OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" | 5 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" |
6 | 6 |
7 #include "base/base64.h" | 7 #include "base/base64.h" |
8 #include "base/callback.h" | 8 #include "base/callback.h" |
9 #include "base/values.h" | 9 #include "base/values.h" |
10 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" | 10 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" |
(...skipping 24 matching lines...) Expand all Loading... |
35 const std::string& public_key_spki_der) { | 35 const std::string& public_key_spki_der) { |
36 callback.Run(public_key_spki_der, std::string() /* no error */); | 36 callback.Run(public_key_spki_der, std::string() /* no error */); |
37 } | 37 } |
38 | 38 |
39 // Callback used by |PlatformKeysService::Sign|. | 39 // Callback used by |PlatformKeysService::Sign|. |
40 // Is called with the old validity of |public_key_spki_der| (or false if an | 40 // Is called with the old validity of |public_key_spki_der| (or false if an |
41 // error occurred during reading the StateStore). If allowed, starts the actual | 41 // error occurred during reading the StateStore). If allowed, starts the actual |
42 // signing operation which will call back |callback|. If not allowed, calls | 42 // signing operation which will call back |callback|. If not allowed, calls |
43 // |callback| with an error. | 43 // |callback| with an error. |
44 void CheckValidityAndSign(const std::string& token_id, | 44 void CheckValidityAndSign(const std::string& token_id, |
45 const std::string& public_key_spki_der, | 45 const std::string& data, |
| 46 const std::string& public_key, |
| 47 bool sign_direct_pkcs_padded, |
46 platform_keys::HashAlgorithm hash_algorithm, | 48 platform_keys::HashAlgorithm hash_algorithm, |
47 const std::string& data, | |
48 const PlatformKeysService::SignCallback& callback, | 49 const PlatformKeysService::SignCallback& callback, |
49 content::BrowserContext* browser_context, | 50 content::BrowserContext* browser_context, |
50 bool key_is_valid) { | 51 bool key_is_valid) { |
51 if (!key_is_valid) { | 52 if (!key_is_valid) { |
52 callback.Run(std::string() /* no signature */, | 53 callback.Run(std::string() /* no signature */, |
53 kErrorKeyNotAllowedForSigning); | 54 kErrorKeyNotAllowedForSigning); |
54 return; | 55 return; |
55 } | 56 } |
56 platform_keys::subtle::Sign(token_id, | 57 if (sign_direct_pkcs_padded) { |
57 public_key_spki_der, | 58 platform_keys::subtle::SignRSAPKCS1Raw(token_id, data, public_key, callback, |
58 hash_algorithm, | 59 browser_context); |
59 data, | 60 } else { |
60 callback, | 61 platform_keys::subtle::SignRSAPKCS1Digest( |
61 browser_context); | 62 token_id, data, public_key, hash_algorithm, callback, browser_context); |
| 63 } |
62 } | 64 } |
63 | 65 |
64 } // namespace | 66 } // namespace |
65 | 67 |
66 PlatformKeysService::PlatformKeysService( | 68 PlatformKeysService::PlatformKeysService( |
67 content::BrowserContext* browser_context, | 69 content::BrowserContext* browser_context, |
68 extensions::StateStore* state_store) | 70 extensions::StateStore* state_store) |
69 : browser_context_(browser_context), | 71 : browser_context_(browser_context), |
70 state_store_(state_store), | 72 state_store_(state_store), |
71 weak_factory_(this) { | 73 weak_factory_(this) { |
(...skipping 16 matching lines...) Expand all Loading... |
88 platform_keys::subtle::GenerateRSAKey( | 90 platform_keys::subtle::GenerateRSAKey( |
89 token_id, | 91 token_id, |
90 modulus_length, | 92 modulus_length, |
91 base::Bind(&PlatformKeysService::GenerateRSAKeyCallback, | 93 base::Bind(&PlatformKeysService::GenerateRSAKeyCallback, |
92 weak_factory_.GetWeakPtr(), | 94 weak_factory_.GetWeakPtr(), |
93 extension_id, | 95 extension_id, |
94 callback), | 96 callback), |
95 browser_context_); | 97 browser_context_); |
96 } | 98 } |
97 | 99 |
98 void PlatformKeysService::Sign(const std::string& token_id, | 100 void PlatformKeysService::SignRSAPKCS1Digest( |
99 const std::string& public_key_spki_der, | 101 const std::string& token_id, |
100 platform_keys::HashAlgorithm hash_algorithm, | 102 const std::string& data, |
101 const std::string& data, | 103 const std::string& public_key, |
102 const std::string& extension_id, | 104 platform_keys::HashAlgorithm hash_algorithm, |
103 const SignCallback& callback) { | 105 const std::string& extension_id, |
| 106 const SignCallback& callback) { |
104 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 107 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
105 ReadValidityAndInvalidateKey(extension_id, | 108 ReadValidityAndInvalidateKey( |
