Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5205)

Unified Diff: chrome/browser/chromeos/platform_keys/platform_keys.h

Issue 884073002: Implement chrome.platformKeys.getKeyPair(). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@cert_impl2
Patch Set: Fix typo in basic.js. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/chromeos/platform_keys/platform_keys.h
diff --git a/chrome/browser/chromeos/platform_keys/platform_keys.h b/chrome/browser/chromeos/platform_keys/platform_keys.h
index 05d0deff4c727389132ad45e17c9884cda2e8e55..a932080d8e393ccaafac26e1e49a7683c405bed5 100644
--- a/chrome/browser/chromeos/platform_keys/platform_keys.h
+++ b/chrome/browser/chromeos/platform_keys/platform_keys.h
@@ -12,17 +12,13 @@
#include "base/macros.h"
#include "base/memory/ref_counted.h"
#include "base/memory/scoped_ptr.h"
+#include "net/cert/x509_certificate.h"
#include "net/ssl/ssl_client_cert_type.h"
namespace content {
class BrowserContext;
}
-namespace net {
-class X509Certificate;
-typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
-}
-
namespace chromeos {
namespace platform_keys {
@@ -38,6 +34,7 @@ extern const char kTokenIdSystem[];
// Supported hash algorithms.
enum HashAlgorithm {
+ HASH_ALGORITHM_NONE, // The value if no hash function is selected.
HASH_ALGORITHM_SHA1,
HASH_ALGORITHM_SHA256,
HASH_ALGORITHM_SHA384,
@@ -77,19 +74,28 @@ void GenerateRSAKey(const std::string& token_id,
typedef base::Callback<void(const std::string& signature,
const std::string& error_message)> SignCallback;
-// Digests |data| with |hash_algorithm| and afterwards signs the digest with the
-// private key matching |public_key|, if that key is stored in the given token.
-// |token_id| is currently ignored, instead the user token associated with
-// |browser_context| is always used. |public_key| must be the DER encoding of a
-// SubjectPublicKeyInfo. |callback| will be invoked with the signature or an
-// error message.
-// Currently supports RSA keys only.
-void Sign(const std::string& token_id,
- const std::string& public_key,
- HashAlgorithm hash_algorithm,
- const std::string& data,
- const SignCallback& callback,
- content::BrowserContext* browser_context);
+// Digests |data|, applies PKCS1 padding and afterwards signs the data with the
+// private key matching |params.public_key|. If a non empty token id is provided
+// and the key is not found in that token, the operation aborts. |callback| will
+// be invoked with the signature or an error message.
+void SignRSAPKCS1Digest(const std::string& token_id,
+ const std::string& data,
+ const std::string& public_key,
+ HashAlgorithm hash_algorithm,
+ const SignCallback& callback,
+ content::BrowserContext* browser_context);
+
+// Applies PKCS1 padding and afterwards signs the data with the private key
+// matching |params.public_key|. |data| is not digested. If a non empty token id
+// is provided and the key is not found in that token, the operation aborts.
+// The size of |data| (number of octets) must be smaller than k - 11, where k
+// is the key size in octets.
+// |callback| will be invoked with the signature or an error message.
+void SignRSAPKCS1Raw(const std::string& token_id,
+ const std::string& data,
+ const std::string& public_key,
+ const SignCallback& callback,
+ content::BrowserContext* browser_context);
// If the certificate request could be processed successfully, |matches| will
// contain the list of matching certificates (which may be empty) and
@@ -107,6 +113,20 @@ void SelectClientCertificates(const ClientCertificateRequest& request,
} // namespace subtle
+// If possible, fills the output arguments with information about the key
+// certified by |certificate| and returns true.
+// If an error occurs, does not modify the output arguments and returns false.
+// It is handled as an error, if the key is an RSA key with public exponent
+// not equal to 65537.
Ryan Sleevi 2015/02/10 21:25:28 Comment nit: This reads somewhat weird. Perhaps re
pneubeck (no reviews) 2015/02/11 14:37:04 adapted the implementation to ensure that false is
+// |public_key_spki_der|: Will be assigned the the X.509 Subject Public Key Info
+// of the key in DER encoding, if not null.
+// |key_type|: Will be assigned the type of the key, if not null.
+// |key_size_bits|: Will the size of the key in bits, if not null.
+bool GetPublicKey(const scoped_refptr<net::X509Certificate>& certificate,
+ std::string* out_public_key_spki_der,
+ net::X509Certificate::PublicKeyType* out_key_type,
+ size_t* out_key_size_bits);
Ryan Sleevi 2015/02/10 21:25:28 naming nit: None of these need to be named |out_|
pneubeck (no reviews) 2015/02/11 14:37:04 Done.
+
// If the list of certificates could be successfully retrieved, |certs| will
// contain the list of available certificates (maybe empty) and |error_message|
// will be empty. If an error occurred, |certs| will be empty and
@@ -134,7 +154,7 @@ typedef base::Callback<void(const std::string& error_message)>
// |browser_context| is always used. |callback| will be invoked when the import
// is finished, possibly with an error message.
void ImportCertificate(const std::string& token_id,
- scoped_refptr<net::X509Certificate> certificate,
+ const scoped_refptr<net::X509Certificate>& certificate,
const ImportCertificateCallback& callback,
content::BrowserContext* browser_context);
@@ -148,7 +168,7 @@ typedef base::Callback<void(const std::string& error_message)>
// user token associated with |browser_context| is always used. |callback| will
// be invoked when the removal is finished, possibly with an error message.
void RemoveCertificate(const std::string& token_id,
- scoped_refptr<net::X509Certificate> certificate,
+ const scoped_refptr<net::X509Certificate>& certificate,
const RemoveCertificateCallback& callback,
content::BrowserContext* browser_context);

Powered by Google App Engine
This is Rietveld 408576698