From 433f9f9ac6f32f0e842ce8355faa5c613ad6ffc8 Mon Sep 17 00:00:00 2001 From: pneubeck Date: Sat, 24 Jan 2015 03:44:29 -0800 Subject: [PATCH] Move parts from enterprise.platformKeysInternal to platformKeysInternal for reuse. This moves the functions - NormalizeAlgorithm from enterprise_platform_keys_natives to platform_keys_natives - sign from enterprise.platformKeysInternal to platformKeysInternal . Both will be reused by the new platformKeys API. platformKeysInternal will then be extended about the internal selectClientCertificates function that is needed for platformKeys. No functional changes. TBR=arv@chromium.org BUG=450167 NOPRESUBMIT=true Review URL: https://codereview.chromium.org/847333004 Cr-Commit-Position: refs/heads/master@{#313016} --- .../enterprise_platform_keys_api.cc | 101 +++----------------- .../enterprise_platform_keys_api.h | 15 --- .../api/platform_keys/platform_keys_api.cc | 104 +++++++++++++++++++++ .../api/platform_keys/platform_keys_api.h | 44 +++++++++ chrome/chrome_browser_extensions.gypi | 2 + chrome/chrome_renderer.gypi | 4 +- chrome/common/extensions/api/_api_features.json | 5 + .../api/enterprise_platform_keys_internal.idl | 19 ---- .../extensions/api/platform_keys_internal.idl | 34 +++++++ chrome/common/extensions/api/schemas.gypi | 1 + .../chrome_extensions_dispatcher_delegate.cc | 19 ++-- ...rm_keys_natives.cc => platform_keys_natives.cc} | 9 +- ...form_keys_natives.h => platform_keys_natives.h} | 12 +-- .../enterprise_platform_keys/key_pair.js | 4 +- .../enterprise_platform_keys/subtle_crypto.js | 80 ++++------------ .../resources/extensions/platform_keys/OWNERS | 1 + .../extensions/platform_keys/internal_api.js | 9 ++ .../key.js | 0 .../subtle_crypto.js | 86 ++--------------- .../utils.js | 0 chrome/renderer/resources/renderer_resources.grd | 6 +- .../browser/extension_function_histogram_value.h | 2 +- tools/metrics/histograms/histograms.xml | 2 +- 23 files changed, 270 insertions(+), 289 deletions(-) create mode 100644 chrome/browser/extensions/api/platform_keys/platform_keys_api.cc create mode 100644 chrome/browser/extensions/api/platform_keys/platform_keys_api.h create mode 100644 chrome/common/extensions/api/platform_keys_internal.idl rename chrome/renderer/extensions/{enterprise_platform_keys_natives.cc => platform_keys_natives.cc} (92%) rename chrome/renderer/extensions/{enterprise_platform_keys_natives.h => platform_keys_natives.h} (71%) create mode 100644 chrome/renderer/resources/extensions/platform_keys/OWNERS create mode 100644 chrome/renderer/resources/extensions/platform_keys/internal_api.js rename chrome/renderer/resources/extensions/{enterprise_platform_keys => platform_keys}/key.js (100%) copy chrome/renderer/resources/extensions/{enterprise_platform_keys => platform_keys}/subtle_crypto.js (54%) rename chrome/renderer/resources/extensions/{enterprise_platform_keys => platform_keys}/utils.js (100%) diff --git a/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.cc b/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.cc index 8bb7dec25a79..f4b8f745c697 100644 --- a/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.cc +++ b/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.cc @@ -10,6 +10,7 @@ #include "chrome/browser/chromeos/platform_keys/platform_keys.h" #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" #include "chrome/browser/chromeos/platform_keys/platform_keys_service_factory.h" +#include "chrome/browser/extensions/api/platform_keys/platform_keys_api.h" #include "chrome/common/extensions/api/enterprise_platform_keys.h" #include "chrome/common/extensions/api/enterprise_platform_keys_internal.h" #include "content/public/browser/browser_thread.h" @@ -24,39 +25,10 @@ namespace api_epki = api::enterprise_platform_keys_internal; // This error will occur if a token is removed and will be exposed to the // extension. Keep this in sync with the custom binding in Javascript. -const char kErrorInvalidToken[] = "The token is not valid."; - const char kErrorInternal[] = "Internal Error."; -const char kErrorAlgorithmNotSupported[] = "Algorithm not supported."; + const char kErrorInvalidX509Cert[] = "Certificate is not a valid X.509 certificate."; -const char kTokenIdUser[] = "user"; -const char kTokenIdSystem[] = "system"; - -// Returns whether |token_id| references a known Token. -bool ValidateToken(const std::string& token_id, - std::string* platform_keys_token_id) { - platform_keys_token_id->clear(); - if (token_id == kTokenIdUser) { - *platform_keys_token_id = chromeos::platform_keys::kTokenIdUser; - return true; - } - if (token_id == kTokenIdSystem) { - *platform_keys_token_id = chromeos::platform_keys::kTokenIdSystem; - return true; - } - return false; -} - -std::string PlatformKeysTokenIdToApiId( - const std::string& platform_keys_token_id) { - if (platform_keys_token_id == chromeos::platform_keys::kTokenIdUser) - return kTokenIdUser; - if (platform_keys_token_id == chromeos::platform_keys::kTokenIdSystem) - return kTokenIdSystem; - - return std::string(); -} } // namespace @@ -71,8 +43,8 @@ EnterprisePlatformKeysInternalGenerateKeyFunction::Run() { // TODO(pneubeck): Add support for unsigned integers to IDL. EXTENSION_FUNCTION_VALIDATE(params && params->modulus_length >= 0); std::string platform_keys_token_id; - if (!ValidateToken(params->token_id, &platform_keys_token_id)) - return RespondNow(Error(kErrorInvalidToken)); + if (!platform_keys::ValidateToken(params->token_id, &platform_keys_token_id)) + return RespondNow(Error(platform_keys::kErrorInvalidToken)); chromeos::PlatformKeysService* service = chromeos::PlatformKeysServiceFactory::GetForBrowserContext( @@ -101,57 +73,6 @@ void EnterprisePlatformKeysInternalGenerateKeyFunction::OnGeneratedKey( } } -EnterprisePlatformKeysInternalSignFunction:: - ~EnterprisePlatformKeysInternalSignFunction() { -} - -ExtensionFunction::ResponseAction -EnterprisePlatformKeysInternalSignFunction::Run() { - scoped_ptr params( - api_epki::Sign::Params::Create(*args_)); - EXTENSION_FUNCTION_VALIDATE(params); - std::string platform_keys_token_id; - if (!ValidateToken(params->token_id, &platform_keys_token_id)) - return RespondNow(Error(kErrorInvalidToken)); - - chromeos::platform_keys::HashAlgorithm hash_algorithm; - if (params->hash_algorithm_name == "SHA-1") - hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA1; - else if (params->hash_algorithm_name == "SHA-256") - hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA256; - else if (params->hash_algorithm_name == "SHA-384") - hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA384; - else if (params->hash_algorithm_name == "SHA-512") - hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA512; - else - return RespondNow(Error(kErrorAlgorithmNotSupported)); - - chromeos::PlatformKeysService* service = - chromeos::PlatformKeysServiceFactory::GetForBrowserContext( - browser_context()); - DCHECK(service); - - service->Sign( - platform_keys_token_id, - std::string(params->public_key.begin(), params->public_key.end()), - hash_algorithm, std::string(params->data.begin(), params->data.end()), - extension_id(), - base::Bind(&EnterprisePlatformKeysInternalSignFunction::OnSigned, this)); - return RespondLater(); -} - -void EnterprisePlatformKeysInternalSignFunction::OnSigned( - const std::string& signature, - const std::string& error_message) { - DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); - if (error_message.empty()) { - Respond(ArgumentList(api_epki::Sign::Results::Create( - std::vector(signature.begin(), signature.end())))); - } else { - Respond(Error(error_message)); - } -} - EnterprisePlatformKeysGetCertificatesFunction:: ~EnterprisePlatformKeysGetCertificatesFunction() { } @@ -162,8 +83,8 @@ EnterprisePlatformKeysGetCertificatesFunction::Run() { api_epk::GetCertificates::Params::Create(*args_)); EXTENSION_FUNCTION_VALIDATE(params); std::string platform_keys_token_id; - if (!ValidateToken(params->token_id, &platform_keys_token_id)) - return RespondNow(Error(kErrorInvalidToken)); + if (!platform_keys::ValidateToken(params->token_id, &platform_keys_token_id)) + return RespondNow(Error(platform_keys::kErrorInvalidToken)); chromeos::platform_keys::GetCertificates( platform_keys_token_id, @@ -208,8 +129,8 @@ EnterprisePlatformKeysImportCertificateFunction::Run() { api_epk::ImportCertificate::Params::Create(*args_)); EXTENSION_FUNCTION_VALIDATE(params); std::string platform_keys_token_id; - if (!ValidateToken(params->token_id, &platform_keys_token_id)) - return RespondNow(Error(kErrorInvalidToken)); + if (!platform_keys::ValidateToken(params->token_id, &platform_keys_token_id)) + return RespondNow(Error(platform_keys::kErrorInvalidToken)); const std::vector& cert_der = params->certificate; scoped_refptr cert_x509 = @@ -247,8 +168,8 @@ EnterprisePlatformKeysRemoveCertificateFunction::Run() { api_epk::RemoveCertificate::Params::Create(*args_)); EXTENSION_FUNCTION_VALIDATE(params); std::string