OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" | 5 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" |
6 | 6 |
7 #include "base/base64.h" | 7 #include "base/base64.h" |
8 #include "base/callback.h" | 8 #include "base/callback.h" |
9 #include "base/values.h" | 9 #include "base/values.h" |
10 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" | 10 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" |
(...skipping 24 matching lines...) Expand all Loading... | |
35 const std::string& public_key_spki_der) { | 35 const std::string& public_key_spki_der) { |
36 callback.Run(public_key_spki_der, std::string() /* no error */); | 36 callback.Run(public_key_spki_der, std::string() /* no error */); |
37 } | 37 } |
38 | 38 |
39 // Callback used by |PlatformKeysService::Sign|. | 39 // Callback used by |PlatformKeysService::Sign|. |
40 // Is called with the old validity of |public_key_spki_der| (or false if an | 40 // Is called with the old validity of |public_key_spki_der| (or false if an |
41 // error occurred during reading the StateStore). If allowed, starts the actual | 41 // error occurred during reading the StateStore). If allowed, starts the actual |
42 // signing operation which will call back |callback|. If not allowed, calls | 42 // signing operation which will call back |callback|. If not allowed, calls |
43 // |callback| with an error. | 43 // |callback| with an error. |
44 void CheckValidityAndSign(const std::string& token_id, | 44 void CheckValidityAndSign(const std::string& token_id, |
45 const std::string& public_key_spki_der, | 45 scoped_ptr<platform_keys::SignRSAParams> params, |
46 platform_keys::HashAlgorithm hash_algorithm, | |
47 const std::string& data, | |
48 const PlatformKeysService::SignCallback& callback, | 46 const PlatformKeysService::SignCallback& callback, |
49 content::BrowserContext* browser_context, | 47 content::BrowserContext* browser_context, |
50 bool key_is_valid) { | 48 bool key_is_valid) { |
51 if (!key_is_valid) { | 49 if (!key_is_valid) { |
52 callback.Run(std::string() /* no signature */, | 50 callback.Run(std::string() /* no signature */, |
53 kErrorKeyNotAllowedForSigning); | 51 kErrorKeyNotAllowedForSigning); |
54 return; | 52 return; |
55 } | 53 } |
56 platform_keys::subtle::Sign(token_id, | 54 platform_keys::subtle::SignRSA(token_id, params.Pass(), callback, |
57 public_key_spki_der, | 55 browser_context); |
58 hash_algorithm, | |
59 data, | |
60 callback, | |
61 browser_context); | |
62 } | 56 } |
63 | 57 |
64 } // namespace | 58 } // namespace |
65 | 59 |
66 PlatformKeysService::PlatformKeysService( | 60 PlatformKeysService::PlatformKeysService( |
67 content::BrowserContext* browser_context, | 61 content::BrowserContext* browser_context, |
68 extensions::StateStore* state_store) | 62 extensions::StateStore* state_store) |
69 : browser_context_(browser_context), | 63 : browser_context_(browser_context), |
70 state_store_(state_store), | 64 state_store_(state_store), |
71 weak_factory_(this) { | 65 weak_factory_(this) { |
(...skipping 16 matching lines...) Expand all Loading... | |
88 platform_keys::subtle::GenerateRSAKey( | 82 platform_keys::subtle::GenerateRSAKey( |
89 token_id, | 83 token_id, |
90 modulus_length, | 84 modulus_length, |
91 base::Bind(&PlatformKeysService::GenerateRSAKeyCallback, | 85 base::Bind(&PlatformKeysService::GenerateRSAKeyCallback, |
92 weak_factory_.GetWeakPtr(), | 86 weak_factory_.GetWeakPtr(), |
93 extension_id, | 87 extension_id, |
94 callback), | 88 callback), |
95 browser_context_); | 89 browser_context_); |
96 } | 90 } |
97 | 91 |
98 void PlatformKeysService::Sign(const std::string& token_id, | 92 void PlatformKeysService::SignRSA( |
99 const std::string& public_key_spki_der, | 93 const std::string& token_id, |
100 platform_keys::HashAlgorithm hash_algorithm, | 94 scoped_ptr<platform_keys::SignRSAParams> params, |
101 const std::string& data, | 95 const std::string& extension_id, |
102 const std::string& extension_id, | 96 const SignCallback& callback) { |
103 const SignCallback& callback) { | |
104 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 97 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
105 ReadValidityAndInvalidateKey(extension_id, | 98 ReadValidityAndInvalidateKey( |
