Extension API enterprise.platformKeys.

chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.cc

Index: chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.cc
diff --git a/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.cc b/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.cc
new file mode 100644
index 0000000000000000000000000000000000000000..a40da4ea4fded7ad0c516ec1ab28e4feddc4eb0d
--- /dev/null
+++ b/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.cc
@@ -0,0 +1,215 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.h"
+
+#include "base/bind.h"
+#include "base/values.h"
+#include "chrome/browser/chromeos/platform_keys/platform_keys.h"
+#include "chrome/common/extensions/api/enterprise_platform_keys.h"
+#include "chrome/common/extensions/api/enterprise_platform_keys_internal.h"
+#include "net/cert/x509_certificate.h"
+
+namespace extensions {
+
+namespace {
+
+namespace api_epk = api::enterprise_platform_keys;
+namespace api_epki = api::enterprise_platform_keys_internal;
+
+const char kErrorInvalidX509Cert[] =
+    "Certificate is not a valid X.509 certificate.";
+const char kTokenIdUser[] = "user";
+
+// Returns whether |token_id| references a known Token.
+bool ValidateToken(const std::string& token_id) {
+  // For now, the user token is the only valid one.
+  return token_id == kTokenIdUser;
+}
+
+}  // namespace
+
+EnterprisePlatformKeysInternalGenerateKeyFunction::
+    ~EnterprisePlatformKeysInternalGenerateKeyFunction() {
+}
+
+ExtensionFunction::ResponseAction
+EnterprisePlatformKeysInternalGenerateKeyFunction::Run() {
+  scoped_ptr<api_epki::GenerateKey::Params> params(
+      api_epki::GenerateKey::Params::Create(*args_));
+  EXTENSION_FUNCTION_VALIDATE(params && ValidateToken(params->token_id));

[not at google - send to devlin, 2014/05/14 18:11:01]

given that the ValidateFunction is part of the validation code here, I hope that
the custom bindings do this validation, so that the extension can't accidentally
terminate itself.

you should put a comment on ValidateToken explaining which method in the JS
custom bindings needs to be kept in sync with it, and vice versa.

[pneubeck (no reviews), 2014/05/15 09:25:10]

Not sure what you mean by 'accidentally terminate itself', but indeed this was
not handled correctly/consistently.

This error is now consistent over all token functions (certs and SubtleCrypto
functions).
It's not ideal that the error message (kErrorInvalidToken) exists both in C++
and Javascript and must be sync'ed manually.

Is there an easy automatic way for this?

[not at google - send to devlin, 2014/05/15 15:03:05]

I mean that a failure on EXTENSION_FUNCTION_VALIDATE means "terminate the
process".
Not really, at least not for significant strings. There is a way to share
constants (see
https://code.google.com/p/chromium/codesearch#chromium/src/extensions/common/...)
but that's not appropriate for a full error string.

If you want to share that, the only way currently would be to put the error
message somewhere in common/ and expose it to JS via a native handler
(requireNative etc).

