Index: chrome/browser/chromeos/platform_keys/platform_keys_service.cc |
diff --git a/chrome/browser/chromeos/platform_keys/platform_keys_service.cc b/chrome/browser/chromeos/platform_keys/platform_keys_service.cc |
index 95dbff81b22c72ddd2b89243a6b74048b9e923c1..4318043187267268698dff8eec92c9c01696d0d8 100644 |
--- a/chrome/browser/chromeos/platform_keys/platform_keys_service.cc |
+++ b/chrome/browser/chromeos/platform_keys/platform_keys_service.cc |
@@ -42,9 +42,7 @@ void RunGenerateKeyCallback( |
// signing operation which will call back |callback|. If not allowed, calls |
// |callback| with an error. |
void CheckValidityAndSign(const std::string& token_id, |
- const std::string& public_key_spki_der, |
- platform_keys::HashAlgorithm hash_algorithm, |
- const std::string& data, |
+ scoped_ptr<platform_keys::SignRSAParams> params, |
const PlatformKeysService::SignCallback& callback, |
content::BrowserContext* browser_context, |
bool key_is_valid) { |
@@ -53,12 +51,8 @@ void CheckValidityAndSign(const std::string& token_id, |
kErrorKeyNotAllowedForSigning); |
return; |
} |
- platform_keys::subtle::Sign(token_id, |
- public_key_spki_der, |
- hash_algorithm, |
- data, |
- callback, |
- browser_context); |
+ platform_keys::subtle::SignRSA(token_id, params.Pass(), callback, |
+ browser_context); |
} |
} // namespace |
@@ -95,22 +89,16 @@ void PlatformKeysService::GenerateRSAKey(const std::string& token_id, |
browser_context_); |
} |
-void PlatformKeysService::Sign(const std::string& token_id, |
- const std::string& public_key_spki_der, |
- platform_keys::HashAlgorithm hash_algorithm, |
- const std::string& data, |
- const std::string& extension_id, |
- const SignCallback& callback) { |
+void PlatformKeysService::SignRSA( |
+ const std::string& token_id, |
+ scoped_ptr<platform_keys::SignRSAParams> params, |
+ const std::string& extension_id, |
+ const SignCallback& callback) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
- ReadValidityAndInvalidateKey(extension_id, |
- public_key_spki_der, |
- base::Bind(&CheckValidityAndSign, |
- token_id, |
- public_key_spki_der, |
- hash_algorithm, |
- data, |
- callback, |
- browser_context_)); |
+ ReadValidityAndInvalidateKey( |
+ extension_id, params->public_key(), |
+ base::Bind(&CheckValidityAndSign, token_id, base::Passed(¶ms), |
+ callback, browser_context_)); |
} |
void PlatformKeysService::SelectClientCertificates( |
@@ -218,14 +206,24 @@ void PlatformKeysService::InvalidateKey( |
GetPublicKeyValue(public_key_spki_der)); |
size_t index = 0; |
- if (!platform_keys->Remove(*key_value, &index)) { |
- // The key is not found, so it's not valid to use it for signing. |
- callback.Run(false); |
- return; |
+ // If the key is found in |platform_keys|, it's valid for the extension to use |
+ // it for signing. |
+ bool key_was_valid = platform_keys->Remove(*key_value, &index); |
+ |
+ if (key_was_valid) { |
+ // Persist that the key is now invalid. |
+ SetPlatformKeysOfExtension(extension_id, platform_keys.Pass()); |
} |
- SetPlatformKeysOfExtension(extension_id, platform_keys.Pass()); |
- callback.Run(true); |
+ if (permission_check_enabled_) { |
+ // If permission checks are enabled, pass back the key permission (before |
+ // it was removed above). |
Ryan Sleevi
2015/02/10 00:59:33
To make sure I'm understanding: You only allow one
pneubeck (no reviews)
2015/02/10 10:40:52
Outside the new platform_keys_apitest_nss.cc the p
|
+ callback.Run(key_was_valid); |
+ } else { |
+ // Otherwise just allow signing with the key (which is enabled for testing |
+ // only). |
+ callback.Run(true); |
+ } |
} |
void PlatformKeysService::GotPlatformKeysOfExtension( |