Extension API enterprise.platformKeys.

chrome/renderer/resources/extensions/enterprise_platform_keys/enterprise_platform_keys_key.js

Index: chrome/renderer/resources/extensions/enterprise_platform_keys/enterprise_platform_keys_key.js
diff --git a/chrome/renderer/resources/extensions/enterprise_platform_keys/enterprise_platform_keys_key.js b/chrome/renderer/resources/extensions/enterprise_platform_keys/enterprise_platform_keys_key.js
new file mode 100644
index 0000000000000000000000000000000000000000..dcde3c7c6d9c8301fdaccfcb266c1d485b3b57de
--- /dev/null
+++ b/chrome/renderer/resources/extensions/enterprise_platform_keys/enterprise_platform_keys_key.js
@@ -0,0 +1,78 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+var utils = require('utils');
+var intersect = require('enterprise.platformKeys.utils').intersect;

[not at google - send to devlin, 2014/05/05 21:09:24]

given these files are in the enterprise_platform_keys directory, calling them
'key.js', 'subtle_crypto.js', etc seems cleaner.

+
+/**
+ * Enum of possible key types (subset of WebCrypto.KeyType).

[not at google - send to devlin, 2014/05/05 21:09:24]

why is it a subset? will your code still work if you just use KeyType (or does
that require experimental blink turned on?)

[pneubeck (no reviews), 2014/05/05 21:28:23]

WebCrypto has the additional KeyType 'secret' for symmetric keys. That one has
just no meaning in the context of platformKeys.
What do you mean with 'work'? Do you imply that the closure type-annotations are
actually checked? I never got an error because of the annotations. Maybe I have
to enable that 'strict' mode?

[not at google - send to devlin, 2014/05/05 21:44:49]

oh, no, not what I meant. I meant that maybe these enums already exist somewhere
on the web platform and you can re-use those.

[pneubeck (no reviews), 2014/05/06 14:07:21]

WebCrypto defines only:
typedef DOMString KeyType;
typedef DOMString KeyUsage;

and in prosa that only certain strings are recognized.

The enums here are not that useful if no compiler is checking the identifiers...
If you think it's better, I can remove them.

[not at google - send to devlin, 2014/05/07 00:00:12]

Symbolic constants are nice, I won't argue with that.

I don't have an opinion, was just curious, so totally up to you.

+ * @enum {string}
+ */
+var KeyType = {
+  public: 'public',
+  private: 'private'
+};
+
+/**
+ * Enum of possible key usages (subset of WebCrypto.KeyUsage).
+ * @enum {string}
+ */
+var KeyUsage = {
+  sign: 'sign',
+  verify: 'verify'
+};
+
+/**
+ * Implementation of WebCrypto.Key used in enterprise.platformKeys.
+ * @param {KeyType} type The type of the new key.
+ * @param {ArrayBuffer} publicKeySpki The Subject Public Key Info in DER
+ * encoding.
+ * @param {KeyAlgorithm} algorithm The algorithm identifier.
+ * @param {KeyUsage[]} usages The allowed key usages.
+ * @param {boolean} extractable Whether the key is extractable.
+ * @constructor
+ */
+var KeyImpl = function(type, publicKeySpki, algorithm, usages, extractable) {
+  this.type = type;
+  this.spki = publicKeySpki;
+  this.algorithm = algorithm;
+  this.usages = usages;
+  this.extractable = extractable;
+};
+
+var Key =
+    utils.expose('Key',
+                 KeyImpl,
+                 {readonly:['extractable', 'type', 'algorithm', 'usages']});
+
+/**
+ * Implementation of WebCrypto.KeyPair used in enterprise.platformKeys.
+ * @param {ArrayBuffer} publicKeySpki The Subject Public Key Info in DER
+ * encoding.
+ * @param {KeyAlgorithm} algorithm The algorithm identifier.
+ * @param {KeyUsage[]} usages The allowed key usages.
+ * @constructor
+ */
+var KeyPairImpl = function(publicKeySpki, algorithm, usages) {
+  this.publicKey = new Key(KeyType.public,
+                           publicKeySpki,
+                           algorithm,
+                           intersect([KeyUsage.verify], usages),
+                           true /* extractable */);
+  this.privateKey = new Key(KeyType.private,
+                            publicKeySpki,
+                            algorithm,
+                            intersect([KeyUsage.sign], usages),
+                            false /* not extractable */);
+};
+
+var KeyPair = utils.expose('KeyPair',
+                           KeyPairImpl,
+                           {readonly:['publicKey', 'privateKey']});
+
+exports.Key = Key;

[not at google - send to devlin, 2014/05/05 21:09:24]

ideally (from an OO perspective) you would only expose Key, because this file is
called "key".

I can see that's tricky when using privates() because I presume you want the
SubtleCrypto interface to be able to interact with it in a special way (see
comment in there)?

I'm wondering whether that should be the job of SubtleCrypto then. Make this
class implement everything SubtleCrypto needs, then expose those "safe" versions
of this object by calling utils.expose from subtle_crypto.js?

(depends on how this shakes out)

+exports.KeyPair = KeyPair;
+exports.KeyImpl = KeyImpl;

[not at google - send to devlin, 2014/05/05 21:09:24]

exposing the Impl is unusual

[pneubeck (no reviews), 2014/05/06 14:07:21]

Done.

+exports.KeyType = KeyType;
+exports.KeyUsage = KeyUsage;