Implement chrome.platformKeys.getKeyPair().

chrome/test/data/extensions/api_test/platform_keys/basic.js

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 'use strict';
 
 var systemTokenEnabled = (location.href.indexOf("systemTokenEnabled") != -1);
 
 var assertEq = chrome.test.assertEq;
 var assertTrue = chrome.test.assertTrue;
@@ skipping 61 matching lines @@
   0x33, 0x51, 0x02, 0xe4, 0x24, 0x86, 0xab, 0x8e, 0xaa, 0x94, 0xf4, 0x25,
   0x6e, 0x3f, 0x53, 0x42, 0xce, 0x12, 0x91, 0x99, 0x23, 0x52, 0x1d, 0xba,
   0xdf, 0x59, 0x11, 0x0f, 0x34, 0x2e, 0x8e, 0x58, 0xac, 0xdf, 0x6b, 0x1a,
   0x08, 0xa3, 0x03, 0x46, 0x0f, 0xc0, 0x11, 0x72, 0x66, 0xc4, 0xe8, 0x92,
   0x5a, 0x20, 0x06, 0xfe, 0xe2, 0x2b, 0xe9, 0xb3, 0x9b, 0x70, 0x1a, 0xb9,
   0x53, 0x21, 0xad, 0xd7, 0x5f, 0xa1, 0xab, 0x26, 0x97, 0x17, 0x0b, 0xba,
   0xb0, 0x8b, 0x2d, 0xdb, 0x0c, 0x4e, 0xed, 0x75, 0x8b, 0x72, 0x46, 0xb0,
   0x6b, 0x23, 0x11, 0xba, 0x1e, 0x03
 ]);
 
+// The public key of clientCert1 as Subject Public Key Info in DER encoding.
+var clientPubkey1 = new Uint8Array([
+  0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+  0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
+  0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd5, 0xdf, 0xba,
+  0x34, 0xcb, 0xc2, 0x03, 0xb5, 0x37, 0x7a, 0x61, 0x89, 0x1a, 0xb5, 0x1a,
+  0xb9, 0x27, 0x7f, 0xa9, 0x2c, 0xba, 0xa1, 0x36, 0xac, 0x83, 0x6d, 0xb8,
+  0x45, 0x9e, 0x35, 0x82, 0xa4, 0xde, 0xa3, 0x69, 0x38, 0x25, 0x84, 0x57,
+  0x00, 0x8c, 0x41, 0x84, 0x86, 0x6d, 0x78, 0x41, 0xd4, 0x10, 0x99, 0x1b,
+  0x15, 0x18, 0xa6, 0x04, 0x2f, 0x92, 0xa0, 0x1c, 0x29, 0xc3, 0xe0, 0x5d,
+  0xe2, 0x90, 0x11, 0x2c, 0xfa, 0xac, 0x18, 0x0d, 0xfe, 0x5e, 0x8d, 0x5c,
+  0x5a, 0x01, 0x4a, 0xf7, 0x2c, 0xc9, 0x6e, 0x39, 0x8e, 0x14, 0x30, 0xd9,
+  0xfc, 0xf6, 0x6a, 0xee, 0x9d, 0xa3, 0xba, 0x23, 0xfe, 0x5d, 0xaa, 0x2f,
+  0x96, 0x07, 0x65, 0x38, 0xca, 0xa4, 0x3c, 0xd2, 0x93, 0x21, 0xb0, 0xb6,
+  0xdb, 0xfb, 0x40, 0x12, 0x00, 0x01, 0x99, 0x30, 0x41, 0x67, 0xe2, 0x2f,
+  0x65, 0x63, 0x71, 0xaa, 0xa6, 0xef, 0x45, 0x23, 0x05, 0x8b, 0xb4, 0x28,
+  0x6c, 0x35, 0xbf, 0x41, 0x73, 0x61, 0xf1, 0x9e, 0x77, 0x8c, 0xa7, 0x51,
+  0xcf, 0xc7, 0x51, 0x63, 0xc7, 0x00, 0xab, 0x4e, 0xa3, 0xe5, 0x8f, 0xfe,
+  0x3c, 0x45, 0xfa, 0x9e, 0xd2, 0x29, 0xbc, 0x59, 0x94, 0x7d, 0x14, 0xc9,
+  0x36, 0xdf, 0xcd, 0x0a, 0xb5, 0x9f, 0xbf, 0xac, 0xfd, 0x1d, 0x2b, 0x6d,
+  0xe5, 0x13, 0x30, 0x14, 0x71, 0xde, 0x77, 0xdf, 0x83, 0xf3, 0x6d, 0x2c,
+  0xcd, 0x16, 0xc0, 0xa5, 0xdc, 0xf2, 0x1f, 0x65, 0x86, 0x37, 0x91, 0x2f,
+  0x31, 0x66, 0x7e, 0x1a, 0x4b, 0x42, 0xb7, 0x29, 0xe1, 0xcd, 0x1d, 0xc9,
+  0x72, 0x0e, 0x65, 0x8e, 0xa9, 0x4c, 0x74, 0x2e, 0x90, 0xb7, 0xe0, 0x91,
+  0x0c, 0xe8, 0xfe, 0x92, 0x26, 0xa7, 0x17, 0x9a, 0xb6, 0x25, 0x7f, 0x66,
+  0x89, 0x2f, 0xbf, 0x54, 0xa7, 0x51, 0x4c, 0xe6, 0x8f, 0x4d, 0x34, 0xa1,
+  0xc3, 0x02, 0x03, 0x01, 0x00, 0x01
+]);