+  chromeos::platform_keys::GenerateRSAKey(
+      params->token_id,
+      params->modulus_length,
+      base::Bind(
+          &EnterprisePlatformKeysInternalGenerateKeyFunction::OnGeneratedKey,
+          this),
+      GetProfile());
+  return RespondLater();
+}
+
+void EnterprisePlatformKeysInternalGenerateKeyFunction::OnGeneratedKey(
+    const std::string& public_key_der,
+    const std::string& error_message) {
+  if (error_message.empty()) {
+    Respond(MultipleArguments(
+        api_epki::GenerateKey::Results::Create(public_key_der).release()));
+  } else {
+    Respond(Error(error_message));
+  }
+}
+
+EnterprisePlatformKeysInternalSignFunction::
+    ~EnterprisePlatformKeysInternalSignFunction() {
+}
+
+ExtensionFunction::ResponseAction
+EnterprisePlatformKeysInternalSignFunction::Run() {
+  scoped_ptr<api_epki::Sign::Params> params(
+      api_epki::Sign::Params::Create(*args_));
+  EXTENSION_FUNCTION_VALIDATE(params && ValidateToken(params->token_id));
+  chromeos::platform_keys::Sign(
+      params->token_id,
+      params->public_key,
+      params->data,
+      base::Bind(&EnterprisePlatformKeysInternalSignFunction::OnSigned, this),
+      GetProfile());
+  return RespondLater();
+}
+
+void EnterprisePlatformKeysInternalSignFunction::OnSigned(
+    const std::string& signature,
+    const std::string& error_message) {
+  if (error_message.empty()) {
+    Respond(MultipleArguments(
+        api_epki::Sign::Results::Create(signature).release()));
+  } else {
+    Respond(Error(error_message));
+  }
+}
+
+EnterprisePlatformKeysGetCertificatesFunction::
+    ~EnterprisePlatformKeysGetCertificatesFunction() {
+}
+
+ExtensionFunction::ResponseAction
+EnterprisePlatformKeysGetCertificatesFunction::Run() {
+  scoped_ptr<api_epk::GetCertificates::Params> params(
+      api_epk::GetCertificates::Params::Create(*args_));
+  EXTENSION_FUNCTION_VALIDATE(params && ValidateToken(params->token_id));
+  chromeos::platform_keys::GetCertificates(
+      params->token_id,
+      base::Bind(
+          &EnterprisePlatformKeysGetCertificatesFunction::OnGotCertificates,
+          this),
+      GetProfile());
+  return RespondLater();
+}
+
+void EnterprisePlatformKeysGetCertificatesFunction::OnGotCertificates(
+    scoped_ptr<net::CertificateList> certs,
+    const std::string& error_message) {
+  if (!error_message.empty()) {
+    Respond(Error(error_message));
+    return;
+  }
+
+  scoped_ptr<base::ListValue> client_certs(new base::ListValue());
+  for (net::CertificateList::const_iterator it = certs->begin();
+       it != certs->end();
+       ++it) {
+    std::string der_encoding;
+    net::X509Certificate::GetDEREncoded((*it)->os_cert_handle(), &der_encoding);
+    client_certs->Append(base::BinaryValue::CreateWithCopiedBuffer(
+        der_encoding.data(), der_encoding.size()));
+  }
+
+  scoped_ptr<base::ListValue> results(new base::ListValue());
+  results->Append(client_certs.release());
+  Respond(MultipleArguments(results.release()));
+}
+
+EnterprisePlatformKeysImportCertificateFunction::
+    ~EnterprisePlatformKeysImportCertificateFunction() {
+}
+
+ExtensionFunction::ResponseAction
+EnterprisePlatformKeysImportCertificateFunction::Run() {
+  scoped_ptr<api_epk::ImportCertificate::Params> params(
+      api_epk::ImportCertificate::Params::Create(*args_));
+  EXTENSION_FUNCTION_VALIDATE(params && ValidateToken(params->token_id));
+
+  const std::string& cert_der = params->certificate;
+  scoped_refptr<net::X509Certificate> cert_x509 =
+      net::X509Certificate::CreateFromBytes(cert_der.data(), cert_der.size());
+  if (!cert_x509)
+    return RespondNow(Error(kErrorInvalidX509Cert));
+
+  chromeos::platform_keys::ImportCertificate(
+      params->token_id,
+      cert_x509,
+      base::Bind(&EnterprisePlatformKeysImportCertificateFunction::
+                     OnImportedCertificate,
+                 this),
+      GetProfile());
+  return RespondLater();
+}
+
+void EnterprisePlatformKeysImportCertificateFunction::OnImportedCertificate(
+    const std::string& error_message) {
+  if (error_message.empty())
+    Respond(NoArguments());
+  else
+    Respond(Error(error_message));
+}
+
+EnterprisePlatformKeysRemoveCertificateFunction::
+    ~EnterprisePlatformKeysRemoveCertificateFunction() {
+}
+
+ExtensionFunction::ResponseAction
+EnterprisePlatformKeysRemoveCertificateFunction::Run() {
+  scoped_ptr<api_epk::RemoveCertificate::Params> params(
+      api_epk::RemoveCertificate::Params::Create(*args_));
+  EXTENSION_FUNCTION_VALIDATE(params && ValidateToken(params->token_id));
+
+  const std::string& cert_der = params->certificate;
+  scoped_refptr<net::X509Certificate> cert_x509 =
+      net::X509Certificate::CreateFromBytes(cert_der.data(), cert_der.size());
+  if (!cert_x509)
+    return RespondNow(Error(kErrorInvalidX509Cert));
+
+  chromeos::platform_keys::RemoveCertificate(
+      params->token_id,
+      cert_x509,
+      base::Bind(&EnterprisePlatformKeysRemoveCertificateFunction::
+                     OnRemovedCertificate,
+                 this),
+      GetProfile());
+  return RespondLater();
+}
+
+void EnterprisePlatformKeysRemoveCertificateFunction::OnRemovedCertificate(
+    const std::string& error_message) {
+  if (error_message.empty())
+    Respond(NoArguments());
+  else
+    Respond(Error(error_message));
+}
+
+EnterprisePlatformKeysInternalGetTokensFunction::
+    ~EnterprisePlatformKeysInternalGetTokensFunction() {
+}
+
+ExtensionFunction::ResponseAction
+EnterprisePlatformKeysInternalGetTokensFunction::Run() {
+  EXTENSION_FUNCTION_VALIDATE(args_->empty());
+
+  std::vector<std::string> token_ids;
+  token_ids.push_back(kTokenIdUser);
+  return RespondNow(MultipleArguments(
+      api_epki::GetTokens::Results::Create(token_ids).release()));
+}
+
+}  // namespace extensions