Implement chrome.platformKeys.getKeyPair().

chrome/browser/chromeos/platform_keys/platform_keys_service.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_
 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_
 
 #include <string>
 #include <vector>
 
@@ skipping 31 matching lines @@
   // be used for signing at most once.
   // The format written to |state_store| is:
   //   kStateStorePlatformKeys maps to a list of strings.
   //   Each string is the base64 encoding of the DER representation of a public
   //   key's SPKI.
   explicit PlatformKeysService(content::BrowserContext* browser_context,
                                extensions::StateStore* state_store);
   ~PlatformKeysService() override;
 
   // Disables the checks whether an extension is allowed to read client
-  // certificates.
+  // certificates or allowed to use the signing function of a key.
   // TODO(pneubeck): Remove this once a permissions are implemented.
   void DisablePermissionCheckForTesting();
 
   // If the generation was successful, |public_key_spki_der| will contain the
   // DER encoding of the SubjectPublicKeyInfo of the generated key and
   // |error_message| will be empty. If it failed, |public_key_spki_der| will be
   // empty and |error_message| contain an error message.
   typedef base::Callback<void(const std::string& public_key_spki_der,
                               const std::string& error_message)>
       GenerateKeyCallback;
 
   // Generates a RSA key pair with |modulus_length_bits| and registers the key
   // to allow a single sign operation by the given extension. |token_id| is
   // currently ignored, instead the user token associated with |browser_context|
   // is always used. |callback| will be invoked with the resulting public key or
   // an error.
   // Will only call back during the lifetime of this object.
   void GenerateRSAKey(const std::string& token_id,
                       unsigned int modulus_length_bits,
                       const std::string& extension_id,
                       const GenerateKeyCallback& callback);
 
   // If signing was successful, |signature| will be contain the signature and
   // |error_message| will be empty. If it failed, |signature| will be empty and
   // |error_message| contain an error message.
   typedef base::Callback<void(const std::string& signature,
                               const std::string& error_message)> SignCallback;
 
-  // Digests |data| with |hash_algorithm| and afterwards signs the digest with
-  // the private key matching |public_key_spki_der|, if that key is stored in
-  // the given token and wasn't used for signing before.
-  // Unregisters the key so that every future attempt to sign data with this key
-  // is rejected. |token_id| is currently ignored, instead the user token
-  // associated with |browser_context| is always used. |public_key_spki_der|
-  // must be the DER encoding of a SubjectPublicKeyInfo. |callback| will be
-  // invoked with the signature or an error message. Currently supports RSA keys
-  // only.
+  // Optionally digests |data|, applies PKCS1 padding and afterwards signs the
+  // data with the private key matching |params.public_key|. If a non empty
+  // token id is provided and the key is not found in that token, the operation
+  // aborts.
+  // If the extension does not have permissions for signing with this key, the
+  // operation aborts. In case of a one time permission (granted after
+  // generating the key), this function also removes the permission to prevent
+  // future signing attempts.
+  // |callback| will be invoked with the signature or an error message.
   // Will only call back during the lifetime of this object.
-  void Sign(const std::string& token_id,
-            const std::string& public_key_spki_der,
-            platform_keys::HashAlgorithm hash_algorithm,
-            const std::string& data,
-            const std::string& extension_id,
-            const SignCallback& callback);
+  void SignRSA(const std::string& token_id,
+               scoped_ptr<platform_keys::SignRSAParams> params,
+               const std::string& extension_id,
+               const SignCallback& callback);
 
   // If the certificate request could be processed successfully, |matches| will
   // contain the list of matching certificates (maybe empty) and |error_message|
   // will be empty. If an error occurred, |matches| will be null and
   // |error_message| contain an error message.
   typedef base::Callback<void(scoped_ptr<net::CertificateList> matches,
                               const std::string& error_message)>
       SelectCertificatesCallback;
 
   // Returns the list of all certificates that match |request|. |callback| will
@@ skipping 86 matching lines @@
   extensions::StateStore* state_store_;
   bool permission_check_enabled_ = true;
   base::WeakPtrFactory<PlatformKeysService> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(PlatformKeysService);
 };
 
 }  // namespace chromeos
 
 #endif  // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_