[Ryan Sleevi, 2015/02/03 01:44:51]

Is there no way to move all this test data into secondary files to make it
easier to maintain/update?

[pneubeck (no reviews), 2015/02/03 20:15:00]

I assume that you mean adding files that contains exactly these byte sequences
in raw.
I could probably do that with an XHR but only if they're relative resources.

Wdyt?

[pneubeck (no reviews), 2015/02/04 20:59:20]

changed to XHR loading local files.

+
+// echo -n "hello world" > input
+// xxd -i input
+var rawData = new Uint8Array([
+  0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64
+]);
+
+// openssl rsautl -inkey net/data/ssl/certificates/client_1.key -sign -in input
+//    -pkcs -out signature.pkcs
+// xxd -i signature.pkcs
+var signatureNoHashPkcs = new Uint8Array([
+  0x6a, 0x79, 0xf2, 0x64, 0x3f, 0x5e, 0xa5, 0xe6, 0xab, 0xbc, 0x64, 0x17,
+  0xab, 0x6b, 0x7c, 0x56, 0xc2, 0xfc, 0xf5, 0xd0, 0x23, 0x21, 0x70, 0x59,
+  0xda, 0x18, 0xc5, 0x15, 0x6f, 0x5f, 0xab, 0x9a, 0x6e, 0x37, 0xc2, 0xcf,
+  0x4a, 0xea, 0x35, 0x98, 0x15, 0x01, 0xe6, 0xf9, 0x73, 0x87, 0x6a, 0x4f,
+  0x39, 0x48, 0xdd, 0x54, 0x46, 0x9a, 0xc2, 0xcb, 0xf4, 0x72, 0x4e, 0x02,
+  0x20, 0xda, 0x71, 0x37, 0xcd, 0xf3, 0xf2, 0xd1, 0x8d, 0x6b, 0x65, 0xed,
+  0xf2, 0x78, 0xc7, 0x7e, 0x39, 0xad, 0x29, 0x73, 0x37, 0xb7, 0x06, 0x13,
+  0x60, 0xad, 0x13, 0xaf, 0xe2, 0x85, 0x4c, 0xba, 0x85, 0xd5, 0xa2, 0xc4,
+  0x59, 0x5b, 0x1a, 0x95, 0xd1, 0xc1, 0xf9, 0x1b, 0x9f, 0x83, 0x5c, 0xd5,
+  0xd4, 0xa7, 0xda, 0xa0, 0x7c, 0x08, 0xb5, 0x9e, 0xdb, 0x9e, 0x2f, 0xa2,
+  0xc4, 0x23, 0x9f, 0x2f, 0x3d, 0x84, 0xc7, 0xc8, 0xaa, 0x26, 0xce, 0x1a,
+  0xd6, 0x54, 0x78, 0x2b, 0x78, 0x78, 0x22, 0x63, 0xb5, 0x6b, 0xa0, 0xdb,
+  0xf3, 0xfe, 0x57, 0x13, 0xd0, 0x75, 0x57, 0x11, 0x7d, 0xf0, 0xe1, 0x34,
+  0x39, 0x7c, 0xac, 0xef, 0xc9, 0x86, 0xec, 0xd3, 0x14, 0x05, 0x5a, 0x81,
+  0x81, 0xdc, 0x29, 0x56, 0xe3, 0x55, 0x8f, 0xdf, 0xad, 0xb1, 0x27, 0x86,
+  0x36, 0xa6, 0x60, 0x17, 0x62, 0x87, 0xee, 0x75, 0x06, 0x62, 0xd2, 0xef,
+  0xf9, 0x6e, 0x99, 0x77, 0x0e, 0xea, 0xc6, 0xb8, 0xce, 0xbc, 0x4a, 0x8a,
+  0x61, 0xe3, 0x28, 0x86, 0x55, 0x90, 0x98, 0x51, 0x84, 0xe4, 0x86, 0xb2,
+  0x40, 0xa5, 0x5b, 0x31, 0x45, 0xce, 0xf2, 0xe8, 0xb2, 0x20, 0xc8, 0x60,
