Index: chrome/browser/chromeos/platform_keys/platform_keys.h |
diff --git a/chrome/browser/chromeos/platform_keys/platform_keys.h b/chrome/browser/chromeos/platform_keys/platform_keys.h |
index 05d0deff4c727389132ad45e17c9884cda2e8e55..6c5d8c8fd0eb79ce3b5b5138ef6322419d5739c7 100644 |
--- a/chrome/browser/chromeos/platform_keys/platform_keys.h |
+++ b/chrome/browser/chromeos/platform_keys/platform_keys.h |
@@ -12,17 +12,13 @@ |
#include "base/macros.h" |
#include "base/memory/ref_counted.h" |
#include "base/memory/scoped_ptr.h" |
+#include "net/cert/x509_certificate.h" |
#include "net/ssl/ssl_client_cert_type.h" |
namespace content { |
class BrowserContext; |
} |
-namespace net { |
-class X509Certificate; |
-typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; |
-} |
- |
namespace chromeos { |
namespace platform_keys { |
@@ -38,6 +34,7 @@ extern const char kTokenIdSystem[]; |
// Supported hash algorithms. |
enum HashAlgorithm { |
+ HASH_ALGORITHM_NONE, // The value if no hash function is selected. |
HASH_ALGORITHM_SHA1, |
HASH_ALGORITHM_SHA256, |
HASH_ALGORITHM_SHA384, |
@@ -77,19 +74,28 @@ void GenerateRSAKey(const std::string& token_id, |
typedef base::Callback<void(const std::string& signature, |
const std::string& error_message)> SignCallback; |
-// Digests |data| with |hash_algorithm| and afterwards signs the digest with the |
-// private key matching |public_key|, if that key is stored in the given token. |
-// |token_id| is currently ignored, instead the user token associated with |
-// |browser_context| is always used. |public_key| must be the DER encoding of a |
-// SubjectPublicKeyInfo. |callback| will be invoked with the signature or an |
-// error message. |
-// Currently supports RSA keys only. |
-void Sign(const std::string& token_id, |
- const std::string& public_key, |
- HashAlgorithm hash_algorithm, |
- const std::string& data, |
- const SignCallback& callback, |
- content::BrowserContext* browser_context); |
+// Digests |data|, applies PKCS1 padding and afterwards signs the data with the |
+// private key matching |params.public_key|. If a non empty token id is provided |
+// and the key is not found in that token, the operation aborts. |callback| will |
+// be invoked with the signature or an error message. |
+void SignRSAPKCS1Digest(const std::string& token_id, |
+ const std::string& data, |
+ const std::string& public_key, |
+ HashAlgorithm hash_algorithm, |
+ const SignCallback& callback, |
+ content::BrowserContext* browser_context); |
+ |
+// Applies PKCS1 padding and afterwards signs the data with the private key |
+// matching |params.public_key|. |data| is not digested. If a non empty token id |
+// is provided and the key is not found in that token, the operation aborts. |
+// The size of |data| (number of octets) must be smaller than k - 11, where k |
+// is the key size in octets. |
+// |callback| will be invoked with the signature or an error message. |
+void SignRSAPKCS1Raw(const std::string& token_id, |
+ const std::string& data, |
+ const std::string& public_key, |
+ const SignCallback& callback, |
+ content::BrowserContext* browser_context); |
// If the certificate request could be processed successfully, |matches| will |
// contain the list of matching certificates (which may be empty) and |
@@ -107,6 +113,19 @@ void SelectClientCertificates(const ClientCertificateRequest& request, |
} // namespace subtle |
+// Obtains information about the public key in |certificate|. |
+// If |certificate| contains an RSA key, sets |key_size_bits| to the modulus |
+// length, |public_key_spki_der| to the DER encoding of the X.509 Subject Public |
+// Key Info, and |key_type| to type RSA and returns true. |
+// If |certificate| contains any other key type, or if the public exponent of |
+// the RSA key in |certificate| is not F4, returns false and does not update any |
+// of the output parameters. |
+// All pointer arguments must not be null. |
+bool GetPublicKey(const scoped_refptr<net::X509Certificate>& certificate, |
+ std::string* public_key_spki_der, |
+ net::X509Certificate::PublicKeyType* key_type, |
+ size_t* key_size_bits); |
+ |
// If the list of certificates could be successfully retrieved, |certs| will |
// contain the list of available certificates (maybe empty) and |error_message| |
// will be empty. If an error occurred, |certs| will be empty and |
@@ -134,7 +153,7 @@ typedef base::Callback<void(const std::string& error_message)> |
// |browser_context| is always used. |callback| will be invoked when the import |
// is finished, possibly with an error message. |
void ImportCertificate(const std::string& token_id, |
- scoped_refptr<net::X509Certificate> certificate, |
+ const scoped_refptr<net::X509Certificate>& certificate, |
const ImportCertificateCallback& callback, |
content::BrowserContext* browser_context); |
@@ -148,7 +167,7 @@ typedef base::Callback<void(const std::string& error_message)> |
// user token associated with |browser_context| is always used. |callback| will |
// be invoked when the removal is finished, possibly with an error message. |
void RemoveCertificate(const std::string& token_id, |
- scoped_refptr<net::X509Certificate> certificate, |
+ const scoped_refptr<net::X509Certificate>& certificate, |
const RemoveCertificateCallback& callback, |
content::BrowserContext* browser_context); |