| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" | 5 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "base/values.h" | 9 #include "base/values.h" |
| 10 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" | 10 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" |
| (...skipping 24 matching lines...) Expand all Loading... |
| 35 const std::string& public_key_spki_der) { | 35 const std::string& public_key_spki_der) { |
| 36 callback.Run(public_key_spki_der, std::string() /* no error */); | 36 callback.Run(public_key_spki_der, std::string() /* no error */); |
| 37 } | 37 } |
| 38 | 38 |
| 39 // Callback used by |PlatformKeysService::Sign|. | 39 // Callback used by |PlatformKeysService::Sign|. |
| 40 // Is called with the old validity of |public_key_spki_der| (or false if an | 40 // Is called with the old validity of |public_key_spki_der| (or false if an |
| 41 // error occurred during reading the StateStore). If allowed, starts the actual | 41 // error occurred during reading the StateStore). If allowed, starts the actual |
| 42 // signing operation which will call back |callback|. If not allowed, calls | 42 // signing operation which will call back |callback|. If not allowed, calls |
| 43 // |callback| with an error. | 43 // |callback| with an error. |
| 44 void CheckValidityAndSign(const std::string& token_id, | 44 void CheckValidityAndSign(const std::string& token_id, |
| 45 const std::string& public_key_spki_der, | 45 const std::string& data, |
| 46 const std::string& public_key, |
| 47 bool sign_direct_pkcs_padded, |
| 46 platform_keys::HashAlgorithm hash_algorithm, | 48 platform_keys::HashAlgorithm hash_algorithm, |
| 47 const std::string& data, | |
| 48 const PlatformKeysService::SignCallback& callback, | 49 const PlatformKeysService::SignCallback& callback, |
| 49 content::BrowserContext* browser_context, | 50 content::BrowserContext* browser_context, |
| 50 bool key_is_valid) { | 51 bool key_is_valid) { |
| 51 if (!key_is_valid) { | 52 if (!key_is_valid) { |
| 52 callback.Run(std::string() /* no signature */, | 53 callback.Run(std::string() /* no signature */, |
| 53 kErrorKeyNotAllowedForSigning); | 54 kErrorKeyNotAllowedForSigning); |
| 54 return; | 55 return; |
| 55 } | 56 } |
| 56 platform_keys::subtle::Sign(token_id, | 57 if (sign_direct_pkcs_padded) { |
| 57 public_key_spki_der, | 58 platform_keys::subtle::SignRSAPKCS1Raw(token_id, data, public_key, callback, |
| 58 hash_algorithm, | 59 browser_context); |
| 59 data, | 60 } else { |
| 60 callback, | 61 platform_keys::subtle::SignRSAPKCS1Digest( |
| 61 browser_context); | 62 token_id, data, public_key, hash_algorithm, callback, browser_context); |
| 63 } |
| 62 } | 64 } |
| 63 | 65 |
| 64 } // namespace | 66 } // namespace |
| 65 | 67 |
| 66 PlatformKeysService::PlatformKeysService( | 68 PlatformKeysService::PlatformKeysService( |
| 67 content::BrowserContext* browser_context, | 69 content::BrowserContext* browser_context, |
| 68 extensions::StateStore* state_store) | 70 extensions::StateStore* state_store) |
| 69 : browser_context_(browser_context), | 71 : browser_context_(browser_context), |
| 70 state_store_(state_store), | 72 state_store_(state_store), |
| 71 weak_factory_(this) { | 73 weak_factory_(this) { |
| (...skipping 16 matching lines...) Expand all Loading... |
| 88 platform_keys::subtle::GenerateRSAKey( | 90 platform_keys::subtle::GenerateRSAKey( |
| 89 token_id, | 91 token_id, |
| 90 modulus_length, | 92 modulus_length, |
| 91 base::Bind(&PlatformKeysService::GenerateRSAKeyCallback, | 93 base::Bind(&PlatformKeysService::GenerateRSAKeyCallback, |
| 92 weak_factory_.GetWeakPtr(), | 94 weak_factory_.GetWeakPtr(), |
| 93 extension_id, | 95 extension_id, |
| 94 callback), | 96 callback), |
| 95 browser_context_); | 97 browser_context_); |
| 96 } | 98 } |
| 97 | 99 |
| 98 void PlatformKeysService::Sign(const std::string& token_id, | 100 void PlatformKeysService::SignRSAPKCS1Digest( |
| 99 const std::string& public_key_spki_der, | 101 const std::string& token_id, |
| 100 platform_keys::HashAlgorithm hash_algorithm, | 102 const std::string& data, |
| 101 const std::string& data, | 103 const std::string& public_key, |
| 102 const std::string& extension_id, | 104 platform_keys::HashAlgorithm hash_algorithm, |
| 103 const SignCallback& callback) { | 105 const std::string& extension_id, |
| 106 const SignCallback& callback) { |
| 104 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 107 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 105 ReadValidityAndInvalidateKey(extension_id, | 108 ReadValidityAndInvalidateKey( |
| 106 public_key_spki_der, | 109 extension_id, public_key, |
| 107 base::Bind(&CheckValidityAndSign, | 110 base::Bind(&CheckValidityAndSign, token_id, data, public_key, |