platform_keys_token_id; - if (!ValidateToken(params->token_id, &platform_keys_token_id)) - return RespondNow(Error(kErrorInvalidToken)); + if (!platform_keys::ValidateToken(params->token_id, &platform_keys_token_id)) + return RespondNow(Error(platform_keys::kErrorInvalidToken)); const std::vector& cert_der = params->certificate; scoped_refptr cert_x509 = @@ -305,7 +226,7 @@ void EnterprisePlatformKeysInternalGetTokensFunction::OnGotTokens( platform_keys_token_ids->begin(); it != platform_keys_token_ids->end(); ++it) { - std::string token_id = PlatformKeysTokenIdToApiId(*it); + std::string token_id = platform_keys::PlatformKeysTokenIdToApiId(*it); if (token_id.empty()) { Respond(Error(kErrorInternal)); return; diff --git a/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.h b/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.h index 05d9b11d9ad2..dd889193e59f 100644 --- a/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.h +++ b/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.h @@ -8,7 +8,6 @@ #include #include -#include "base/compiler_specific.h" #include "base/memory/ref_counted.h" #include "base/memory/scoped_ptr.h" #include "chrome/browser/extensions/chrome_extension_function.h" @@ -35,20 +34,6 @@ class EnterprisePlatformKeysInternalGenerateKeyFunction ENTERPRISE_PLATFORMKEYSINTERNAL_GENERATEKEY); }; -class EnterprisePlatformKeysInternalSignFunction - : public ChromeUIThreadExtensionFunction { - private: - ~EnterprisePlatformKeysInternalSignFunction() override; - ResponseAction Run() override; - - // Called when the signature was generated. If an error occurred, - // |signature| will be empty and instead |error_message| be set. - void OnSigned(const std::string& signature, const std::string& error_message); - - DECLARE_EXTENSION_FUNCTION("enterprise.platformKeysInternal.sign", - ENTERPRISE_PLATFORMKEYSINTERNAL_SIGN); -}; - class EnterprisePlatformKeysGetCertificatesFunction : public ChromeUIThreadExtensionFunction { private: diff --git a/chrome/browser/extensions/api/platform_keys/platform_keys_api.cc b/chrome/browser/extensions/api/platform_keys/platform_keys_api.cc new file mode 100644 index 000000000000..819558be7444 --- /dev/null +++ b/chrome/browser/extensions/api/platform_keys/platform_keys_api.cc @@ -0,0 +1,104 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chrome/browser/extensions/api/platform_keys/platform_keys_api.h" + +#include + +#include "base/bind.h" +#include "base/logging.h" +#include "chrome/browser/chromeos/platform_keys/platform_keys.h" +#include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" +#include "chrome/browser/chromeos/platform_keys/platform_keys_service_factory.h" +#include "chrome/common/extensions/api/platform_keys_internal.h" +#include "content/public/browser/browser_thread.h" +#include "net/cert/x509_certificate.h" + +namespace extensions { + +namespace api_pki = api::platform_keys_internal; + +namespace platform_keys { + +const char kErrorInvalidToken[] = "The token is not valid."; +const char kErrorAlgorithmNotSupported[] = "Algorithm not supported."; +const char kTokenIdUser[] = "user"; +const char kTokenIdSystem[] = "system"; + +// Returns whether |token_id| references a known Token. +bool ValidateToken(const std::string& token_id, + std::string* platform_keys_token_id) { + platform_keys_token_id->clear(); + if (token_id == kTokenIdUser) { + *platform_keys_token_id = chromeos::platform_keys::kTokenIdUser; + return true; + } + if (token_id == kTokenIdSystem) { + *platform_keys_token_id = chromeos::platform_keys::kTokenIdSystem; + return true; + } + return false; +} + +std::string PlatformKeysTokenIdToApiId( + const std::string& platform_keys_token_id) { + if (platform_keys_token_id == chromeos::platform_keys::kTokenIdUser) + return kTokenIdUser; + if (platform_keys_token_id == chromeos::platform_keys::kTokenIdSystem) + return kTokenIdSystem; + + return std::string(); +} + +} // namespace platform_keys + +PlatformKeysInternalSignFunction::~PlatformKeysInternalSignFunction() { +} + +ExtensionFunction::ResponseAction PlatformKeysInternalSignFunction::Run() { + scoped_ptr params( + api_pki::Sign::Params::Create(*args_)); + EXTENSION_FUNCTION_VALIDATE(params); + std::string platform_keys_token_id; + if (!platform_keys::ValidateToken(params->token_id, &platform_keys_token_id)) + return