Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(481)

Side by Side Diff: chrome/browser/extensions/api/platform_keys/platform_keys_api.cc

Issue 884073002: Implement chrome.platformKeys.getKeyPair(). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@cert_impl2
Patch Set: Rebased. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/extensions/api/platform_keys/platform_keys_api.h" 5 #include "chrome/browser/extensions/api/platform_keys/platform_keys_api.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
11 #include "base/values.h"
11 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" 12 #include "chrome/browser/chromeos/platform_keys/platform_keys.h"
12 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" 13 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h"
13 #include "chrome/browser/chromeos/platform_keys/platform_keys_service_factory.h" 14 #include "chrome/browser/chromeos/platform_keys/platform_keys_service_factory.h"
14 #include "chrome/common/extensions/api/platform_keys_internal.h" 15 #include "chrome/common/extensions/api/platform_keys_internal.h"
15 #include "content/public/browser/browser_thread.h" 16 #include "content/public/browser/browser_thread.h"
16 #include "net/cert/x509_certificate.h" 17 #include "net/cert/x509_certificate.h"
17 18
18 namespace extensions { 19 namespace extensions {
19 20
20 namespace api_pk = api::platform_keys; 21 namespace api_pk = api::platform_keys;
21 namespace api_pki = api::platform_keys_internal; 22 namespace api_pki = api::platform_keys_internal;
22 23
24 namespace {
25
26 const char kErrorAlgorithmNotSupported[] = "Algorithm not supported.";
27
28 // Builds a partial WebCrypto Algorithm object from the parameters available in
29 // |key_info|. This doesn't include sign/hash parameters and thus isn't
30 // complete.
31 // For RSA, the default public exponent 65537 is assumed.
32 void BuildWebCryptoAlgorithmDictionary(
33 const chromeos::platform_keys::PublicKeyInfo& key_info,
34 base::DictionaryValue* algorithm) {
35 algorithm->SetStringWithoutPathExpansion("name", "RSASSA-PKCS1-v1_5");
36 algorithm->SetIntegerWithoutPathExpansion("modulusLength",
37 key_info.modulus_length_bits);
38
39 // Equals 65537.
40 const char defaultPublicExponent[] = {0x01, 0x00, 0x01};
41 algorithm->SetWithoutPathExpansion(
42 "publicExponent",
43 base::BinaryValue::CreateWithCopiedBuffer(
44 defaultPublicExponent, arraysize(defaultPublicExponent)));
45 }
46
47 } // namespace
48
23 namespace platform_keys { 49 namespace platform_keys {
24 50
25 const char kErrorInvalidToken[] = "The token is not valid."; 51 const char kErrorInvalidToken[] = "The token is not valid.";
26 const char kErrorAlgorithmNotSupported[] = "Algorithm not supported.";
27 const char kTokenIdUser[] = "user"; 52 const char kTokenIdUser[] = "user";
28 const char kTokenIdSystem[] = "system"; 53 const char kTokenIdSystem[] = "system";
29 54
30 // Returns whether |token_id| references a known Token. 55 // Returns whether |token_id| references a known Token.
31 bool ValidateToken(const std::string& token_id, 56 bool ValidateToken(const std::string& token_id,
32 std::string* platform_keys_token_id) { 57 std::string* platform_keys_token_id) {
33 platform_keys_token_id->clear(); 58 platform_keys_token_id->clear();
34 if (token_id == kTokenIdUser) { 59 if (token_id == kTokenIdUser) {
35 *platform_keys_token_id = chromeos::platform_keys::kTokenIdUser; 60 *platform_keys_token_id = chromeos::platform_keys::kTokenIdUser;
36 return true; 61 return true;
(...skipping 10 matching lines...) Expand all
47 if (platform_keys_token_id == chromeos::platform_keys::kTokenIdUser) 72 if (platform_keys_token_id == chromeos::platform_keys::kTokenIdUser)
48 return kTokenIdUser; 73 return kTokenIdUser;
49 if (platform_keys_token_id == chromeos::platform_keys::kTokenIdSystem) 74 if (platform_keys_token_id == chromeos::platform_keys::kTokenIdSystem)
50 return kTokenIdSystem; 75 return kTokenIdSystem;
51 76
52 return std::string(); 77 return std::string();
53 } 78 }
54 79
55 } // namespace platform_keys 80 } // namespace platform_keys
56 81
82 PlatformKeysInternalGetPublicKeyFunction::
83 ~PlatformKeysInternalGetPublicKeyFunction() {
84 }
85
86 ExtensionFunction::ResponseAction
87 PlatformKeysInternalGetPublicKeyFunction::Run() {
88 scoped_ptr<api_pki::GetPublicKey::Params> params(
89 api_pki::GetPublicKey::Params::Create(*args_));
90 EXTENSION_FUNCTION_VALIDATE(params);
91
92 const std::vector<char>& cert_der = params->certificate;
93 scoped_refptr<net::X509Certificate> cert_x509 =
94 net::X509Certificate::CreateFromBytes(vector_as_array(&cert_der),
95 cert_der.size());
Ryan Sleevi 2015/02/03 01:44:50 SECURITY BUG: Validate that |cert_x509| is valid h
pneubeck (no reviews) 2015/02/03 20:15:00 Done.
