Index: chrome/browser/extensions/api/platform_keys/platform_keys_api.cc |
diff --git a/chrome/browser/extensions/api/platform_keys/platform_keys_api.cc b/chrome/browser/extensions/api/platform_keys/platform_keys_api.cc |
index 9a4e2d29a5b39b1a1640573e98e742d965f4d367..f3ad6512ad43ee63c580ecb2339f387a0db9effe 100644 |
--- a/chrome/browser/extensions/api/platform_keys/platform_keys_api.cc |
+++ b/chrome/browser/extensions/api/platform_keys/platform_keys_api.cc |
@@ -8,6 +8,7 @@ |
#include "base/bind.h" |
#include "base/logging.h" |
+#include "base/values.h" |
#include "chrome/browser/chromeos/platform_keys/platform_keys.h" |
#include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" |
#include "chrome/browser/chromeos/platform_keys/platform_keys_service_factory.h" |
@@ -20,10 +21,49 @@ namespace extensions { |
namespace api_pk = api::platform_keys; |
namespace api_pki = api::platform_keys_internal; |
+namespace { |
+ |
+const char kErrorAlgorithmNotSupported[] = "Algorithm not supported."; |
+const char kErrorInvalidX509Cert[] = |
+ "Certificate is not a valid X.509 certificate."; |
+ |
+struct PublicKeyInfo { |
+ // The X.509 Subject Public Key Info of the key in DER encoding. |
+ std::string public_key_spki_der; |
+ |
+ // The type of the key. |
+ net::X509Certificate::PublicKeyType key_type = |
+ net::X509Certificate::kPublicKeyTypeUnknown; |
+ |
+ // The size of the key in bits. |
+ size_t key_size_bits = 0; |
+}; |
+ |
+// Builds a partial WebCrypto Algorithm object from the parameters available in |
+// |key_info|, which must the info of an RSA key. This doesn't include sign/hash |
+// parameters and thus isn't complete. |
+// platform_keys::GetPublicKey() enforced the public exponent 65537. |
+void BuildWebCryptoRSAAlgorithmDictionary(const PublicKeyInfo& key_info, |
+ base::DictionaryValue* algorithm) { |
+ CHECK_EQ(net::X509Certificate::kPublicKeyTypeRSA, key_info.key_type); |
+ algorithm->SetStringWithoutPathExpansion("name", "RSASSA-PKCS1-v1_5"); |
+ algorithm->SetIntegerWithoutPathExpansion("modulusLength", |
+ key_info.key_size_bits); |
+ |
+ // Equals 65537. |
+ const unsigned char defaultPublicExponent[] = {0x01, 0x00, 0x01}; |
+ algorithm->SetWithoutPathExpansion( |
+ "publicExponent", |
+ base::BinaryValue::CreateWithCopiedBuffer( |
+ reinterpret_cast<const char*>(defaultPublicExponent), |
+ arraysize(defaultPublicExponent))); |
+} |
+ |
+} // namespace |
+ |
namespace platform_keys { |
const char kErrorInvalidToken[] = "The token is not valid."; |
-const char kErrorAlgorithmNotSupported[] = "Algorithm not supported."; |
const char kTokenIdUser[] = "user"; |
const char kTokenIdSystem[] = "system"; |
@@ -54,6 +94,43 @@ std::string PlatformKeysTokenIdToApiId( |
} // namespace platform_keys |
+PlatformKeysInternalGetPublicKeyFunction:: |
+ ~PlatformKeysInternalGetPublicKeyFunction() { |
+} |
+ |
+ExtensionFunction::ResponseAction |
+PlatformKeysInternalGetPublicKeyFunction::Run() { |
+ scoped_ptr<api_pki::GetPublicKey::Params> params( |
+ api_pki::GetPublicKey::Params::Create(*args_)); |
+ EXTENSION_FUNCTION_VALIDATE(params); |
+ |
+ const std::vector<char>& cert_der = params->certificate; |
+ if (cert_der.empty()) |
+ return RespondNow(Error(kErrorInvalidX509Cert)); |
+ scoped_refptr<net::X509Certificate> cert_x509 = |
+ net::X509Certificate::CreateFromBytes(vector_as_array(&cert_der), |
+ cert_der.size()); |
+ if (!cert_x509) |
+ return RespondNow(Error(kErrorInvalidX509Cert)); |
+ |
+ PublicKeyInfo key_info; |
+ if (!chromeos::platform_keys::GetPublicKey( |
+ cert_x509, &key_info.public_key_spki_der, &key_info.key_type, |
+ &key_info.key_size_bits) || |
+ key_info.key_type != net::X509Certificate::kPublicKeyTypeRSA) { |
+ return RespondNow(Error(kErrorAlgorithmNotSupported)); |
+ } |
+ |
+ api_pki::GetPublicKey::Results::Algorithm algorithm; |
+ BuildWebCryptoRSAAlgorithmDictionary(key_info, |
+ &algorithm.additional_properties); |
+ |
+ return RespondNow(ArgumentList(api_pki::GetPublicKey::Results::Create( |
+ std::vector<char>(key_info.public_key_spki_der.begin(), |
