Index: chrome/browser/chromeos/platform_keys/platform_keys_service.cc |
diff --git a/chrome/browser/chromeos/platform_keys/platform_keys_service.cc b/chrome/browser/chromeos/platform_keys/platform_keys_service.cc |
index 95dbff81b22c72ddd2b89243a6b74048b9e923c1..ca333c9b64e51957a1e5e8bd772feee5092bce43 100644 |
--- a/chrome/browser/chromeos/platform_keys/platform_keys_service.cc |
+++ b/chrome/browser/chromeos/platform_keys/platform_keys_service.cc |
@@ -42,9 +42,10 @@ void RunGenerateKeyCallback( |
// signing operation which will call back |callback|. If not allowed, calls |
// |callback| with an error. |
void CheckValidityAndSign(const std::string& token_id, |
- const std::string& public_key_spki_der, |
- platform_keys::HashAlgorithm hash_algorithm, |
const std::string& data, |
+ const std::string& public_key, |
+ bool sign_direct_pkcs_padded, |
+ platform_keys::HashAlgorithm hash_algorithm, |
const PlatformKeysService::SignCallback& callback, |
content::BrowserContext* browser_context, |
bool key_is_valid) { |
@@ -53,12 +54,13 @@ void CheckValidityAndSign(const std::string& token_id, |
kErrorKeyNotAllowedForSigning); |
return; |
} |
- platform_keys::subtle::Sign(token_id, |
- public_key_spki_der, |
- hash_algorithm, |
- data, |
- callback, |
- browser_context); |
+ if (sign_direct_pkcs_padded) { |
+ platform_keys::subtle::SignRSAPKCS1Raw(token_id, data, public_key, callback, |
+ browser_context); |
+ } else { |
+ platform_keys::subtle::SignRSAPKCS1Digest( |
+ token_id, data, public_key, hash_algorithm, callback, browser_context); |
+ } |
} |
} // namespace |
@@ -95,22 +97,33 @@ void PlatformKeysService::GenerateRSAKey(const std::string& token_id, |
browser_context_); |
} |
-void PlatformKeysService::Sign(const std::string& token_id, |
- const std::string& public_key_spki_der, |
- platform_keys::HashAlgorithm hash_algorithm, |
- const std::string& data, |
- const std::string& extension_id, |
- const SignCallback& callback) { |
+void PlatformKeysService::SignRSAPKCS1Digest( |
+ const std::string& token_id, |
+ const std::string& data, |
+ const std::string& public_key, |
+ platform_keys::HashAlgorithm hash_algorithm, |
+ const std::string& extension_id, |
+ const SignCallback& callback) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
- ReadValidityAndInvalidateKey(extension_id, |
- public_key_spki_der, |
- base::Bind(&CheckValidityAndSign, |
- token_id, |
- public_key_spki_der, |
- hash_algorithm, |
- data, |
- callback, |
- browser_context_)); |
+ ReadValidityAndInvalidateKey( |
+ extension_id, public_key, |
+ base::Bind(&CheckValidityAndSign, token_id, data, public_key, |
+ false /* digest before signing */, hash_algorithm, callback, |
+ browser_context_)); |
+} |
+ |
+void PlatformKeysService::SignRSAPKCS1Raw(const std::string& token_id, |
+ const std::string& data, |
+ const std::string& public_key, |
+ const std::string& extension_id, |
+ const SignCallback& callback) { |
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
+ ReadValidityAndInvalidateKey( |
+ extension_id, public_key, |
+ base::Bind(&CheckValidityAndSign, token_id, data, public_key, |
+ true /* sign directly without hashing */, |
+ platform_keys::HASH_ALGORITHM_NONE, callback, |
+ browser_context_)); |
} |
void PlatformKeysService::SelectClientCertificates( |
@@ -218,14 +231,24 @@ void PlatformKeysService::InvalidateKey( |
GetPublicKeyValue(public_key_spki_der)); |
size_t index = 0; |
- if (!platform_keys->Remove(*key_value, &index)) { |
- // The key is not found, so it's not valid to use it for signing. |
- callback.Run(false); |
- return; |
+ // If the key is found in |platform_keys|, it's valid for the extension to use |
+ // it for signing. |
+ bool key_was_valid = platform_keys->Remove(*key_value, &index); |
+ |
+ if (key_was_valid) { |
+ // Persist that the key is now invalid. |
+ SetPlatformKeysOfExtension(extension_id, platform_keys.Pass()); |
} |
- SetPlatformKeysOfExtension(extension_id, platform_keys.Pass()); |
- callback.Run(true); |
+ if (permission_check_enabled_) { |
+ // If permission checks are enabled, pass back the key permission (before |
+ // it was removed above). |
+ callback.Run(key_was_valid); |
+ } else { |
+ // Otherwise just allow signing with the key (which is enabled for testing |
+ // only). |
+ callback.Run(true); |
+ } |
} |
void PlatformKeysService::GotPlatformKeysOfExtension( |