96
97 chromeos::platform_keys::PublicKeyInfo info;
98 if (!chromeos::platform_keys::GetPublicKey(cert_x509, &info) ||
99 info.key_type != net::X509Certificate::kPublicKeyTypeRSA) {
100 return RespondNow(Error(kErrorAlgorithmNotSupported));
101 }
102
103 api_pki::GetPublicKey::Results::Algorithm algorithm;
104 BuildWebCryptoAlgorithmDictionary(info, &algorithm.additional_properties);
105
106 return RespondNow(ArgumentList(api_pki::GetPublicKey::Results::Create(
107 info.public_key_spki_der, algorithm)));
108 }
109
57 PlatformKeysInternalSelectClientCertificatesFunction:: 110 PlatformKeysInternalSelectClientCertificatesFunction::
58 ~PlatformKeysInternalSelectClientCertificatesFunction() { 111 ~PlatformKeysInternalSelectClientCertificatesFunction() {
59 } 112 }
60 113
61 ExtensionFunction::ResponseAction 114 ExtensionFunction::ResponseAction
62 PlatformKeysInternalSelectClientCertificatesFunction::Run() { 115 PlatformKeysInternalSelectClientCertificatesFunction::Run() {
63 scoped_ptr<api_pki::SelectClientCertificates::Params> params( 116 scoped_ptr<api_pki::SelectClientCertificates::Params> params(
64 api_pki::SelectClientCertificates::Params::Create(*args_)); 117 api_pki::SelectClientCertificates::Params::Create(*args_));
65 EXTENSION_FUNCTION_VALIDATE(params); 118 EXTENSION_FUNCTION_VALIDATE(params);
66 119
(...skipping 21 matching lines...) Expand all
88 OnSelectedCertificates(scoped_ptr<net::CertificateList> matches, 141 OnSelectedCertificates(scoped_ptr<net::CertificateList> matches,
89 const std::string& error_message) { 142 const std::string& error_message) {
90 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); 143 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
91 if (!error_message.empty()) { 144 if (!error_message.empty()) {
92 Respond(Error(error_message)); 145 Respond(Error(error_message));
93 return; 146 return;
94 } 147 }
95 DCHECK(matches); 148 DCHECK(matches);
96 std::vector<linked_ptr<api_pk::Match>> result_matches; 149 std::vector<linked_ptr<api_pk::Match>> result_matches;
97 for (const scoped_refptr<net::X509Certificate>& match : *matches) { 150 for (const scoped_refptr<net::X509Certificate>& match : *matches) {
151 chromeos::platform_keys::PublicKeyInfo key_info;
152 if (!chromeos::platform_keys::GetPublicKey(match, &key_info)) {
153 LOG(ERROR) << "Could not retrieve public key info.";
154 continue;
155 }
156 if (key_info.key_type != net::X509Certificate::kPublicKeyTypeRSA) {
157 LOG(ERROR) << "Skipping unsupported certificate with non-RSA key.";
158 continue;
159 }
160
98 linked_ptr<api_pk::Match> result_match(new api_pk::Match); 161 linked_ptr<api_pk::Match> result_match(new api_pk::Match);
99 std::string der_encoded_cert; 162 std::string der_encoded_cert;
100 net::X509Certificate::GetDEREncoded(match->os_cert_handle(), 163 net::X509Certificate::GetDEREncoded(match->os_cert_handle(),
101 &der_encoded_cert); 164 &der_encoded_cert);
102 result_match->certificate.assign(der_encoded_cert.begin(), 165 result_match->certificate.assign(der_encoded_cert.begin(),
103 der_encoded_cert.end()); 166 der_encoded_cert.end());
167
168 BuildWebCryptoAlgorithmDictionary(
169 key_info, &result_match->key_algorithm.additional_properties);
104 result_matches.push_back(result_match); 170 result_matches.push_back(result_match);
105 } 171 }
106 Respond(ArgumentList( 172 Respond(ArgumentList(
107 api_pki::SelectClientCertificates::Results::Create(result_matches))); 173 api_pki::SelectClientCertificates::Results::Create(result_matches)));
108 } 174 }
109 175
110 PlatformKeysInternalSignFunction::~PlatformKeysInternalSignFunction() { 176 PlatformKeysInternalSignFunction::~PlatformKeysInternalSignFunction() {
111 } 177 }
112 178
113 ExtensionFunction::ResponseAction PlatformKeysInternalSignFunction::Run() { 179 ExtensionFunction::ResponseAction PlatformKeysInternalSignFunction::Run() {