+  0x8a, 0xae, 0xab, 0x94, 0x1c, 0x6f, 0xfb, 0x30, 0x47, 0x71, 0x77, 0x5d,
+  0xbf, 0x27, 0x94, 0xfc, 0xf6, 0xe2, 0x8c, 0x4d, 0xd0, 0xc6, 0x3e, 0x2a,
+  0xbb, 0xdd, 0xda, 0x89
+]);
+
+// openssl dgst -sha1 -sign net/data/ssl/certificates/client_1.key
+//    -out signature.pkcs_sha1 input
+// xxd -i signature.pkcs_sha1
+var signatureSha1Pkcs = new Uint8Array([
+  0x74, 0x51, 0xe0, 0x09, 0xd7, 0xd2, 0xf3, 0xa1, 0xa0, 0x29, 0xec, 0x03,
+  0x2a, 0x75, 0x92, 0xac, 0x23, 0x86, 0x47, 0x37, 0x07, 0x8a, 0x66, 0xe3,
+  0x6b, 0x8f, 0x8e, 0xbf, 0x8e, 0x48, 0xab, 0x14, 0xe1, 0x54, 0x90, 0xd0,
+  0xf3, 0x94, 0xdb, 0x15, 0x5f, 0x05, 0xaf, 0x00, 0x8c, 0xb5, 0xac, 0x26,
+  0x85, 0xa9, 0xb4, 0xdc, 0x3a, 0x09, 0x9e, 0x13, 0x0a, 0x60, 0xbf, 0x8e,
+  0x9e, 0xc5, 0x42, 0xb0, 0x5d, 0x66, 0x5b, 0x82, 0xc9, 0xd0, 0x7b, 0xb9,
+  0x4c, 0x6f, 0xfb, 0xcc, 0x5c, 0xb3, 0x92, 0x98, 0xf6, 0x7e, 0x7d, 0xaa,
+  0x46, 0xb4, 0xc6, 0x81, 0x7e, 0x3a, 0x31, 0xe5, 0x46, 0x45, 0x08, 0x81,
+  0x1e, 0x1d, 0x0a, 0x9f, 0x71, 0x72, 0x6e, 0x7e, 0x24, 0x52, 0x93, 0x24,
+  0x78, 0x66, 0x71, 0x99, 0xa9, 0x03, 0xdc, 0xc9, 0x90, 0xe0, 0x5d, 0x9c,
+  0x45, 0x2a, 0xc3, 0x70, 0x6e, 0xa0, 0x82, 0xbb, 0x56, 0xd3, 0x00, 0x02,
+  0x30, 0x30, 0x2c, 0xb9, 0xe3, 0x6e, 0x9b, 0x2a, 0x9d, 0x81, 0xc3, 0x41,
+  0xb9, 0xfc, 0x63, 0x2c, 0x8c, 0xb5, 0x49, 0x9f, 0xc7, 0x08, 0x56, 0x87,
+  0x93, 0x69, 0x5d, 0xab, 0x78, 0xbb, 0xce, 0x5c, 0x24, 0xd3, 0x42, 0x60,
+  0x9a, 0xec, 0xa0, 0x4d, 0xa9, 0x8d, 0x79, 0x3b, 0xf7, 0xed, 0xc0, 0x03,
+  0x54, 0xc3, 0x1f, 0x91, 0x8b, 0xbd, 0x31, 0x08, 0x11, 0xa1, 0xe7, 0xcd,
+  0x53, 0x38, 0x8c, 0x32, 0x03, 0xc1, 0x88, 0x0a, 0xc4, 0x01, 0x3e, 0xfe,
+  0xb6, 0x56, 0x78, 0xdb, 0x7c, 0x7d, 0xe4, 0xe8, 0xca, 0xa5, 0xc5, 0x37,
+  0xda, 0xa4, 0xa2, 0x16, 0x6b, 0x66, 0xb0, 0x89, 0x28, 0x32, 0x90, 0xd2,
+  0xb8, 0xb1, 0x1c, 0x21, 0xcb, 0x3a, 0x68, 0xef, 0x18, 0x1e, 0x84, 0xc9,
+  0x6e, 0xe1, 0xc5, 0xb1, 0x8d, 0x23, 0x1b, 0xc2, 0xa6, 0xc7, 0x37, 0x7a,
+  0x76, 0x67, 0xb8, 0xa0
+]);
+
 // The distinguished name of the CA that issued clientCert1 in DER encoding.
 var ca1DistinguishedNameDER = new Uint8Array([
   0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
   0x04, 0x42, 0x20, 0x43, 0x41
 ]);
 