| 108 token_id, | 111 false /* digest before signing */, hash_algorithm, callback, |
| 109 public_key_spki_der, | 112 browser_context_)); |
| 110 hash_algorithm, | 113 } |
| 111 data, | 114 |
| 112 callback, | 115 void PlatformKeysService::SignRSAPKCS1Raw(const std::string& token_id, |
| 113 browser_context_)); | 116 const std::string& data, |
| 117 const std::string& public_key, |
| 118 const std::string& extension_id, |
| 119 const SignCallback& callback) { |
| 120 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 121 ReadValidityAndInvalidateKey( |
| 122 extension_id, public_key, |
| 123 base::Bind(&CheckValidityAndSign, token_id, data, public_key, |
| 124 true /* sign directly without hashing */, |
| 125 platform_keys::HASH_ALGORITHM_NONE, callback, |
| 126 browser_context_)); |
| 114 } | 127 } |
| 115 | 128 |
| 116 void PlatformKeysService::SelectClientCertificates( | 129 void PlatformKeysService::SelectClientCertificates( |
| 117 const platform_keys::ClientCertificateRequest& request, | 130 const platform_keys::ClientCertificateRequest& request, |
| 118 const std::string& extension_id, | 131 const std::string& extension_id, |
| 119 const SelectCertificatesCallback& callback) { | 132 const SelectCertificatesCallback& callback) { |
| 120 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 133 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 121 | 134 |
| 122 platform_keys::subtle::SelectClientCertificates( | 135 platform_keys::subtle::SelectClientCertificates( |
| 123 request, | 136 request, |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 211 | 224 |
| 212 void PlatformKeysService::InvalidateKey( | 225 void PlatformKeysService::InvalidateKey( |
| 213 const std::string& extension_id, | 226 const std::string& extension_id, |
| 214 const std::string& public_key_spki_der, | 227 const std::string& public_key_spki_der, |
| 215 const base::Callback<void(bool)>& callback, | 228 const base::Callback<void(bool)>& callback, |
| 216 scoped_ptr<base::ListValue> platform_keys) { | 229 scoped_ptr<base::ListValue> platform_keys) { |
| 217 scoped_ptr<base::StringValue> key_value( | 230 scoped_ptr<base::StringValue> key_value( |
| 218 GetPublicKeyValue(public_key_spki_der)); | 231 GetPublicKeyValue(public_key_spki_der)); |
| 219 | 232 |
| 220 size_t index = 0; | 233 size_t index = 0; |
| 221 if (!platform_keys->Remove(*key_value, &index)) { | 234 // If the key is found in |platform_keys|, it's valid for the extension to use |
| 222 // The key is not found, so it's not valid to use it for signing. | 235 // it for signing. |
| 223 callback.Run(false); | 236 bool key_was_valid = platform_keys->Remove(*key_value, &index); |
| 224 return; | 237 |
| 238 if (key_was_valid) { |
| 239 // Persist that the key is now invalid. |
| 240 SetPlatformKeysOfExtension(extension_id, platform_keys.Pass()); |
| 225 } | 241 } |
| 226 | 242 |
| 227 SetPlatformKeysOfExtension(extension_id, platform_keys.Pass()); | 243 if (permission_check_enabled_) { |
| 228 callback.Run(true); | 244 // If permission checks are enabled, pass back the key permission (before |
| 245 // it was removed above). |
| 246 callback.Run(key_was_valid); |
| 247 } else { |
| 248 // Otherwise just allow signing with the key (which is enabled for testing |
| 249 // only). |
| 250 callback.Run(true); |
| 251 } |
| 229 } | 252 } |
| 230 | 253 |
| 231 void PlatformKeysService::GotPlatformKeysOfExtension( | 254 void PlatformKeysService::GotPlatformKeysOfExtension( |
| 232 const std::string& extension_id, | 255 const std::string& extension_id, |
| 233 const GetPlatformKeysCallback& callback, | 256 const GetPlatformKeysCallback& callback, |
| 234 scoped_ptr<base::Value> value) { | 257 scoped_ptr<base::Value> value) { |
| 235 if (!value) | 258 if (!value) |
| 236 value.reset(new base::ListValue); | 259 value.reset(new base::ListValue); |
| 237 | 260 |
| 238 base::ListValue* keys = NULL; | 261 base::ListValue* keys = NULL; |
| 239 if (!value->GetAsList(&keys)) { | 262 if (!value->GetAsList(&keys)) { |
| 240 LOG(ERROR) << "Found a value of wrong type."; | 263 LOG(ERROR) << "Found a value of wrong type."; |
| 241 | 264 |
| 242 keys = new base::ListValue; | 265 keys = new base::ListValue; |
| 243 value.reset(keys); | 266 value.reset(keys); |
| 244 } | 267 } |
| 245 | 268 |
| 246 ignore_result(value.release()); | 269 ignore_result(value.release()); |
| 247 callback.Run(make_scoped_ptr(keys)); | 270 callback.Run(make_scoped_ptr(keys)); |
| 248 } | 271 } |
| 249 | 272 |
| 250 } // namespace chromeos | 273 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 884073002:
Implement chrome.platformKeys.getKeyPair(). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert_impl2