114 scoped_ptr<api_pki::Sign::Params> params( 180 scoped_ptr<api_pki::Sign::Params> params(
115 api_pki::Sign::Params::Create(*args_)); 181 api_pki::Sign::Params::Create(*args_));
116 EXTENSION_FUNCTION_VALIDATE(params); 182 EXTENSION_FUNCTION_VALIDATE(params);
117 std::string platform_keys_token_id; 183 std::string platform_keys_token_id;
118 if (!platform_keys::ValidateToken(params->token_id, &platform_keys_token_id)) 184 if (!params->token_id.empty() &&
185 !platform_keys::ValidateToken(params->token_id,
186 &platform_keys_token_id)) {
119 return RespondNow(Error(platform_keys::kErrorInvalidToken)); 187 return RespondNow(Error(platform_keys::kErrorInvalidToken));
188 }
120 189
121 chromeos::platform_keys::HashAlgorithm hash_algorithm; 190 chromeos::platform_keys::HashAlgorithm hash_algorithm;
122 if (params->hash_algorithm_name == "SHA-1") 191 if (params->hash_algorithm_name == "none")
192 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_NONE;
193 else if (params->hash_algorithm_name == "SHA-1")
123 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA1; 194 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA1;
124 else if (params->hash_algorithm_name == "SHA-256") 195 else if (params->hash_algorithm_name == "SHA-256")
125 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA256; 196 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA256;
126 else if (params->hash_algorithm_name == "SHA-384") 197 else if (params->hash_algorithm_name == "SHA-384")
127 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA384; 198 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA384;
128 else if (params->hash_algorithm_name == "SHA-512") 199 else if (params->hash_algorithm_name == "SHA-512")
129 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA512; 200 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA512;
130 else 201 else
131 return RespondNow(Error(platform_keys::kErrorAlgorithmNotSupported)); 202 return RespondNow(Error(kErrorAlgorithmNotSupported));
132 203
133 chromeos::PlatformKeysService* service = 204 chromeos::PlatformKeysService* service =
134 chromeos::PlatformKeysServiceFactory::GetForBrowserContext( 205 chromeos::PlatformKeysServiceFactory::GetForBrowserContext(
135 browser_context()); 206 browser_context());
136 DCHECK(service); 207 DCHECK(service);
137 208
138 service->Sign( 209 service->Sign(
139 platform_keys_token_id, 210 platform_keys_token_id,
140 std::string(params->public_key.begin(), params->public_key.end()), 211 std::string(params->public_key.begin(), params->public_key.end()),
141 hash_algorithm, std::string(params->data.begin(), params->data.end()), 212 hash_algorithm, std::string(params->data.begin(), params->data.end()),
142 extension_id(), 213 extension_id(),
143 base::Bind(&PlatformKeysInternalSignFunction::OnSigned, this)); 214 base::Bind(&PlatformKeysInternalSignFunction::OnSigned, this));
144 return RespondLater(); 215 return RespondLater();
145 } 216 }
146 217
147 void PlatformKeysInternalSignFunction::OnSigned( 218 void PlatformKeysInternalSignFunction::OnSigned(
148 const std::string& signature, 219 const std::string& signature,
149 const std::string& error_message) { 220 const std::string& error_message) {
150 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); 221 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
151 if (error_message.empty()) 222 if (error_message.empty())
152 Respond(ArgumentList(api_pki::Sign::Results::Create( 223 Respond(ArgumentList(api_pki::Sign::Results::Create(
153 std::vector<char>(signature.begin(), signature.end())))); 224 std::vector<char>(signature.begin(), signature.end()))));
154 else 225 else
155 Respond(Error(error_message)); 226 Respond(Error(error_message));
156 } 227 }
157 228
158 } // namespace extensions 229 } // namespace extensions
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698