| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" | 5 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <cryptohi.h> | 8 #include <cryptohi.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <secder.h> | 10 #include <secder.h> |
| (...skipping 758 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 769 scoped_ptr<SelectCertificatesState> state(new SelectCertificatesState( | 769 scoped_ptr<SelectCertificatesState> state(new SelectCertificatesState( |
| 770 user->username_hash(), use_system_key_slot, cert_request_info, callback)); | 770 user->username_hash(), use_system_key_slot, cert_request_info, callback)); |
| 771 | 771 |
| 772 BrowserThread::PostTask( | 772 BrowserThread::PostTask( |
| 773 BrowserThread::IO, FROM_HERE, | 773 BrowserThread::IO, FROM_HERE, |
| 774 base::Bind(&SelectCertificatesOnIOThread, base::Passed(&state))); | 774 base::Bind(&SelectCertificatesOnIOThread, base::Passed(&state))); |
| 775 } | 775 } |
| 776 | 776 |
| 777 } // namespace subtle | 777 } // namespace subtle |
| 778 | 778 |
| 779 std::string GetSubjectPublicKeyInfo( |
| 780 const scoped_refptr<net::X509Certificate>& certificate) { |
| 781 const SECItem& spki_der = certificate->os_cert_handle()->derPublicKey; |
| 782 return std::string(spki_der.data, spki_der.data + spki_der.len); |
| 783 } |
| 784 |
| 779 bool GetPublicKey(const scoped_refptr<net::X509Certificate>& certificate, | 785 bool GetPublicKey(const scoped_refptr<net::X509Certificate>& certificate, |
| 780 std::string* public_key_spki_der, | |
| 781 net::X509Certificate::PublicKeyType* key_type, | 786 net::X509Certificate::PublicKeyType* key_type, |
| 782 size_t* key_size_bits) { | 787 size_t* key_size_bits) { |
| 783 const SECItem& spki_der = certificate->os_cert_handle()->derPublicKey; | |
| 784 | |
| 785 net::X509Certificate::PublicKeyType key_type_tmp = | 788 net::X509Certificate::PublicKeyType key_type_tmp = |
| 786 net::X509Certificate::kPublicKeyTypeUnknown; | 789 net::X509Certificate::kPublicKeyTypeUnknown; |
| 787 size_t key_size_bits_tmp = 0; | 790 size_t key_size_bits_tmp = 0; |
| 788 net::X509Certificate::GetPublicKeyInfo(certificate->os_cert_handle(), | 791 net::X509Certificate::GetPublicKeyInfo(certificate->os_cert_handle(), |
| 789 &key_size_bits_tmp, &key_type_tmp); | 792 &key_size_bits_tmp, &key_type_tmp); |
| 790 | 793 |
| 791 if (key_type_tmp == net::X509Certificate::kPublicKeyTypeUnknown) { | 794 if (key_type_tmp == net::X509Certificate::kPublicKeyTypeUnknown) { |
| 792 LOG(WARNING) << "Could not extract public key of certificate."; | 795 LOG(WARNING) << "Could not extract public key of certificate."; |
| 793 return false; | 796 return false; |
| 794 } | 797 } |
| 795 if (key_type_tmp != net::X509Certificate::kPublicKeyTypeRSA) { | 798 if (key_type_tmp != net::X509Certificate::kPublicKeyTypeRSA) { |
| 796 LOG(WARNING) << "Keys of other type than RSA are not supported."; | 799 LOG(WARNING) << "Keys of other type than RSA are not supported."; |
| 797 return false; | 800 return false; |
| 798 } | 801 } |
| 799 | 802 |
| 800 crypto::ScopedSECKEYPublicKey public_key( | 803 crypto::ScopedSECKEYPublicKey public_key( |
| 801 CERT_ExtractPublicKey(certificate->os_cert_handle())); | 804 CERT_ExtractPublicKey(certificate->os_cert_handle())); |
| 802 if (!public_key) { | 805 if (!public_key) { |
| 803 LOG(WARNING) << "Could not extract public key of certificate."; | 806 LOG(WARNING) << "Could not extract public key of certificate."; |
| 804 return false; | 807 return false; |
| 805 } | 808 } |
| 806 long public_exponent = DER_GetInteger(&public_key->u.rsa.publicExponent); | 809 long public_exponent = DER_GetInteger(&public_key->u.rsa.publicExponent); |
| 807 if (public_exponent != 65537L) { | 810 if (public_exponent != 65537L) { |
| 808 LOG(ERROR) << "Rejecting RSA public exponent that is unequal 65537."; | 811 LOG(ERROR) << "Rejecting RSA public exponent that is unequal 65537."; |
| 809 return false; | 812 return false; |
| 810 } | 813 } |
| 811 | 814 |
| 812 public_key_spki_der->assign(spki_der.data, spki_der.data + spki_der.len); | |
| 813 *key_type = key_type_tmp; | 815 *key_type = key_type_tmp; |
| 814 *key_size_bits = key_size_bits_tmp; | 816 *key_size_bits = key_size_bits_tmp; |
| 815 | |
| 816 return true; | 817 return true; |
| 817 } | 818 } |
| 818 | 819 |
| 819 void GetCertificates(const std::string& token_id, | 820 void GetCertificates(const std::string& token_id, |
| 820 const GetCertificatesCallback& callback, | 821 const GetCertificatesCallback& callback, |
| 821 BrowserContext* browser_context) { | 822 BrowserContext* browser_context) { |
| 822 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 823 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 823 scoped_ptr<GetCertificatesState> state(new GetCertificatesState(callback)); | 824 scoped_ptr<GetCertificatesState> state(new GetCertificatesState(callback)); |
| 824 // Get the pointer to |state| before base::Passed releases |state|. | 825 // Get the pointer to |state| before base::Passed releases |state|. |
| 825 NSSOperationState* state_ptr = state.get(); | 826 NSSOperationState* state_ptr = state.get(); |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 874 NSSOperationState* state_ptr = state.get(); | 875 NSSOperationState* state_ptr = state.get(); |
| 875 GetCertDatabase(std::string() /* don't get any specific slot */, | 876 GetCertDatabase(std::string() /* don't get any specific slot */, |
| 876 base::Bind(&GetTokensWithDB, base::Passed(&state)), | 877 base::Bind(&GetTokensWithDB, base::Passed(&state)), |
| 877 browser_context, | 878 browser_context, |
| 878 state_ptr); | 879 state_ptr); |
| 879 } | 880 } |
| 880 | 881 |
| 881 } // namespace platform_keys | 882 } // namespace platform_keys |
| 882 | 883 |
| 883 } // namespace chromeos | 884 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 905523002:
platformKeys: Add per-extension sign permissions. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@pks_sign_task