enterprise.platformKeys: Copy-on-read the 'algorithm' member of Key objects.

chrome/renderer/resources/extensions/enterprise_platform_keys/key.js

Index: chrome/renderer/resources/extensions/enterprise_platform_keys/key.js
diff --git a/chrome/renderer/resources/extensions/enterprise_platform_keys/key.js b/chrome/renderer/resources/extensions/enterprise_platform_keys/key.js
index 7d146cc69acc1193153a4b3355984d5eca741bf8..406ba25d9a1cca2ad778783b1bc93a1e530f3b09 100644
--- a/chrome/renderer/resources/extensions/enterprise_platform_keys/key.js
+++ b/chrome/renderer/resources/extensions/enterprise_platform_keys/key.js
@@ -22,6 +22,23 @@ var KeyUsage = {
   verify: 'verify'
 };
 
+// Freezes |object| recursively. |object| must not contain cyclic references.
+// TODO(pneubeck): Freeze Uint8Arrays (currently used for the publicExponent
+//   only) also, once V8 supports it.
+function deepFreeze(object) {
+  if (Object.isFrozen(object))
+    return;
+  Object.freeze(object);
+  for (var key in object) {
+    var prop = object[key];
+    if (!object.hasOwnProperty(key) || (typeof prop) !== 'object' ||
+        prop.__proto__.constructor.name === 'Uint8Array') {
+      continue;
+    }
+    deepFreeze(prop);
+  }
+}
+
 /**
  * Implementation of WebCrypto.Key used in enterprise.platformKeys.
  * @param {KeyType} type The type of the new key.
@@ -36,6 +53,7 @@ var KeyImpl = function(type, publicKeySpki, algorithm, usages, extractable) {
   this.type = type;
   this.spki = publicKeySpki;
   this.algorithm = algorithm;
+  deepFreeze(this.algorithm);

[not at google - send to devlin, 2014/06/16 17:58:32]

why do you need this? the way that you're exposing Key, with {readonly:
['algorithm']}, should prevent it from being modified. or am I missing
something?

also I don't know what part of this test is functional and what part is test
cleanup.

[pneubeck (no reviews), 2014/06/16 18:01:18]

algorithm is an Object and defineProperty doesn't prevent modifying nested
properties. It only prevents assign another object to the member 'algorithm' of
the Key object.
Sorry. I'll separate it into two CLs.

[not at google - send to devlin, 2014/06/16 18:08:31]

ah right. "deepFreeze" is a great name.

I find it a little odd that a sideeffect of constructing a KeyImpl is to freeze
an object that it's given. Better to either ensure that the algorithm can't be
modified from outside the function (i.e. that an unmodifiable algorithm is
passed in) or KeyImpl should make a copy of it.

   this.usages = usages;
   this.extractable = extractable;
 };