Chromium Code Reviews Chromium Code Reviews
Issue 884073002:
Implement chrome.platformKeys.getKeyPair(). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert_impl2| Index: chrome/browser/chromeos/platform_keys/platform_keys.h |
| diff --git a/chrome/browser/chromeos/platform_keys/platform_keys.h b/chrome/browser/chromeos/platform_keys/platform_keys.h |
| index 05d0deff4c727389132ad45e17c9884cda2e8e55..a932080d8e393ccaafac26e1e49a7683c405bed5 100644 |
| --- a/chrome/browser/chromeos/platform_keys/platform_keys.h |
| +++ b/chrome/browser/chromeos/platform_keys/platform_keys.h |
| @@ -12,17 +12,13 @@ |
| #include "base/macros.h" |
| #include "base/memory/ref_counted.h" |
| #include "base/memory/scoped_ptr.h" |
| +#include "net/cert/x509_certificate.h" |
| #include "net/ssl/ssl_client_cert_type.h" |
| namespace content { |
| class BrowserContext; |
| } |
| -namespace net { |
| -class X509Certificate; |
| -typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; |
| -} |
| - |
| namespace chromeos { |
| namespace platform_keys { |
| @@ -38,6 +34,7 @@ extern const char kTokenIdSystem[]; |
| // Supported hash algorithms. |
| enum HashAlgorithm { |
| + HASH_ALGORITHM_NONE, // The value if no hash function is selected. |
| HASH_ALGORITHM_SHA1, |
| HASH_ALGORITHM_SHA256, |
| HASH_ALGORITHM_SHA384, |
| @@ -77,19 +74,28 @@ void GenerateRSAKey(const std::string& token_id, |
| typedef base::Callback<void(const std::string& signature, |
| const std::string& error_message)> SignCallback; |
| -// Digests |data| with |hash_algorithm| and afterwards signs the digest with the |
| -// private key matching |public_key|, if that key is stored in the given token. |
| -// |token_id| is currently ignored, instead the user token associated with |
| -// |browser_context| is always used. |public_key| must be the DER encoding of a |
| -// SubjectPublicKeyInfo. |callback| will be invoked with the signature or an |
| -// error message. |
| -// Currently supports RSA keys only. |
| -void Sign(const std::string& token_id, |
| - const std::string& public_key, |
| - HashAlgorithm hash_algorithm, |
| - const std::string& data, |
| - const SignCallback& callback, |
| - content::BrowserContext* browser_context); |
| +// Digests |data|, applies PKCS1 padding and afterwards signs the data with the |
| +// private key matching |params.public_key|. If a non empty token id is provided |
| +// and the key is not found in that token, the operation aborts. |callback| will |
| +// be invoked with the signature or an error message. |
| +void SignRSAPKCS1Digest(const std::string& token_id, |
| + const std::string& data, |
| + const std::string& public_key, |
| + HashAlgorithm hash_algorithm, |
| + const SignCallback& callback, |
| + content::BrowserContext* browser_context); |
| + |
| +// Applies PKCS1 padding and afterwards signs the data with the private key |
| +// matching |params.public_key|. |data| is not digested. If a non empty token id |
| +// is provided and the key is not found in that token, the operation aborts. |
| +// The size of |data| (number of octets) must be smaller than k - 11, where k |
| +// is the key size in octets. |
| +// |callback| will be invoked with the signature or an error message. |
| +void SignRSAPKCS1Raw(const std::string& token_id, |
| + const std::string& data, |
| + const std::string& public_key, |
| + const SignCallback& callback, |
| + content::BrowserContext* browser_context); |
| // If the certificate request could be processed successfully, |matches| will |
| // contain the list of matching certificates (which may be empty) and |
| @@ -107,6 +113,20 @@ void SelectClientCertificates(const ClientCertificateRequest& request, |
| } // namespace subtle |
| +// If possible, fills the output arguments with information about the key |
| +// certified by |certificate| and returns true. |
| +// If an error occurs, does not modify the output arguments and returns false. |
| +// It is handled as an error, if the key is an RSA key with public exponent |
| +// not equal to 65537. |
|
Ryan Sleevi
2015/02/10 21:25:28
Comment nit: This reads somewhat weird. Perhaps re
pneubeck (no reviews)
2015/02/11 14:37:04
adapted the implementation to ensure that false is
|
| +// |public_key_spki_der|: Will be assigned the the X.509 Subject Public Key Info |
| +// of the key in DER encoding, if not null. |
| +// |key_type|: Will be assigned the type of the key, if not null. |
| +// |key_size_bits|: Will the size of the key in bits, if not null. |
| +bool GetPublicKey(const scoped_refptr<net::X509Certificate>& certificate, |
| + std::string* out_public_key_spki_der, |
| + net::X509Certificate::PublicKeyType* out_key_type, |
| + size_t* out_key_size_bits); |
|
Ryan Sleevi
2015/02/10 21:25:28
naming nit: None of these need to be named |out_|
pneubeck (no reviews)
2015/02/11 14:37:04
Done.
|
| + |
| // If the list of certificates could be successfully retrieved, |certs| will |
| // contain the list of available certificates (maybe empty) and |error_message| |
| // will be empty. If an error occurred, |certs| will be empty and |
| @@ -134,7 +154,7 @@ typedef base::Callback<void(const std::string& error_message)> |
| // |browser_context| is always used. |callback| will be invoked when the import |
| // is finished, possibly with an error message. |
| void ImportCertificate(const std::string& token_id, |
| - scoped_refptr<net::X509Certificate> certificate, |
| + const scoped_refptr<net::X509Certificate>& certificate, |
| const ImportCertificateCallback& callback, |
| content::BrowserContext* browser_context); |
| @@ -148,7 +168,7 @@ typedef base::Callback<void(const std::string& error_message)> |
| // user token associated with |browser_context| is always used. |callback| will |
| // be invoked when the removal is finished, possibly with an error message. |
| void RemoveCertificate(const std::string& token_id, |
| - scoped_refptr<net::X509Certificate> certificate, |
| + const scoped_refptr<net::X509Certificate>& certificate, |
| const RemoveCertificateCallback& callback, |
| content::BrowserContext* browser_context); |
