| Index: chrome/browser/chromeos/platform_keys/platform_keys_service.h
|
| diff --git a/chrome/browser/chromeos/platform_keys/platform_keys_service.h b/chrome/browser/chromeos/platform_keys/platform_keys_service.h
|
| index c7def45464a001a254616b60d04e6132c5754dab..af7efc7ffe5f14dd207e25ddffb1453072b8c3c5 100644
|
| --- a/chrome/browser/chromeos/platform_keys/platform_keys_service.h
|
| +++ b/chrome/browser/chromeos/platform_keys/platform_keys_service.h
|
| @@ -49,7 +49,7 @@ class PlatformKeysService : public KeyedService {
|
| ~PlatformKeysService() override;
|
|
|
| // Disables the checks whether an extension is allowed to read client
|
| - // certificates.
|
| + // certificates or allowed to use the signing function of a key.
|
| // TODO(pneubeck): Remove this once a permissions are implemented.
|
| void DisablePermissionCheckForTesting();
|
|
|
| @@ -78,22 +78,20 @@ class PlatformKeysService : public KeyedService {
|
| typedef base::Callback<void(const std::string& signature,
|
| const std::string& error_message)> SignCallback;
|
|
|
| - // Digests |data| with |hash_algorithm| and afterwards signs the digest with
|
| - // the private key matching |public_key_spki_der|, if that key is stored in
|
| - // the given token and wasn't used for signing before.
|
| - // Unregisters the key so that every future attempt to sign data with this key
|
| - // is rejected. |token_id| is currently ignored, instead the user token
|
| - // associated with |browser_context| is always used. |public_key_spki_der|
|
| - // must be the DER encoding of a SubjectPublicKeyInfo. |callback| will be
|
| - // invoked with the signature or an error message. Currently supports RSA keys
|
| - // only.
|
| + // Optionally digests |data|, applies PKCS1 padding and afterwards signs the
|
| + // data with the private key matching |params.public_key|. If a non empty
|
| + // token id is provided and the key is not found in that token, the operation
|
| + // aborts.
|
| + // If the extension does not have permissions for signing with this key, the
|
| + // operation aborts. In case of a one time permission (granted after
|
| + // generating the key), this function also removes the permission to prevent
|
| + // future signing attempts.
|
| + // |callback| will be invoked with the signature or an error message.
|
| // Will only call back during the lifetime of this object.
|
| - void Sign(const std::string& token_id,
|
| - const std::string& public_key_spki_der,
|
| - platform_keys::HashAlgorithm hash_algorithm,
|
| - const std::string& data,
|
| - const std::string& extension_id,
|
| - const SignCallback& callback);
|
| + void SignRSA(const std::string& token_id,
|
| + scoped_ptr<platform_keys::SignRSAParams> params,
|
| + const std::string& extension_id,
|
| + const SignCallback& callback);
|
|
|
| // If the certificate request could be processed successfully, |matches| will
|
| // contain the list of matching certificates (maybe empty) and |error_message|
|
|
|
Chromium Code Reviews
Issue 884073002:
Implement chrome.platformKeys.getKeyPair(). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert_impl2