Chromium Code Reviews Chromium Code Reviews
Issue 884073002:
Implement chrome.platformKeys.getKeyPair(). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert_impl2| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" | 5 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "base/values.h" | 9 #include "base/values.h" |
| 10 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" | 10 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" |
| (...skipping 24 matching lines...) Expand all Loading... | |
| 35 const std::string& public_key_spki_der) { | 35 const std::string& public_key_spki_der) { |
| 36 callback.Run(public_key_spki_der, std::string() /* no error */); | 36 callback.Run(public_key_spki_der, std::string() /* no error */); |
| 37 } | 37 } |
| 38 | 38 |
| 39 // Callback used by |PlatformKeysService::Sign|. | 39 // Callback used by |PlatformKeysService::Sign|. |
| 40 // Is called with the old validity of |public_key_spki_der| (or false if an | 40 // Is called with the old validity of |public_key_spki_der| (or false if an |
| 41 // error occurred during reading the StateStore). If allowed, starts the actual | 41 // error occurred during reading the StateStore). If allowed, starts the actual |
| 42 // signing operation which will call back |callback|. If not allowed, calls | 42 // signing operation which will call back |callback|. If not allowed, calls |
| 43 // |callback| with an error. | 43 // |callback| with an error. |
| 44 void CheckValidityAndSign(const std::string& token_id, | 44 void CheckValidityAndSign(const std::string& token_id, |
| 45 const std::string& public_key_spki_der, | 45 scoped_ptr<platform_keys::SignRSAParams> params, |
| 46 platform_keys::HashAlgorithm hash_algorithm, | |
| 47 const std::string& data, | |
| 48 const PlatformKeysService::SignCallback& callback, | 46 const PlatformKeysService::SignCallback& callback, |
| 49 content::BrowserContext* browser_context, | 47 content::BrowserContext* browser_context, |
| 50 bool key_is_valid) { | 48 bool key_is_valid) { |
| 51 if (!key_is_valid) { | 49 if (!key_is_valid) { |
| 52 callback.Run(std::string() /* no signature */, | 50 callback.Run(std::string() /* no signature */, |
| 53 kErrorKeyNotAllowedForSigning); | 51 kErrorKeyNotAllowedForSigning); |
| 54 return; | 52 return; |
| 55 } | 53 } |
| 56 platform_keys::subtle::Sign(token_id, | 54 platform_keys::subtle::SignRSA(token_id, params.Pass(), callback, |
| 57 public_key_spki_der, | 55 browser_context); |
| 58 hash_algorithm, | |
| 59 data, | |
| 60 callback, | |
| 61 browser_context); | |
| 62 } | 56 } |
| 63 | 57 |
| 64 } // namespace | 58 } // namespace |
| 65 | 59 |
| 66 PlatformKeysService::PlatformKeysService( | 60 PlatformKeysService::PlatformKeysService( |
| 67 content::BrowserContext* browser_context, | 61 content::BrowserContext* browser_context, |
| 68 extensions::StateStore* state_store) | 62 extensions::StateStore* state_store) |
| 69 : browser_context_(browser_context), | 63 : browser_context_(browser_context), |
| 70 state_store_(state_store), | 64 state_store_(state_store), |
| 71 weak_factory_(this) { | 65 weak_factory_(this) { |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 88 platform_keys::subtle::GenerateRSAKey( | 82 platform_keys::subtle::GenerateRSAKey( |
| 89 token_id, | 83 token_id, |
| 90 modulus_length, | 84 modulus_length, |
| 91 base::Bind(&PlatformKeysService::GenerateRSAKeyCallback, | 85 base::Bind(&PlatformKeysService::GenerateRSAKeyCallback, |
| 92 weak_factory_.GetWeakPtr(), | 86 weak_factory_.GetWeakPtr(), |
| 93 extension_id, | 87 extension_id, |
| 94 callback), | 88 callback), |
| 95 browser_context_); | 89 browser_context_); |
| 96 } | 90 } |
| 97 | 91 |
| 98 void PlatformKeysService::Sign(const std::string& token_id, | 92 void PlatformKeysService::SignRSA( |
| 99 const std::string& public_key_spki_der, | 93 const std::string& token_id, |
| 100 platform_keys::HashAlgorithm hash_algorithm, | 94 scoped_ptr<platform_keys::SignRSAParams> params, |
| 101 const std::string& data, | 95 const std::string& extension_id, |
| 102 const std::string& extension_id, | 96 const SignCallback& callback) { |
| 103 const SignCallback& callback) { | |
| 104 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 97 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 105 ReadValidityAndInvalidateKey(extension_id, | 98 ReadValidityAndInvalidateKey( |