+ key_info.public_key_spki_der.end()), |
+ algorithm))); |
+} |
+ |
PlatformKeysInternalSelectClientCertificatesFunction:: |
~PlatformKeysInternalSelectClientCertificatesFunction() { |
} |
@@ -95,12 +172,27 @@ void PlatformKeysInternalSelectClientCertificatesFunction:: |
DCHECK(matches); |
std::vector<linked_ptr<api_pk::Match>> result_matches; |
for (const scoped_refptr<net::X509Certificate>& match : *matches) { |
+ PublicKeyInfo key_info; |
+ if (!chromeos::platform_keys::GetPublicKey( |
+ match, &key_info.public_key_spki_der, &key_info.key_type, |
+ &key_info.key_size_bits)) { |
+ LOG(ERROR) << "Could not retrieve public key info."; |
+ continue; |
+ } |
+ if (key_info.key_type != net::X509Certificate::kPublicKeyTypeRSA) { |
+ LOG(ERROR) << "Skipping unsupported certificate with non-RSA key."; |
+ continue; |
+ } |
+ |
linked_ptr<api_pk::Match> result_match(new api_pk::Match); |
std::string der_encoded_cert; |
net::X509Certificate::GetDEREncoded(match->os_cert_handle(), |
&der_encoded_cert); |
result_match->certificate.assign(der_encoded_cert.begin(), |
der_encoded_cert.end()); |
+ |
+ BuildWebCryptoRSAAlgorithmDictionary( |
+ key_info, &result_match->key_algorithm.additional_properties); |
result_matches.push_back(result_match); |
} |
Respond(ArgumentList( |
@@ -115,32 +207,45 @@ ExtensionFunction::ResponseAction PlatformKeysInternalSignFunction::Run() { |
api_pki::Sign::Params::Create(*args_)); |
EXTENSION_FUNCTION_VALIDATE(params); |
std::string platform_keys_token_id; |
- if (!platform_keys::ValidateToken(params->token_id, &platform_keys_token_id)) |
+ if (!params->token_id.empty() && |
+ !platform_keys::ValidateToken(params->token_id, |
+ &platform_keys_token_id)) { |
return RespondNow(Error(platform_keys::kErrorInvalidToken)); |
- |
- chromeos::platform_keys::HashAlgorithm hash_algorithm; |
- if (params->hash_algorithm_name == "SHA-1") |
- hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA1; |
- else if (params->hash_algorithm_name == "SHA-256") |
- hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA256; |
- else if (params->hash_algorithm_name == "SHA-384") |
- hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA384; |
- else if (params->hash_algorithm_name == "SHA-512") |
- hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA512; |
- else |
- return RespondNow(Error(platform_keys::kErrorAlgorithmNotSupported)); |
+ } |
chromeos::PlatformKeysService* service = |
chromeos::PlatformKeysServiceFactory::GetForBrowserContext( |
browser_context()); |
DCHECK(service); |
- service->Sign( |
- platform_keys_token_id, |
- std::string(params->public_key.begin(), params->public_key.end()), |
- hash_algorithm, std::string(params->data.begin(), params->data.end()), |
- extension_id(), |
- base::Bind(&PlatformKeysInternalSignFunction::OnSigned, this)); |
+ if (params->hash_algorithm_name == "none") { |
+ service->SignRSAPKCS1Raw( |
+ platform_keys_token_id, |
+ std::string(params->data.begin(), params->data.end()), |
+ std::string(params->public_key.begin(), params->public_key.end()), |
+ extension_id(), |
+ base::Bind(&PlatformKeysInternalSignFunction::OnSigned, this)); |
+ } else { |
+ chromeos::platform_keys::HashAlgorithm hash_algorithm; |
+ if (params->hash_algorithm_name == "SHA-1") { |
+ hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA1; |
+ } else if (params->hash_algorithm_name == "SHA-256") { |
+ hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA256; |
+ } else if (params->hash_algorithm_name == "SHA-384") { |
+ hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA384; |
+ } else if (params->hash_algorithm_name == "SHA-512") { |
+ hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA512; |
+ } else { |
+ return RespondNow(Error(kErrorAlgorithmNotSupported)); |
+ } |
+ service->SignRSAPKCS1Digest( |
+ platform_keys_token_id, |
+ std::string(params->data.begin(), params->data.end()), |
+ std::string(params->public_key.begin(), params->public_key.end()), |
+ hash_algorithm, extension_id(), |
+ base::Bind(&PlatformKeysInternalSignFunction::OnSigned, this)); |
+ } |
+ |
return RespondLater(); |
} |