[webcrypto] Add JWK import of RSA public key for NSS.

content/renderer/webcrypto/webcrypto_impl.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/webcrypto/webcrypto_impl.h"
 
 #include <algorithm>
 #include <functional>
 #include <map>
 #include "base/json/json_reader.h"
@@ skipping 130 matching lines @@
     case blink::WebCryptoAlgorithmIdAesGcm:
     case blink::WebCryptoAlgorithmIdAesCtr:
       return true;
     default:
       NOTREACHED();  // Not a supported algorithm.
       break;
   }
   return false;
 }
 
+bool GetDecodedUrl64ValueByKey(
+    const base::DictionaryValue& dict,
+    const std::string& key,
+    std::string* decoded) {
+  std::string value_url64;
+  if (!dict.GetString(key, &value_url64) ||
+      !webcrypto::Base64DecodeUrlSafe(value_url64, decoded) ||
+      !decoded->size()) {
+    return false;
+  }
+  return true;
+}
+
 }  // namespace
 
 WebCryptoImpl::WebCryptoImpl() {
   Init();
 }
 
 void WebCryptoImpl::encrypt(
     const blink::WebCryptoAlgorithm& algorithm,
     const blink::WebCryptoKey& key,
     const unsigned char* data,
@@ skipping 343 matching lines @@
   // 3. JWK alg valid AND input algorithm specified, but JWK value
   //      inconsistent with input: error
   // 4. JWK alg valid AND input algorithm specified, both consistent: use
   //      input value (because it has potentially more details)
   // 5. JWK alg missing AND input algorithm isNull: error
   // 6. JWK alg missing AND input algorithm specified: use input value
   blink::WebCryptoAlgorithm algorithm = blink::WebCryptoAlgorithm::createNull();
   std::string jwk_alg_value;
   if (dict_value->GetString("alg", &jwk_alg_value)) {
     // JWK alg present
+
+    // TODO(padolph): Validate alg vs kty. For example kty="RSA" implies alg can
+    // only be from the RSA family.
+
     const blink::WebCryptoAlgorithm jwk_algorithm =
         jwk_alg_factory.Get().CreateAlgorithmFromName(jwk_alg_value);
     if (jwk_algorithm.isNull()) {
       // JWK alg unrecognized
       return false;  // case 1
     }
     // JWK alg valid
     if (algorithm_or_null.isNull()) {
       // input algorithm not specified
       algorithm = jwk_algorithm;  // case 2
@@ skipping 28 matching lines @@
       return false;
     }
     if ((jwk_usage_mask & usage_mask) != usage_mask) {
       // A usage_mask must be a subset of jwk_usage_mask.
       return false;
     }
   }
 
   // JWK keying material --> ImportKeyInternal()
   if (jwk_kty_value == "oct") {
-    std::string jwk_k_value_url64;
-    if (!dict_value->GetString("k", &jwk_k_value_url64))
+
+    std::string jwk_k_value;
+    if (!GetDecodedUrl64ValueByKey(*dict_value, "k", &jwk_k_value))
       return false;
-    std::string jwk_k_value;
-    if (!webcrypto::Base64DecodeUrlSafe(jwk_k_value_url64, &jwk_k_value) ||
-        !jwk_k_value.size()) {
-      return false;
-    }
 
     // TODO(padolph): Some JWK alg ID's embed information about the key length
     // in the alg ID string. For example "A128" implies the JWK carries 128 bits
     // of key material, and "HS512" implies the JWK carries _at least_ 512 bits
     // of key material. For such keys validate the actual key length against the
     // value in the ID.
 
     return ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
                              reinterpret_cast<const uint8*>(jwk_k_value.data()),
                              jwk_k_value.size(),
                              algorithm,
                              extractable,
                              usage_mask,
                              key);
   } else if (jwk_kty_value == "RSA") {
-    // TODO(padolph): JWK import RSA public key
-    return false;
+
+    // An RSA public key must have an "n" (modulus) and an "e" (exponent) entry
+    // in the JWK, while an RSA private key must have those, plus at least a "d"
+    // (private exponent) entry.
+    // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18,
+    // section 6.3.
+
+    // RSA private key import is not currently supported, so fail here if a "d"
+    // entry is found.
+    // TODO(padolph): Support RSA private key import.
+    if (dict_value->HasKey("d"))
+      return false;
+
+    std::string jwk_n_value;
+    if (!GetDecodedUrl64ValueByKey(*dict_value, "n", &jwk_n_value))
+      return false;
+    std::string jwk_e_value;
+    if (!GetDecodedUrl64ValueByKey(*dict_value, "e", &jwk_e_value))
+      return false;
+
+    return ImportRsaPublicKeyInternal(
+        reinterpret_cast<const uint8*>(jwk_n_value.data()),
+        jwk_n_value.size(),
+        reinterpret_cast<const uint8*>(jwk_e_value.data()),
+        jwk_e_value.size(),
+        algorithm,
+        extractable,
+        usage_mask,
+        key);
+
   } else {
     return false;
   }
 
   return true;
 }
 
 }  // namespace content