 // A X.509 client certificate in DER encoding.
 var clientCert2 = new Uint8Array([
   0x30, 0x82, 0x02, 0xd2, 0x30, 0x82, 0x01, 0xba, 0xa0, 0x03, 0x02, 0x01,
   0x02, 0x02, 0x02, 0x10, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
@@ skipping 96 matching lines @@
           for (var i = 0; i < expectedCerts.length; i++) {
             assertEq(expectedCerts[i], actualCerts[i],
                      'Certs at index ' + i + ' differ');
           }
         }
         if (callback)
           callback();
       }));
 }
 
+function checkAlgorithmIsCopiedOnRead(key) {
+  var algorithm = key.algorithm;
+  var originalAlgorithm = {
+    name: algorithm.name,
+    modulusLength: algorithm.modulusLength,
+    publicExponent: algorithm.publicExponent,
+    hash: {name: algorithm.hash.name}
+  };
+  var originalModulusLength = algorithm.modulusLength;
+  algorithm.hash.name = null;
+  algorithm.hash = null;
+  algorithm.name = null;
+  algorithm.modulusLength = null;
+  algorithm.publicExponent = null;
+  assertEq(originalAlgorithm, key.algorithm);
+}
+
+function checkPropertyIsReadOnly(object, key) {
+  var original = object[key];
+  try {
+    object[key] = {};
+    fail('Expected the property to be read-only and an exception to be thrown');
+  } catch (error) {
+    assertEq(original, object[key]);
+  }
+}
+
+function checkPrivateKeyFormat(privateKey) {
+  assertEq('private', privateKey.type);
+  assertEq(false, privateKey.extractable);
+  checkPropertyIsReadOnly(privateKey, 'algorithm');
+  checkAlgorithmIsCopiedOnRead(privateKey);
+}
+
+function checkPublicKeyFormat(publicKey) {
+  assertEq('public', publicKey.type);
+  assertEq(true, publicKey.extractable);
+  checkPropertyIsReadOnly(publicKey, 'algorithm');
+  checkAlgorithmIsCopiedOnRead(publicKey);
+}
+
 function testStaticMethods() {
   assertTrue(!!chrome.platformKeys, "No platformKeys namespace.");
   assertTrue(!!chrome.platformKeys.selectClientCertificates,
              "No selectClientCertificates function.");
   succeed();
 }
 
+function testHasSubtleCryptoMethods(token) {
+  assertTrue(!!token.subtleCrypto.generateKey,
+             "token has no generateKey method");
+  assertTrue(!!token.subtleCrypto.sign, "token has no sign method");
+  assertTrue(!!token.subtleCrypto.exportKey, "token has no exportKey method");
+  succeed();
+}
+
 function testSelectAllCerts() {
   var requestAll = {
     certificateTypes: [],
     certificateAuthorities: []
   };
   var expectedCerts = [clientCert1];
   if (systemTokenEnabled)
     expectedCerts.push(clientCert2);
   assertCertsSelected(requestAll, expectedCerts);
 }
 
 function testSelectCA1Certs() {
   var requestCA1 = {
     certificateTypes: [],
     certificateAuthorities: [ca1DistinguishedNameDER.buffer]
   };
   assertCertsSelected(requestCA1, [clientCert1]);
 }
 