106 public_key_spki_der, | 99 extension_id, params->public_key(), |
107 base::Bind(&CheckValidityAndSign, | 100 base::Bind(&CheckValidityAndSign, token_id, base::Passed(¶ms), |
108 token_id, | 101 callback, browser_context_)); |
109 public_key_spki_der, | |
110 hash_algorithm, | |
111 data, | |
112 callback, | |
113 browser_context_)); | |
114 } | 102 } |
115 | 103 |
116 void PlatformKeysService::SelectClientCertificates( | 104 void PlatformKeysService::SelectClientCertificates( |
117 const platform_keys::ClientCertificateRequest& request, | 105 const platform_keys::ClientCertificateRequest& request, |
118 const std::string& extension_id, | 106 const std::string& extension_id, |
119 const SelectCertificatesCallback& callback) { | 107 const SelectCertificatesCallback& callback) { |
120 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 108 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
121 | 109 |
122 platform_keys::subtle::SelectClientCertificates( | 110 platform_keys::subtle::SelectClientCertificates( |
123 request, | 111 request, |
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
211 | 199 |
212 void PlatformKeysService::InvalidateKey( | 200 void PlatformKeysService::InvalidateKey( |
213 const std::string& extension_id, | 201 const std::string& extension_id, |
214 const std::string& public_key_spki_der, | 202 const std::string& public_key_spki_der, |
215 const base::Callback<void(bool)>& callback, | 203 const base::Callback<void(bool)>& callback, |
216 scoped_ptr<base::ListValue> platform_keys) { | 204 scoped_ptr<base::ListValue> platform_keys) { |
217 scoped_ptr<base::StringValue> key_value( | 205 scoped_ptr<base::StringValue> key_value( |
218 GetPublicKeyValue(public_key_spki_der)); | 206 GetPublicKeyValue(public_key_spki_der)); |
219 | 207 |
220 size_t index = 0; | 208 size_t index = 0; |
221 if (!platform_keys->Remove(*key_value, &index)) { | 209 // If the key is found in |platform_keys|, it's valid for the extension to use |
222 // The key is not found, so it's not valid to use it for signing. | 210 // it for signing. |
223 callback.Run(false); | 211 bool key_was_valid = platform_keys->Remove(*key_value, &index); |
224 return; | 212 |
213 if (key_was_valid) { | |
214 // Persist that the key is now invalid. | |
215 SetPlatformKeysOfExtension(extension_id, platform_keys.Pass()); | |
225 } | 216 } |
226 | 217 |
227 SetPlatformKeysOfExtension(extension_id, platform_keys.Pass()); | 218 if (permission_check_enabled_) { |
228 callback.Run(true); | 219 // If permission checks are enabled, pass back the key permission (before |
220 // it was removed above). | |
Ryan Sleevi
2015/02/10 00:59:33
To make sure I'm understanding: You only allow one
pneubeck (no reviews)
2015/02/10 10:40:52
Outside the new platform_keys_apitest_nss.cc the p
| |
221 callback.Run(key_was_valid); | |
222 } else { | |
223 // Otherwise just allow signing with the key (which is enabled for testing | |
224 // only). | |
225 callback.Run(true); | |
226 } | |
229 } | 227 } |
230 | 228 |
231 void PlatformKeysService::GotPlatformKeysOfExtension( | 229 void PlatformKeysService::GotPlatformKeysOfExtension( |
232 const std::string& extension_id, | 230 const std::string& extension_id, |
233 const GetPlatformKeysCallback& callback, | 231 const GetPlatformKeysCallback& callback, |
234 scoped_ptr<base::Value> value) { | 232 scoped_ptr<base::Value> value) { |
235 if (!value) | 233 if (!value) |
236 value.reset(new base::ListValue); | 234 value.reset(new base::ListValue); |
237 | 235 |
238 base::ListValue* keys = NULL; | 236 base::ListValue* keys = NULL; |
239 if (!value->GetAsList(&keys)) { | 237 if (!value->GetAsList(&keys)) { |
240 LOG(ERROR) << "Found a value of wrong type."; | 238 LOG(ERROR) << "Found a value of wrong type."; |
241 | 239 |
242 keys = new base::ListValue; | 240 keys = new base::ListValue; |
243 value.reset(keys); | 241 value.reset(keys); |
244 } | 242 } |
245 | 243 |
246 ignore_result(value.release()); | 244 ignore_result(value.release()); |
247 callback.Run(make_scoped_ptr(keys)); | 245 callback.Run(make_scoped_ptr(keys)); |
248 } | 246 } |
249 | 247 |
250 } // namespace chromeos | 248 } // namespace chromeos |
OLD | NEW |