| 106 public_key_spki_der, | 99 extension_id, params->public_key(), |
| 107 base::Bind(&CheckValidityAndSign, | 100 base::Bind(&CheckValidityAndSign, token_id, base::Passed(¶ms), |
| 108 token_id, | 101 callback, browser_context_)); |
| 109 public_key_spki_der, | |
| 110 hash_algorithm, | |
| 111 data, | |
| 112 callback, | |
| 113 browser_context_)); | |
| 114 } | 102 } |
| 115 | 103 |
| 116 void PlatformKeysService::SelectClientCertificates( | 104 void PlatformKeysService::SelectClientCertificates( |
| 117 const platform_keys::ClientCertificateRequest& request, | 105 const platform_keys::ClientCertificateRequest& request, |
| 118 const std::string& extension_id, | 106 const std::string& extension_id, |
| 119 const SelectCertificatesCallback& callback) { | 107 const SelectCertificatesCallback& callback) { |
| 120 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 108 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 121 | 109 |
| 122 platform_keys::subtle::SelectClientCertificates( | 110 platform_keys::subtle::SelectClientCertificates( |
| 123 request, | 111 request, |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 211 | 199 |
| 212 void PlatformKeysService::InvalidateKey( | 200 void PlatformKeysService::InvalidateKey( |
| 213 const std::string& extension_id, | 201 const std::string& extension_id, |
| 214 const std::string& public_key_spki_der, | 202 const std::string& public_key_spki_der, |
| 215 const base::Callback<void(bool)>& callback, | 203 const base::Callback<void(bool)>& callback, |
| 216 scoped_ptr<base::ListValue> platform_keys) { | 204 scoped_ptr<base::ListValue> platform_keys) { |
| 217 scoped_ptr<base::StringValue> key_value( | 205 scoped_ptr<base::StringValue> key_value( |
| 218 GetPublicKeyValue(public_key_spki_der)); | 206 GetPublicKeyValue(public_key_spki_der)); |
| 219 | 207 |
| 220 size_t index = 0; | 208 size_t index = 0; |
| 221 if (!platform_keys->Remove(*key_value, &index)) { | 209 // If the key is found in |platform_keys|, it's valid for the extension to use |
| 222 // The key is not found, so it's not valid to use it for signing. | 210 // it for signing. |
| 223 callback.Run(false); | 211 bool key_was_valid = platform_keys->Remove(*key_value, &index); |
| 224 return; | 212 |
| 213 if (key_was_valid) { | |
| 214 // Persist that the key is now invalid. | |
| 215 SetPlatformKeysOfExtension(extension_id, platform_keys.Pass()); | |
| 225 } | 216 } |
| 226 | 217 |
| 227 SetPlatformKeysOfExtension(extension_id, platform_keys.Pass()); | 218 if (permission_check_enabled_) { |
| 228 callback.Run(true); | 219 // If permission checks are enabled, pass back the key permission (before |
| 220 // it was removed above). | |
|
Ryan Sleevi
2015/02/10 00:59:33
To make sure I'm understanding: You only allow one
pneubeck (no reviews)
2015/02/10 10:40:52
Outside the new platform_keys_apitest_nss.cc the p
| |
| 221 callback.Run(key_was_valid); | |
| 222 } else { | |
| 223 // Otherwise just allow signing with the key (which is enabled for testing | |
| 224 // only). | |
| 225 callback.Run(true); | |
| 226 } | |
| 229 } | 227 } |
| 230 | 228 |
| 231 void PlatformKeysService::GotPlatformKeysOfExtension( | 229 void PlatformKeysService::GotPlatformKeysOfExtension( |
| 232 const std::string& extension_id, | 230 const std::string& extension_id, |
| 233 const GetPlatformKeysCallback& callback, | 231 const GetPlatformKeysCallback& callback, |
| 234 scoped_ptr<base::Value> value) { | 232 scoped_ptr<base::Value> value) { |
| 235 if (!value) | 233 if (!value) |
| 236 value.reset(new base::ListValue); | 234 value.reset(new base::ListValue); |
| 237 | 235 |
| 238 base::ListValue* keys = NULL; | 236 base::ListValue* keys = NULL; |
| 239 if (!value->GetAsList(&keys)) { | 237 if (!value->GetAsList(&keys)) { |
| 240 LOG(ERROR) << "Found a value of wrong type."; | 238 LOG(ERROR) << "Found a value of wrong type."; |
| 241 | 239 |
| 242 keys = new base::ListValue; | 240 keys = new base::ListValue; |
| 243 value.reset(keys); | 241 value.reset(keys); |
| 244 } | 242 } |
| 245 | 243 |
| 246 ignore_result(value.release()); | 244 ignore_result(value.release()); |
| 247 callback.Run(make_scoped_ptr(keys)); | 245 callback.Run(make_scoped_ptr(keys)); |
| 248 } | 246 } |
| 249 | 247 |
| 250 } // namespace chromeos | 248 } // namespace chromeos |
| OLD | NEW |