+function testMatchResult() {
+  var requestCA1 = {
+    certificateTypes: [],
+    certificateAuthorities: [ca1DistinguishedNameDER.buffer]
+  };
+  chrome.platformKeys.selectClientCertificates(
+      {interactive: false, request: requestCA1},
+      callbackPass(function(matches) {
+        var expectedAlgorithm = {
+          modulusLength: 2048,
+          name: "RSASSA-PKCS1-v1_5",
+          publicExponent: new Uint8Array([0x01, 0x00, 0x01])
+        };
+        var actualAlgorithm = matches[0].keyAlgorithm;
+        assertEq(
+            expectedAlgorithm, actualAlgorithm,
+            'Member algorithm of Match does not equal the expected algorithm');
+      }));
+}
+
+function getClientCert1Keys(keyParams, callback) {
+  var requestCA1 = {
+    certificateTypes: [],
+    certificateAuthorities: [ca1DistinguishedNameDER.buffer]
+  };
+  chrome.platformKeys.selectClientCertificates(
+      {interactive: false, request: requestCA1},
+      callbackPass(function(matches) {
+        chrome.platformKeys.getKeyPair(matches[0].certificate, keyParams,
+                                       callback);
+      }));
+}
+
+function testGetKeyPair() {
+  var keyParams = {
+    // Algorithm names are case-insensitive.
+    'hash': {'name': 'sha-1'}
+  };
+  getClientCert1Keys(keyParams, callbackPass(function(publicKey, privateKey) {
+    var expectedAlgorithm = {
+      modulusLength: 2048,
+      name: "RSASSA-PKCS1-v1_5",
+      publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+      hash: {name: 'SHA-1'}
+    };
+    assertEq(expectedAlgorithm, publicKey.algorithm);
+    assertEq(expectedAlgorithm, privateKey.algorithm);
+
+    checkPublicKeyFormat(publicKey);
+    checkPrivateKeyFormat(privateKey);
+
+    chrome.platformKeys.subtleCrypto()
+        .exportKey('spki', publicKey)
+        .then(callbackPass(function(actualPublicKeySpki) {
+          assertTrue(compareArrays(clientPubkey1, actualPublicKeySpki) == 0,
+                     'Match did not contain correct public key');
+        }),
+              function(error) { fail("Export failed: " + error); });
+  }));
+}
+
+function testSignNoHash() {
+  var keyParams = {
+    // Algorithm names are case-insensitive.
+    hash: {name: 'NONE'}
+  };
+  var signParams = {
+    name: 'RSASSA-PKCS1-v1_5'
+  };
+  getClientCert1Keys(keyParams, callbackPass(function(publicKey, privateKey) {
+    chrome.platformKeys.subtleCrypto()
+        .sign(signParams, privateKey, rawData)
+        .then(callbackPass(function(signature) {
+          var actualSignature = new Uint8Array(signature);
+          assertTrue(compareArrays(signatureNoHashPkcs, actualSignature) == 0,
+                     'Incorrect signature');
+        }));
+  }));
+}
+
+function testSignSha1() {
+  var keyParams = {
+    // Algorithm names are case-insensitive.
+    hash: {name: 'Sha-1'}
+  };
+  var signParams = {
+    // Algorithm names are case-insensitive.
+    name: 'RSASSA-Pkcs1-v1_5'
+  };
+  getClientCert1Keys(keyParams, callbackPass(function(publicKey, privateKey) {
+    chrome.platformKeys.subtleCrypto()
+        .sign(signParams, privateKey, rawData)
+        .then(callbackPass(function(signature) {
+          var actualSignature = new Uint8Array(signature);
+          assertTrue(compareArrays(signatureSha1Pkcs, actualSignature) == 0,
+                     'Incorrect signature');
+        }));
+  }));
+}
+
 function runTests() {
   var tests = [
     testStaticMethods,
     testSelectAllCerts,
-    testSelectCA1Certs
+    testSelectCA1Certs,
+    testMatchResult,
+    testGetKeyPair,
+    testSignNoHash,
+    testSignSha1
   ];
 
   chrome.test.runTests(tests);
 }
 
 runTests();