| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" | 5 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "base/values.h" | 9 #include "base/values.h" |
| 10 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" | 10 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" |
| (...skipping 24 matching lines...) Expand all Loading... |
| 35 const std::string& public_key_spki_der) { | 35 const std::string& public_key_spki_der) { |
| 36 callback.Run(public_key_spki_der, std::string() /* no error */); | 36 callback.Run(public_key_spki_der, std::string() /* no error */); |
| 37 } | 37 } |
| 38 | 38 |
| 39 // Callback used by |PlatformKeysService::Sign|. | 39 // Callback used by |PlatformKeysService::Sign|. |
| 40 // Is called with the old validity of |public_key_spki_der| (or false if an | 40 // Is called with the old validity of |public_key_spki_der| (or false if an |
| 41 // error occurred during reading the StateStore). If allowed, starts the actual | 41 // error occurred during reading the StateStore). If allowed, starts the actual |
| 42 // signing operation which will call back |callback|. If not allowed, calls | 42 // signing operation which will call back |callback|. If not allowed, calls |
| 43 // |callback| with an error. | 43 // |callback| with an error. |
| 44 void CheckValidityAndSign(const std::string& token_id, | 44 void CheckValidityAndSign(const std::string& token_id, |
| 45 const std::string& public_key_spki_der, |
| 46 platform_keys::HashAlgorithm hash_algorithm, |
| 45 const std::string& data, | 47 const std::string& data, |
| 46 const std::string& public_key, | |
| 47 bool sign_direct_pkcs_padded, | |
| 48 platform_keys::HashAlgorithm hash_algorithm, | |
| 49 const PlatformKeysService::SignCallback& callback, | 48 const PlatformKeysService::SignCallback& callback, |
| 50 content::BrowserContext* browser_context, | 49 content::BrowserContext* browser_context, |
| 51 bool key_is_valid) { | 50 bool key_is_valid) { |
| 52 if (!key_is_valid) { | 51 if (!key_is_valid) { |
| 53 callback.Run(std::string() /* no signature */, | 52 callback.Run(std::string() /* no signature */, |
| 54 kErrorKeyNotAllowedForSigning); | 53 kErrorKeyNotAllowedForSigning); |
| 55 return; | 54 return; |
| 56 } | 55 } |
| 57 if (sign_direct_pkcs_padded) { | 56 platform_keys::subtle::Sign(token_id, |
| 58 platform_keys::subtle::SignRSAPKCS1Raw(token_id, data, public_key, callback, | 57 public_key_spki_der, |
| 59 browser_context); | 58 hash_algorithm, |
| 60 } else { | 59 data, |
| 61 platform_keys::subtle::SignRSAPKCS1Digest( | 60 callback, |
| 62 token_id, data, public_key, hash_algorithm, callback, browser_context); | 61 browser_context); |
| 63 } | |
| 64 } | 62 } |
| 65 | 63 |
| 66 } // namespace | 64 } // namespace |
| 67 | 65 |
| 68 PlatformKeysService::PlatformKeysService( | 66 PlatformKeysService::PlatformKeysService( |
| 69 content::BrowserContext* browser_context, | 67 content::BrowserContext* browser_context, |
| 70 extensions::StateStore* state_store) | 68 extensions::StateStore* state_store) |
| 71 : browser_context_(browser_context), | 69 : browser_context_(browser_context), |
| 72 state_store_(state_store), | 70 state_store_(state_store), |
| 73 weak_factory_(this) { | 71 weak_factory_(this) { |
| (...skipping 16 matching lines...) Expand all Loading... |
| 90 platform_keys::subtle::GenerateRSAKey( | 88 platform_keys::subtle::GenerateRSAKey( |
| 91 token_id, | 89 token_id, |
| 92 modulus_length, | 90 modulus_length, |
| 93 base::Bind(&PlatformKeysService::GenerateRSAKeyCallback, | 91 base::Bind(&PlatformKeysService::GenerateRSAKeyCallback, |
| 94 weak_factory_.GetWeakPtr(), | 92 weak_factory_.GetWeakPtr(), |
| 95 extension_id, | 93 extension_id, |
| 96 callback), | 94 callback), |
| 97 browser_context_); | 95 browser_context_); |
| 98 } | 96 } |
| 99 | 97 |
| 100 void PlatformKeysService::SignRSAPKCS1Digest( | 98 void PlatformKeysService::Sign(const std::string& token_id, |
| 101 const std::string& token_id, | 99 const std::string& public_key_spki_der, |
| 102 const std::string& data, | 100 platform_keys::HashAlgorithm hash_algorithm, |
| 103 const std::string& public_key, | 101 const std::string& data, |
| 104 platform_keys::HashAlgorithm hash_algorithm, | 102 const std::string& extension_id, |
| 105 const std::string& extension_id, | 103 const SignCallback& callback) { |
| 106 const SignCallback& callback) { | |
| 107 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 104 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 108 ReadValidityAndInvalidateKey( | 105 ReadValidityAndInvalidateKey(extension_id, |
| 109 extension_id, public_key, | 106 public_key_spki_der, |
| 110 base::Bind(&CheckValidityAndSign, token_id, data, public_key, | 107 base::Bind(&CheckValidityAndSign, |
