Index: Source/modules/crypto/SubtleCrypto.cpp |
diff --git a/Source/modules/crypto/SubtleCrypto.cpp b/Source/modules/crypto/SubtleCrypto.cpp |
index 4ecb2874b99d442da1ac4945e4efa4f9f5812810..f3a4f8511c7f501ea8d61390464653b798a29aca 100644 |
--- a/Source/modules/crypto/SubtleCrypto.cpp |
+++ b/Source/modules/crypto/SubtleCrypto.cpp |
@@ -32,6 +32,7 @@ |
#include "modules/crypto/SubtleCrypto.h" |
#include "bindings/v8/Dictionary.h" |
+#include "core/dom/ExecutionContext.h" |
#include "modules/crypto/CryptoResultImpl.h" |
#include "modules/crypto/Key.h" |
#include "modules/crypto/NormalizeAlgorithm.h" |
@@ -64,11 +65,25 @@ static bool ensureNotNull(Key* key, const char* paramName, CryptoResult* result) |
return true; |
} |
+static bool ensureCanAccessWebCrypto(ScriptState* scriptState, CryptoResult* result) |
+{ |
+ const SecurityOrigin* origin = scriptState->executionContext()->securityOrigin(); |
+ if (!origin->canAccessFeatureRequiringSecureOrigin()) { |
+ result->completeWithError(blink::WebCryptoErrorTypeNotSupported, "WebCrypto is only supported over secure origins. See http://crbug.com/373032"); |
+ return false; |
+ } |
+ |
+ return true; |
+} |
+ |
static ScriptPromise startCryptoOperation(ScriptState* scriptState, const Dictionary& rawAlgorithm, Key* key, AlgorithmOperation operationType, const ArrayPiece& signature, const ArrayPiece& dataBuffer) |
{ |
RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); |
ScriptPromise promise = result->promise(); |
+ if (!ensureCanAccessWebCrypto(scriptState, result.get())) |
abarth-chromium
2014/06/06 20:36:34
ensureCanAccessWebCrypto -> canAccessWebCrypto
|
+ return promise; |
+ |
bool requiresKey = operationType != Digest; |
if (requiresKey && !ensureNotNull(key, "key", result.get())) |
@@ -147,6 +162,9 @@ ScriptPromise SubtleCrypto::generateKey(ScriptState* scriptState, const Dictiona |
RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); |
ScriptPromise promise = result->promise(); |
+ if (!ensureCanAccessWebCrypto(scriptState, result.get())) |
+ return promise; |
+ |
blink::WebCryptoKeyUsageMask keyUsages; |
if (!Key::parseUsageMask(rawKeyUsages, keyUsages, result.get())) |
return promise; |
@@ -164,6 +182,9 @@ ScriptPromise SubtleCrypto::importKey(ScriptState* scriptState, const String& ra |
RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); |
ScriptPromise promise = result->promise(); |
+ if (!ensureCanAccessWebCrypto(scriptState, result.get())) |
+ return promise; |
+ |
if (!ensureNotNull(keyData, "keyData", result.get())) |
return promise; |
@@ -188,6 +209,9 @@ ScriptPromise SubtleCrypto::exportKey(ScriptState* scriptState, const String& ra |
RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); |
ScriptPromise promise = result->promise(); |
+ if (!ensureCanAccessWebCrypto(scriptState, result.get())) |
+ return promise; |
+ |
if (!ensureNotNull(key, "key", result.get())) |
return promise; |
@@ -209,6 +233,9 @@ ScriptPromise SubtleCrypto::wrapKey(ScriptState* scriptState, const String& rawF |
RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); |
ScriptPromise promise = result->promise(); |
+ if (!ensureCanAccessWebCrypto(scriptState, result.get())) |
+ return promise; |
+ |
if (!ensureNotNull(key, "key", result.get())) |
return promise; |
@@ -240,6 +267,9 @@ ScriptPromise SubtleCrypto::unwrapKey(ScriptState* scriptState, const String& ra |
RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); |
ScriptPromise promise = result->promise(); |
+ if (!ensureCanAccessWebCrypto(scriptState, result.get())) |
+ return promise; |
+ |
if (!ensureNotNull(wrappedKey, "wrappedKey", result.get())) |
return promise; |
if (!ensureNotNull(unwrappingKey, "unwrappingKey", result.get())) |