| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_ | 6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 42 // be used for signing at most once. | 42 // be used for signing at most once. |
| 43 // The format written to |state_store| is: | 43 // The format written to |state_store| is: |
| 44 // kStateStorePlatformKeys maps to a list of strings. | 44 // kStateStorePlatformKeys maps to a list of strings. |
| 45 // Each string is the base64 encoding of the DER representation of a public | 45 // Each string is the base64 encoding of the DER representation of a public |
| 46 // key's SPKI. | 46 // key's SPKI. |
| 47 explicit PlatformKeysService(content::BrowserContext* browser_context, | 47 explicit PlatformKeysService(content::BrowserContext* browser_context, |
| 48 extensions::StateStore* state_store); | 48 extensions::StateStore* state_store); |
| 49 ~PlatformKeysService() override; | 49 ~PlatformKeysService() override; |
| 50 | 50 |
| 51 // Disables the checks whether an extension is allowed to read client | 51 // Disables the checks whether an extension is allowed to read client |
| 52 // certificates. | 52 // certificates or allowed to use the signing function of a key. |
| 53 // TODO(pneubeck): Remove this once a permissions are implemented. | 53 // TODO(pneubeck): Remove this once a permissions are implemented. |
| 54 void DisablePermissionCheckForTesting(); | 54 void DisablePermissionCheckForTesting(); |
| 55 | 55 |
| 56 // If the generation was successful, |public_key_spki_der| will contain the | 56 // If the generation was successful, |public_key_spki_der| will contain the |
| 57 // DER encoding of the SubjectPublicKeyInfo of the generated key and | 57 // DER encoding of the SubjectPublicKeyInfo of the generated key and |
| 58 // |error_message| will be empty. If it failed, |public_key_spki_der| will be | 58 // |error_message| will be empty. If it failed, |public_key_spki_der| will be |
| 59 // empty and |error_message| contain an error message. | 59 // empty and |error_message| contain an error message. |
| 60 typedef base::Callback<void(const std::string& public_key_spki_der, | 60 typedef base::Callback<void(const std::string& public_key_spki_der, |
| 61 const std::string& error_message)> | 61 const std::string& error_message)> |
| 62 GenerateKeyCallback; | 62 GenerateKeyCallback; |
| 63 | 63 |
| 64 // Generates a RSA key pair with |modulus_length_bits| and registers the key | 64 // Generates an RSA key pair with |modulus_length_bits| and registers the key |
| 65 // to allow a single sign operation by the given extension. |token_id| is | 65 // to allow a single sign operation by the given extension. |token_id| is |
| 66 // currently ignored, instead the user token associated with |browser_context| | 66 // currently ignored, instead the user token associated with |browser_context| |
| 67 // is always used. |callback| will be invoked with the resulting public key or | 67 // is always used. |callback| will be invoked with the resulting public key or |
| 68 // an error. | 68 // an error. |
| 69 // Will only call back during the lifetime of this object. | 69 // Will only call back during the lifetime of this object. |
| 70 void GenerateRSAKey(const std::string& token_id, | 70 void GenerateRSAKey(const std::string& token_id, |
| 71 unsigned int modulus_length_bits, | 71 unsigned int modulus_length_bits, |
| 72 const std::string& extension_id, | 72 const std::string& extension_id, |
| 73 const GenerateKeyCallback& callback); | 73 const GenerateKeyCallback& callback); |
| 74 | 74 |
| 75 // If signing was successful, |signature| will be contain the signature and | 75 // If signing was successful, |signature| will be contain the signature and |
| 76 // |error_message| will be empty. If it failed, |signature| will be empty and | 76 // |error_message| will be empty. If it failed, |signature| will be empty and |
| 77 // |error_message| contain an error message. | 77 // |error_message| contain an error message. |
| 78 typedef base::Callback<void(const std::string& signature, | 78 typedef base::Callback<void(const std::string& signature, |
| 79 const std::string& error_message)> SignCallback; | 79 const std::string& error_message)> SignCallback; |
| 80 | 80 |
| 81 // Digests |data| with |hash_algorithm| and afterwards signs the digest with | 81 // Digests |data|, applies PKCS1 padding and afterwards signs the data with |
| 82 // the private key matching |public_key_spki_der|, if that key is stored in | 82 // the private key matching |params.public_key|. If a non empty token id is |