| 111 false /* digest before signing */, hash_algorithm, callback, | 108 token_id, |
| 112 browser_context_)); | 109 public_key_spki_der, |
| 113 } | 110 hash_algorithm, |
| 114 | 111 data, |
| 115 void PlatformKeysService::SignRSAPKCS1Raw(const std::string& token_id, | 112 callback, |
| 116 const std::string& data, | 113 browser_context_)); |
| 117 const std::string& public_key, | |
| 118 const std::string& extension_id, | |
| 119 const SignCallback& callback) { | |
| 120 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 121 ReadValidityAndInvalidateKey( | |
| 122 extension_id, public_key, | |
| 123 base::Bind(&CheckValidityAndSign, token_id, data, public_key, | |
| 124 true /* sign directly without hashing */, | |
| 125 platform_keys::HASH_ALGORITHM_NONE, callback, | |
| 126 browser_context_)); | |
| 127 } | 114 } |
| 128 | 115 |
| 129 void PlatformKeysService::SelectClientCertificates( | 116 void PlatformKeysService::SelectClientCertificates( |
| 130 const platform_keys::ClientCertificateRequest& request, | 117 const platform_keys::ClientCertificateRequest& request, |
| 131 const std::string& extension_id, | 118 const std::string& extension_id, |
| 132 const SelectCertificatesCallback& callback) { | 119 const SelectCertificatesCallback& callback) { |
| 133 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 120 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 134 | 121 |
| 135 platform_keys::subtle::SelectClientCertificates( | 122 platform_keys::subtle::SelectClientCertificates( |
| 136 request, | 123 request, |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 224 | 211 |
| 225 void PlatformKeysService::InvalidateKey( | 212 void PlatformKeysService::InvalidateKey( |
| 226 const std::string& extension_id, | 213 const std::string& extension_id, |
| 227 const std::string& public_key_spki_der, | 214 const std::string& public_key_spki_der, |
| 228 const base::Callback<void(bool)>& callback, | 215 const base::Callback<void(bool)>& callback, |
| 229 scoped_ptr<base::ListValue> platform_keys) { | 216 scoped_ptr<base::ListValue> platform_keys) { |
| 230 scoped_ptr<base::StringValue> key_value( | 217 scoped_ptr<base::StringValue> key_value( |
| 231 GetPublicKeyValue(public_key_spki_der)); | 218 GetPublicKeyValue(public_key_spki_der)); |
| 232 | 219 |
| 233 size_t index = 0; | 220 size_t index = 0; |
| 234 // If the key is found in |platform_keys|, it's valid for the extension to use | 221 if (!platform_keys->Remove(*key_value, &index)) { |
| 235 // it for signing. | 222 // The key is not found, so it's not valid to use it for signing. |
| 236 bool key_was_valid = platform_keys->Remove(*key_value, &index); | 223 callback.Run(false); |
| 237 | 224 return; |
| 238 if (key_was_valid) { | |
| 239 // Persist that the key is now invalid. | |
| 240 SetPlatformKeysOfExtension(extension_id, platform_keys.Pass()); | |
| 241 } | 225 } |
| 242 | 226 |
| 243 if (permission_check_enabled_) { | 227 SetPlatformKeysOfExtension(extension_id, platform_keys.Pass()); |
| 244 // If permission checks are enabled, pass back the key permission (before | 228 callback.Run(true); |
| 245 // it was removed above). | |
| 246 callback.Run(key_was_valid); | |
| 247 } else { | |
| 248 // Otherwise just allow signing with the key (which is enabled for testing | |
| 249 // only). | |
| 250 callback.Run(true); | |
| 251 } | |
| 252 } | 229 } |
| 253 | 230 |
| 254 void PlatformKeysService::GotPlatformKeysOfExtension( | 231 void PlatformKeysService::GotPlatformKeysOfExtension( |
| 255 const std::string& extension_id, | 232 const std::string& extension_id, |
| 256 const GetPlatformKeysCallback& callback, | 233 const GetPlatformKeysCallback& callback, |
| 257 scoped_ptr<base::Value> value) { | 234 scoped_ptr<base::Value> value) { |
| 258 if (!value) | 235 if (!value) |
| 259 value.reset(new base::ListValue); | 236 value.reset(new base::ListValue); |
| 260 | 237 |
| 261 base::ListValue* keys = NULL; | 238 base::ListValue* keys = NULL; |
| 262 if (!value->GetAsList(&keys)) { | 239 if (!value->GetAsList(&keys)) { |
| 263 LOG(ERROR) << "Found a value of wrong type."; | 240 LOG(ERROR) << "Found a value of wrong type."; |
| 264 | 241 |
| 265 keys = new base::ListValue; | 242 keys = new base::ListValue; |
| 266 value.reset(keys); | 243 value.reset(keys); |
| 267 } | 244 } |
| 268 | 245 |
| 269 ignore_result(value.release()); | 246 ignore_result(value.release()); |
| 270 callback.Run(make_scoped_ptr(keys)); | 247 callback.Run(make_scoped_ptr(keys)); |
| 271 } | 248 } |
| 272 | 249 |
| 273 } // namespace chromeos | 250 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 929683002:
Revert "Implement chrome.platformKeys.getKeyPair()." (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master