| Index: Source/modules/crypto/SubtleCrypto.cpp
|
| diff --git a/Source/modules/crypto/SubtleCrypto.cpp b/Source/modules/crypto/SubtleCrypto.cpp
|
| index f0edc426edf05972f66adf15ddfef3b969542cd3..832f916541561c73da9c175f00c8229f9d9976be 100644
|
| --- a/Source/modules/crypto/SubtleCrypto.cpp
|
| +++ b/Source/modules/crypto/SubtleCrypto.cpp
|
| @@ -32,6 +32,7 @@
|
| #include "modules/crypto/SubtleCrypto.h"
|
|
|
| #include "bindings/v8/Dictionary.h"
|
| +#include "core/dom/ExecutionContext.h"
|
| #include "modules/crypto/CryptoResultImpl.h"
|
| #include "modules/crypto/Key.h"
|
| #include "modules/crypto/NormalizeAlgorithm.h"
|
| @@ -73,11 +74,25 @@ bool parseAlgorithm(const Dictionary& raw, blink::WebCryptoOperation op, blink::
|
| return success;
|
| }
|
|
|
| +static bool canAccessWebCrypto(ScriptState* scriptState, CryptoResult* result)
|
| +{
|
| + const SecurityOrigin* origin = scriptState->executionContext()->securityOrigin();
|
| + if (!origin->canAccessFeatureRequiringSecureOrigin()) {
|
| + result->completeWithError(blink::WebCryptoErrorTypeNotSupported, "WebCrypto is only supported over secure origins. See http://crbug.com/373032");
|
| + return false;
|
| + }
|
| +
|
| + return true;
|
| +}
|
| +
|
| static ScriptPromise startCryptoOperation(ScriptState* scriptState, const Dictionary& rawAlgorithm, Key* key, blink::WebCryptoOperation operationType, const ArrayPiece& signature, const ArrayPiece& dataBuffer)
|
| {
|
| RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
|
| ScriptPromise promise = result->promise();
|
|
|
| + if (!canAccessWebCrypto(scriptState, result.get()))
|
| + return promise;
|
| +
|
| bool requiresKey = operationType != blink::WebCryptoOperationDigest;
|
|
|
| if (requiresKey && !ensureNotNull(key, "key", result.get()))
|
| @@ -156,6 +171,9 @@ ScriptPromise SubtleCrypto::generateKey(ScriptState* scriptState, const Dictiona
|
| RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
|
| ScriptPromise promise = result->promise();
|
|
|
| + if (!canAccessWebCrypto(scriptState, result.get()))
|
| + return promise;
|
| +
|
| blink::WebCryptoKeyUsageMask keyUsages;
|
| if (!Key::parseUsageMask(rawKeyUsages, keyUsages, result.get()))
|
| return promise;
|
| @@ -173,6 +191,9 @@ ScriptPromise SubtleCrypto::importKey(ScriptState* scriptState, const String& ra
|
| RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
|
| ScriptPromise promise = result->promise();
|
|
|
| + if (!canAccessWebCrypto(scriptState, result.get()))
|
| + return promise;
|
| +
|
| if (!ensureNotNull(keyData, "keyData", result.get()))
|
| return promise;
|
|
|
| @@ -197,6 +218,9 @@ ScriptPromise SubtleCrypto::exportKey(ScriptState* scriptState, const String& ra
|
| RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
|
| ScriptPromise promise = result->promise();
|
|
|
| + if (!canAccessWebCrypto(scriptState, result.get()))
|
| + return promise;
|
| +
|
| if (!ensureNotNull(key, "key", result.get()))
|
| return promise;
|
|
|
| @@ -218,6 +242,9 @@ ScriptPromise SubtleCrypto::wrapKey(ScriptState* scriptState, const String& rawF
|
| RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
|
| ScriptPromise promise = result->promise();
|
|
|
| + if (!canAccessWebCrypto(scriptState, result.get()))
|
| + return promise;
|
| +
|
| if (!ensureNotNull(key, "key", result.get()))
|
| return promise;
|
|
|
| @@ -249,6 +276,9 @@ ScriptPromise SubtleCrypto::unwrapKey(ScriptState* scriptState, const String& ra
|
| RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
|
| ScriptPromise promise = result->promise();
|
|
|
| + if (!canAccessWebCrypto(scriptState, result.get()))
|
| + return promise;
|
| +
|
| if (!ensureNotNull(wrappedKey, "wrappedKey", result.get()))
|
| return promise;
|
| if (!ensureNotNull(unwrappingKey, "unwrappingKey", result.get()))
|
|
|
Chromium Code Reviews
Issue 299253003:
[webcrypto] Only allow crypto.subtle.* to be used from "secure origins". (Closed)
Base URL: svn://svn.chromium.org/blink/trunk