| 83 // the given token and wasn't used for signing before. | 83 // provided and the key is not found in that token, the operation aborts. |
| 84 // Unregisters the key so that every future attempt to sign data with this key | 84 // If the extension does not have permissions for signing with this key, the |
| 85 // is rejected. |token_id| is currently ignored, instead the user token | 85 // operation aborts. In case of a one time permission (granted after |
| 86 // associated with |browser_context| is always used. |public_key_spki_der| | 86 // generating the key), this function also removes the permission to prevent |
| 87 // must be the DER encoding of a SubjectPublicKeyInfo. |callback| will be | 87 // future signing attempts. |
| 88 // invoked with the signature or an error message. Currently supports RSA keys | 88 // |callback| will be invoked with the signature or an error message. |
| 89 // only. | |
| 90 // Will only call back during the lifetime of this object. | 89 // Will only call back during the lifetime of this object. |
| 91 void Sign(const std::string& token_id, | 90 void SignRSAPKCS1Digest(const std::string& token_id, |
| 92 const std::string& public_key_spki_der, | 91 const std::string& data, |
| 93 platform_keys::HashAlgorithm hash_algorithm, | 92 const std::string& public_key, |
| 94 const std::string& data, | 93 platform_keys::HashAlgorithm hash_algorithm, |
| 95 const std::string& extension_id, | 94 const std::string& extension_id, |
| 96 const SignCallback& callback); | 95 const SignCallback& callback); |
| 96 |
| 97 // Applies PKCS1 padding and afterwards signs the data with the private key |
| 98 // matching |params.public_key|. |data| is not digested. If a non empty token |
| 99 // id is provided and the key is not found in that token, the operation |
| 100 // aborts. |
| 101 // The size of |data| (number of octets) must be smaller than k - 11, where k |
| 102 // is the key size in octets. |
| 103 // If the extension does not have permissions for signing with this key, the |
| 104 // operation aborts. In case of a one time permission (granted after |
| 105 // generating the key), this function also removes the permission to prevent |
| 106 // future signing attempts. |
| 107 // |callback| will be invoked with the signature or an error message. |
| 108 // Will only call back during the lifetime of this object. |
| 109 void SignRSAPKCS1Raw(const std::string& token_id, |
| 110 const std::string& data, |
| 111 const std::string& public_key, |
| 112 const std::string& extension_id, |
| 113 const SignCallback& callback); |
| 97 | 114 |
| 98 // If the certificate request could be processed successfully, |matches| will | 115 // If the certificate request could be processed successfully, |matches| will |
| 99 // contain the list of matching certificates (maybe empty) and |error_message| | 116 // contain the list of matching certificates (maybe empty) and |error_message| |
| 100 // will be empty. If an error occurred, |matches| will be null and | 117 // will be empty. If an error occurred, |matches| will be null and |
| 101 // |error_message| contain an error message. | 118 // |error_message| contain an error message. |
| 102 typedef base::Callback<void(scoped_ptr<net::CertificateList> matches, | 119 typedef base::Callback<void(scoped_ptr<net::CertificateList> matches, |
| 103 const std::string& error_message)> | 120 const std::string& error_message)> |
| 104 SelectCertificatesCallback; | 121 SelectCertificatesCallback; |
| 105 | 122 |
| 106 // Returns the list of all certificates that match |request|. |callback| will | 123 // Returns the list of all certificates that match |request|. |callback| will |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 193 extensions::StateStore* state_store_; | 210 extensions::StateStore* state_store_; |
| 194 bool permission_check_enabled_ = true; | 211 bool permission_check_enabled_ = true; |
| 195 base::WeakPtrFactory<PlatformKeysService> weak_factory_; | 212 base::WeakPtrFactory<PlatformKeysService> weak_factory_; |
| 196 | 213 |
| 197 DISALLOW_COPY_AND_ASSIGN(PlatformKeysService); | 214 DISALLOW_COPY_AND_ASSIGN(PlatformKeysService); |
| 198 }; | 215 }; |
| 199 | 216 |
| 200 } // namespace chromeos | 217 } // namespace chromeos |
| 201 | 218 |
| 202 #endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_ | 219 #endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_SERVICE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 884073002:
Implement chrome.platformKeys.getKeyPair(). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert_impl2