106 public_key_spki_der, | 109 extension_id, public_key, |
107 base::Bind(&CheckValidityAndSign, | 110 base::Bind(&CheckValidityAndSign, token_id, data, public_key, |
108 token_id, | 111 false /* digest before signing */, hash_algorithm, callback, |
109 public_key_spki_der, | 112 browser_context_)); |
110 hash_algorithm, | 113 } |
111 data, | 114 |
112 callback, | 115 void PlatformKeysService::SignRSAPKCS1Raw(const std::string& token_id, |
113 browser_context_)); | 116 const std::string& data, |
| 117 const std::string& public_key, |
| 118 const std::string& extension_id, |
| 119 const SignCallback& callback) { |
| 120 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 121 ReadValidityAndInvalidateKey( |
| 122 extension_id, public_key, |
| 123 base::Bind(&CheckValidityAndSign, token_id, data, public_key, |
| 124 true /* sign directly without hashing */, |
| 125 platform_keys::HASH_ALGORITHM_NONE, callback, |
| 126 browser_context_)); |
114 } | 127 } |
115 | 128 |
116 void PlatformKeysService::SelectClientCertificates( | 129 void PlatformKeysService::SelectClientCertificates( |
117 const platform_keys::ClientCertificateRequest& request, | 130 const platform_keys::ClientCertificateRequest& request, |
118 const std::string& extension_id, | 131 const std::string& extension_id, |
119 const SelectCertificatesCallback& callback) { | 132 const SelectCertificatesCallback& callback) { |
120 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 133 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
121 | 134 |
122 platform_keys::subtle::SelectClientCertificates( | 135 platform_keys::subtle::SelectClientCertificates( |
123 request, | 136 request, |
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
211 | 224 |
212 void PlatformKeysService::InvalidateKey( | 225 void PlatformKeysService::InvalidateKey( |
213 const std::string& extension_id, | 226 const std::string& extension_id, |
214 const std::string& public_key_spki_der, | 227 const std::string& public_key_spki_der, |
215 const base::Callback<void(bool)>& callback, | 228 const base::Callback<void(bool)>& callback, |
216 scoped_ptr<base::ListValue> platform_keys) { | 229 scoped_ptr<base::ListValue> platform_keys) { |
217 scoped_ptr<base::StringValue> key_value( | 230 scoped_ptr<base::StringValue> key_value( |
218 GetPublicKeyValue(public_key_spki_der)); | 231 GetPublicKeyValue(public_key_spki_der)); |
219 | 232 |
220 size_t index = 0; | 233 size_t index = 0; |
221 if (!platform_keys->Remove(*key_value, &index)) { | 234 // If the key is found in |platform_keys|, it's valid for the extension to use |
222 // The key is not found, so it's not valid to use it for signing. | 235 // it for signing. |
223 callback.Run(false); | 236 bool key_was_valid = platform_keys->Remove(*key_value, &index); |
224 return; | 237 |
| 238 if (key_was_valid) { |
| 239 // Persist that the key is now invalid. |
| 240 SetPlatformKeysOfExtension(extension_id, platform_keys.Pass()); |
225 } | 241 } |
226 | 242 |
227 SetPlatformKeysOfExtension(extension_id, platform_keys.Pass()); | 243 if (permission_check_enabled_) { |
228 callback.Run(true); | 244 // If permission checks are enabled, pass back the key permission (before |
| 245 // it was removed above). |
| 246 callback.Run(key_was_valid); |
| 247 } else { |
| 248 // Otherwise just allow signing with the key (which is enabled for testing |
| 249 // only). |
| 250 callback.Run(true); |
| 251 } |
229 } | 252 } |
230 | 253 |
231 void PlatformKeysService::GotPlatformKeysOfExtension( | 254 void PlatformKeysService::GotPlatformKeysOfExtension( |
232 const std::string& extension_id, | 255 const std::string& extension_id, |
233 const GetPlatformKeysCallback& callback, | 256 const GetPlatformKeysCallback& callback, |
234 scoped_ptr<base::Value> value) { | 257 scoped_ptr<base::Value> value) { |
235 if (!value) | 258 if (!value) |
236 value.reset(new base::ListValue); | 259 value.reset(new base::ListValue); |
237 | 260 |
238 base::ListValue* keys = NULL; | 261 base::ListValue* keys = NULL; |
239 if (!value->GetAsList(&keys)) { | 262 if (!value->GetAsList(&keys)) { |
240 LOG(ERROR) << "Found a value of wrong type."; | 263 LOG(ERROR) << "Found a value of wrong type."; |
241 | 264 |
242 keys = new base::ListValue; | 265 keys = new base::ListValue; |
243 value.reset(keys); | 266 value.reset(keys); |
244 } | 267 } |
245 | 268 |
246 ignore_result(value.release()); | 269 ignore_result(value.release()); |
247 callback.Run(make_scoped_ptr(keys)); | 270 callback.Run(make_scoped_ptr(keys)); |
248 } | 271 } |
249 | 272 |
250 } // namespace chromeos | 273 } // namespace chromeos |
OLD | NEW |