExtensionFunction::ResponseAction CertificateProviderRequestPinFunction::Run() { | |
| 254 std::unique_ptr<api_cp::RequestPin::Params> params( | |
| 255 api_cp::RequestPin::Params::Create(*args_)); | |
| 256 EXTENSION_FUNCTION_VALIDATE(params.get()); | |
| 257 | |
| 258 api_cp::PinRequestType pin_request_type = | |
| 259 (params->details.request_type) | |
| 260 ? params->details.request_type | |
| 261 : api_cp::PinRequestType::PIN_REQUEST_TYPE_PIN; | |
| 262 | |
| 263 chromeos::RequestPinView::RequestPinErrorType error_type = | |
| 264 GetErrorTypeForView(params->details.error_type); | |
| 265 | |
| 266 chromeos::RequestPinView::RequestPinCodeType code_type = | |
| 267 (pin_request_type == api_cp::PinRequestType::PIN_REQUEST_TYPE_PIN) | |
| 268 ? chromeos::RequestPinView::RequestPinCodeType::PIN | |
| 269 : chromeos::RequestPinView::RequestPinCodeType::PUK; | |
| 270 | |
| 271 chromeos::CertificateProviderService* const service = | |
| 272 chromeos::CertificateProviderServiceFactory::GetForBrowserContext( | |
| 273 browser_context()); | |
| 274 DCHECK(service); | |
| 275 | |
| 276 int attempts_left = | |
| 277 params->details.attempts_left ? *params->details.attempts_left.get() : -1; | |
| 278 chromeos::PinDialogManager::RequestPinResponse result = | |
| 279 service->pin_dialog_manager()->ShowPinDialog( | |
| 280 extension()->id(), extension()->name(), | |
| 281 params->details.sign_request_id, code_type, error_type, attempts_left, | |
| 282 base::Bind(&CertificateProviderRequestPinFunction::OnInputReceived, | |
| 283 this)); | |
| 284 switch (result) { | |
| 285 case chromeos::PinDialogManager::RequestPinResponse::SUCCESS: | |
| 286 return RespondLater(); | |
| 287 case chromeos::PinDialogManager::RequestPinResponse::INVALID_ID: | |
| 288 return RespondNow(Error(kInvalidId)); | |
| 289 case chromeos::PinDialogManager::RequestPinResponse::OTHER_FLOW_IN_PROGRESS: | |
| 290 return RespondNow(Error(kOtherFlowInProgress)); | |
| 291 case chromeos::PinDialogManager::RequestPinResponse:: | |
| 292 DIALOG_DISPLAYED_ALREADY: | |
| 293 return RespondNow(Error(kPreviousDialogActive)); | |
| 294 } | |
| 295 } | |
| 296 | |
| 297 void CertificateProviderRequestPinFunction::OnInputReceived( | |
| 298 const base::string16& value) { | |
| 299 std::unique_ptr<base::ListValue> create_results(new base::ListValue()); | |
| 300 chromeos::CertificateProviderService* const service = | |
| 301 chromeos::CertificateProviderServiceFactory::GetForBrowserContext( | |
| 302 browser_context()); | |
| 303 DCHECK(service); | |
| 304 if (!value.empty()) { | |
| 305 api::certificate_provider::PinResponseDetails details; | |
| 306 details.user_input.reset(new std::string(value.begin(), value.end())); | |
| 307 create_results->Append(details.ToValue()); | |
| 308 } | |
| 309 | |
| 310 Respond(ArgumentList(std::move(create_results))); | |
| 311 if (!value.empty()) { | |
| 312 service->pin_dialog_manager()->OnPinDialogInput(); | |
| 313 } | |
| 314 } | |
| 315 | |
| 151 CertificateProviderInternalReportSignatureFunction:: | 316 CertificateProviderInternalReportSignatureFunction:: |
| 152 ~CertificateProviderInternalReportSignatureFunction() {} | 317 ~CertificateProviderInternalReportSignatureFunction() {} |
| 153 | 318 |
| 154 ExtensionFunction::ResponseAction | 319 ExtensionFunction::ResponseAction |
| 155 CertificateProviderInternalReportSignatureFunction::Run() { | 320 CertificateProviderInternalReportSignatureFunction::Run() { |
| 156 std::unique_ptr<api_cpi::ReportSignature::Params> params( | 321 std::unique_ptr<api_cpi::ReportSignature::Params> params( |
| 157 api_cpi::ReportSignature::Params::Create(*args_)); | 322 api_cpi::ReportSignature::Params::Create(*args_)); |
| 158 EXTENSION_FUNCTION_VALIDATE(params); | 323 EXTENSION_FUNCTION_VALIDATE(params); |
| 159 | 324 |
| 160 chromeos::CertificateProviderService* const service = | 325 chromeos::CertificateProviderService* const service = |
| 161 chromeos::CertificateProviderServiceFactory::GetForBrowserContext( | 326 chromeos::CertificateProviderServiceFactory::GetForBrowserContext( |
| 162 browser_context()); | 327 browser_context()); |
| 163 DCHECK(service); | 328 DCHECK(service); |
| 164 | 329 |
| 165 std::vector<uint8_t> signature; | 330 std::vector<uint8_t> signature; |
| 166 // If an error occurred, |signature| will not be set. | 331 // If an error occurred, |signature| will not be set. |
| 167 if (params->signature) | 332 if (params->signature) |
| 168 signature.assign(params->signature->begin(), params->signature->end()); | 333 signature.assign(params->signature->begin(), params->signature->end()); |
| 169 | 334 |
| 170 service->ReplyToSignRequest(extension_id(), params->request_id, signature); | 335 service->ReplyToSignRequest(extension_id(), params->request_id, signature); |
| 171 return RespondNow(NoArguments()); | 336 return RespondNow(NoArguments()); |
| 172 } | 337 } |
| 173 | 338 |
| 174 } // namespace extensions | 339 } // namespace extensions |
| OLD | NEW |
