Index: chrome/browser/chromeos/platform_keys/platform_keys.h |
diff --git a/chrome/browser/chromeos/platform_keys/platform_keys.h b/chrome/browser/chromeos/platform_keys/platform_keys.h |
index 05d0deff4c727389132ad45e17c9884cda2e8e55..a932080d8e393ccaafac26e1e49a7683c405bed5 100644 |
--- a/chrome/browser/chromeos/platform_keys/platform_keys.h |
+++ b/chrome/browser/chromeos/platform_keys/platform_keys.h |
@@ -12,17 +12,13 @@ |
#include "base/macros.h" |
#include "base/memory/ref_counted.h" |
#include "base/memory/scoped_ptr.h" |
+#include "net/cert/x509_certificate.h" |
#include "net/ssl/ssl_client_cert_type.h" |
namespace content { |
class BrowserContext; |
} |
-namespace net { |
-class X509Certificate; |
-typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; |
-} |
- |
namespace chromeos { |
namespace platform_keys { |
@@ -38,6 +34,7 @@ extern const char kTokenIdSystem[]; |
// Supported hash algorithms. |
enum HashAlgorithm { |
+ HASH_ALGORITHM_NONE, // The value if no hash function is selected. |
HASH_ALGORITHM_SHA1, |
HASH_ALGORITHM_SHA256, |
HASH_ALGORITHM_SHA384, |
@@ -77,19 +74,28 @@ void GenerateRSAKey(const std::string& token_id, |
typedef base::Callback<void(const std::string& signature, |
const std::string& error_message)> SignCallback; |
-// Digests |data| with |hash_algorithm| and afterwards signs the digest with the |
-// private key matching |public_key|, if that key is stored in the given token. |
-// |token_id| is currently ignored, instead the user token associated with |
-// |browser_context| is always used. |public_key| must be the DER encoding of a |
-// SubjectPublicKeyInfo. |callback| will be invoked with the signature or an |
-// error message. |
-// Currently supports RSA keys only. |
-void Sign(const std::string& token_id, |
- const std::string& public_key, |
- HashAlgorithm hash_algorithm, |
- const std::string& data, |
- const SignCallback& callback, |
- content::BrowserContext* browser_context); |
+// Digests |data|, applies PKCS1 padding and afterwards signs the data with the |
+// private key matching |params.public_key|. If a non empty token id is provided |
+// and the key is not found in that token, the operation aborts. |callback| will |
+// be invoked with the signature or an error message. |
+void SignRSAPKCS1Digest(const std::string& token_id, |
+ const std::string& data, |
+ const std::string& public_key, |
+ HashAlgorithm hash_algorithm, |
+ const SignCallback& callback, |
+ content::BrowserContext* browser_context); |
+ |
+// Applies PKCS1 padding and afterwards signs the data with the private key |
+// matching |params.public_key|. |data| is not digested. If a non empty token id |
+// is provided and the key is not found in that token, the operation aborts. |
+// The size of |data| (number of octets) must be smaller than k - 11, where k |
+// is the key size in octets. |
+// |callback| will be invoked with the signature or an error message. |
+void SignRSAPKCS1Raw(const std::string& token_id, |
+ const std::string& data, |
+ const std::string& public_key, |
+ const SignCallback& callback, |
+ content::BrowserContext* browser_context); |
// If the certificate request could be processed successfully, |matches| will |
// contain the list of matching certificates (which may be empty) and |
@@ -107,6 +113,20 @@ void SelectClientCertificates(const ClientCertificateRequest& request, |
} // namespace subtle |
+// If possible, fills the output arguments with information about the key |
+// certified by |certificate| and returns true. |
+// If an error occurs, does not modify the output arguments and returns false. |
+// It is handled as an error, if the key is an RSA key with public exponent |
+// not equal to 65537. |
Ryan Sleevi
2015/02/10 21:25:28
Comment nit: This reads somewhat weird. Perhaps re
pneubeck (no reviews)
2015/02/11 14:37:04
adapted the implementation to ensure that false is
|
+// |public_key_spki_der|: Will be assigned the the X.509 Subject Public Key Info |
+// of the key in DER encoding, if not null. |
+// |key_type|: Will be assigned the type of the key, if not null. |
+// |key_size_bits|: Will the size of the key in bits, if not null. |
+bool GetPublicKey(const scoped_refptr<net::X509Certificate>& certificate, |
+ std::string* out_public_key_spki_der, |
+ net::X509Certificate::PublicKeyType* out_key_type, |
+ size_t* out_key_size_bits); |
Ryan Sleevi
2015/02/10 21:25:28
naming nit: None of these need to be named |out_|
pneubeck (no reviews)
2015/02/11 14:37:04
Done.
|
+ |
// If the list of certificates could be successfully retrieved, |certs| will |
// contain the list of available certificates (maybe empty) and |error_message| |
// will be empty. If an error occurred, |certs| will be empty and |
@@ -134,7 +154,7 @@ typedef base::Callback<void(const std::string& error_message)> |
// |browser_context| is always used. |callback| will be invoked when the import |
// is finished, possibly with an error message. |
void ImportCertificate(const std::string& token_id, |
- scoped_refptr<net::X509Certificate> certificate, |
+ const scoped_refptr<net::X509Certificate>& certificate, |
const ImportCertificateCallback& callback, |
content::BrowserContext* browser_context); |
@@ -148,7 +168,7 @@ typedef base::Callback<void(const std::string& error_message)> |
// user token associated with |browser_context| is always used. |callback| will |
// be invoked when the removal is finished, possibly with an error message. |
void RemoveCertificate(const std::string& token_id, |
- scoped_refptr<net::X509Certificate> certificate, |
+ const scoped_refptr<net::X509Certificate>& certificate, |
const RemoveCertificateCallback& callback, |
content::BrowserContext* browser_context); |