Chromium Code Reviews Chromium Code Reviews
Issue 884073002:
Implement chrome.platformKeys.getKeyPair(). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert_impl2| Index: chrome/browser/chromeos/platform_keys/platform_keys_service.cc |
| diff --git a/chrome/browser/chromeos/platform_keys/platform_keys_service.cc b/chrome/browser/chromeos/platform_keys/platform_keys_service.cc |
| index 95dbff81b22c72ddd2b89243a6b74048b9e923c1..4318043187267268698dff8eec92c9c01696d0d8 100644 |
| --- a/chrome/browser/chromeos/platform_keys/platform_keys_service.cc |
| +++ b/chrome/browser/chromeos/platform_keys/platform_keys_service.cc |
| @@ -42,9 +42,7 @@ void RunGenerateKeyCallback( |
| // signing operation which will call back |callback|. If not allowed, calls |
| // |callback| with an error. |
| void CheckValidityAndSign(const std::string& token_id, |
| - const std::string& public_key_spki_der, |
| - platform_keys::HashAlgorithm hash_algorithm, |
| - const std::string& data, |
| + scoped_ptr<platform_keys::SignRSAParams> params, |
| const PlatformKeysService::SignCallback& callback, |
| content::BrowserContext* browser_context, |
| bool key_is_valid) { |
| @@ -53,12 +51,8 @@ void CheckValidityAndSign(const std::string& token_id, |
| kErrorKeyNotAllowedForSigning); |
| return; |
| } |
| - platform_keys::subtle::Sign(token_id, |
| - public_key_spki_der, |
| - hash_algorithm, |
| - data, |
| - callback, |
| - browser_context); |
| + platform_keys::subtle::SignRSA(token_id, params.Pass(), callback, |
| + browser_context); |
| } |
| } // namespace |
| @@ -95,22 +89,16 @@ void PlatformKeysService::GenerateRSAKey(const std::string& token_id, |
| browser_context_); |
| } |
| -void PlatformKeysService::Sign(const std::string& token_id, |
| - const std::string& public_key_spki_der, |
| - platform_keys::HashAlgorithm hash_algorithm, |
| - const std::string& data, |
| - const std::string& extension_id, |
| - const SignCallback& callback) { |
| +void PlatformKeysService::SignRSA( |
| + const std::string& token_id, |
| + scoped_ptr<platform_keys::SignRSAParams> params, |
| + const std::string& extension_id, |
| + const SignCallback& callback) { |
| DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| - ReadValidityAndInvalidateKey(extension_id, |
| - public_key_spki_der, |
| - base::Bind(&CheckValidityAndSign, |
| - token_id, |
| - public_key_spki_der, |
| - hash_algorithm, |
| - data, |
| - callback, |
| - browser_context_)); |
| + ReadValidityAndInvalidateKey( |
| + extension_id, params->public_key(), |
| + base::Bind(&CheckValidityAndSign, token_id, base::Passed(¶ms), |
| + callback, browser_context_)); |
| } |
| void PlatformKeysService::SelectClientCertificates( |
| @@ -218,14 +206,24 @@ void PlatformKeysService::InvalidateKey( |
| GetPublicKeyValue(public_key_spki_der)); |
| size_t index = 0; |
| - if (!platform_keys->Remove(*key_value, &index)) { |
| - // The key is not found, so it's not valid to use it for signing. |
| - callback.Run(false); |
| - return; |
| + // If the key is found in |platform_keys|, it's valid for the extension to use |
| + // it for signing. |
| + bool key_was_valid = platform_keys->Remove(*key_value, &index); |
| + |
| + if (key_was_valid) { |
| + // Persist that the key is now invalid. |
| + SetPlatformKeysOfExtension(extension_id, platform_keys.Pass()); |
| } |
| - SetPlatformKeysOfExtension(extension_id, platform_keys.Pass()); |
| - callback.Run(true); |
| + if (permission_check_enabled_) { |
| + // If permission checks are enabled, pass back the key permission (before |
| + // it was removed above). |
|
Ryan Sleevi
2015/02/10 00:59:33
To make sure I'm understanding: You only allow one
pneubeck (no reviews)
2015/02/10 10:40:52
Outside the new platform_keys_apitest_nss.cc the p
|
| + callback.Run(key_was_valid); |
| + } else { |
| + // Otherwise just allow signing with the key (which is enabled for testing |
| + // only). |
| + callback.Run(true); |
| + } |
| } |
| void PlatformKeysService::GotPlatformKeysOfExtension( |