RespondNow(Error(platform_keys::kErrorInvalidToken)); + + chromeos::platform_keys::HashAlgorithm hash_algorithm; + if (params->hash_algorithm_name == "SHA-1") + hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA1; + else if (params->hash_algorithm_name == "SHA-256") + hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA256; + else if (params->hash_algorithm_name == "SHA-384") + hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA384; + else if (params->hash_algorithm_name == "SHA-512") + hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA512; + else + return RespondNow(Error(platform_keys::kErrorAlgorithmNotSupported)); + + chromeos::PlatformKeysService* service = + chromeos::PlatformKeysServiceFactory::GetForBrowserContext( + browser_context()); + DCHECK(service); + + service->Sign( + platform_keys_token_id, + std::string(params->public_key.begin(), params->public_key.end()), + hash_algorithm, std::string(params->data.begin(), params->data.end()), + extension_id(), + base::Bind(&PlatformKeysInternalSignFunction::OnSigned, this)); + return RespondLater(); +} + +void PlatformKeysInternalSignFunction::OnSigned( + const std::string& signature, + const std::string& error_message) { + DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); + if (error_message.empty()) + Respond(ArgumentList(api_pki::Sign::Results::Create( + std::vector(signature.begin(), signature.end())))); + else + Respond(Error(error_message)); +} + +} // namespace extensions diff --git a/chrome/browser/extensions/api/platform_keys/platform_keys_api.h b/chrome/browser/extensions/api/platform_keys/platform_keys_api.h new file mode 100644 index 000000000000..def650cba6c0 --- /dev/null +++ b/chrome/browser/extensions/api/platform_keys/platform_keys_api.h @@ -0,0 +1,44 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROME_BROWSER_EXTENSIONS_API_PLATFORM_KEYS_PLATFORM_KEYS_API_H_ +#define CHROME_BROWSER_EXTENSIONS_API_PLATFORM_KEYS_PLATFORM_KEYS_API_H_ + +#include + +#include "chrome/browser/extensions/chrome_extension_function.h" + +namespace extensions { +namespace platform_keys { + +extern const char kErrorInvalidToken[]; + +// Returns whether |token_id| references a known Token. +bool ValidateToken(const std::string& token_id, + std::string* platform_keys_token_id); + +// Converts a token id from ::chromeos::platform_keys to the platformKeys API +// token id. +std::string PlatformKeysTokenIdToApiId( + const std::string& platform_keys_token_id); + +} // namespace platform_keys + +class PlatformKeysInternalSignFunction + : public ChromeUIThreadExtensionFunction { + private: + ~PlatformKeysInternalSignFunction() override; + ResponseAction Run() override; + + // Called when the signature was generated. If an error occurred, + // |signature| will be empty and instead |error_message| be set. + void OnSigned(const std::string& signature, const std::string& error_message); + + DECLARE_EXTENSION_FUNCTION("platformKeysInternal.sign", + PLATFORMKEYSINTERNAL_SIGN); +}; + +} // namespace extensions + +#endif // CHROME_BROWSER_EXTENSIONS_API_PLATFORM_KEYS_PLATFORM_KEYS_API_H_ diff --git a/chrome/chrome_browser_extensions.gypi b/chrome/chrome_browser_extensions.gypi index 7373c5ad3a68..9c8531171272 100644 --- a/chrome/chrome_browser_extensions.gypi +++ b/chrome/chrome_browser_extensions.gypi @@ -26,6 +26,8 @@ 'browser/extensions/api/messaging/native_message_host_chromeos.cc', 'browser/extensions/api/networking_private/crypto_verify_impl.cc', 'browser/extensions/api/networking_private/crypto_verify_impl.h', + 'browser/extensions/api/platform_keys/platform_keys_api.cc', + 'browser/extensions/api/platform_keys/platform_keys_api.h', 'browser/extensions/api/terminal/terminal_extension_helper.cc', 'browser/extensions/api/terminal/terminal_extension_helper.h', 'browser/extensions/api/terminal/terminal_private_api.cc', diff --git a/chrome/chrome_renderer.gypi b/chrome/chrome_renderer.gypi index 9cb878ab573a..675083f53884 100644 --- a/chrome/chrome_renderer.gypi +++ b/chrome/chrome_renderer.gypi @@ -94,8 +94,6 @@ 'renderer/extensions/chrome_v8_context.h', 'renderer/extensions/chrome_v8_extension_handler.cc', 'renderer/extensions/chrome_v8_extension_handler.h', - 'renderer/extensions/enterprise_platform_keys_natives.cc', - 'renderer/extensions/enterprise_platform_keys_natives.h', 'renderer/extensions/extension_frame_helper.cc', 'renderer/extensions/extension_frame_helper.h', 'renderer/extensions/extension_localization_peer.cc', @@ -110,6 +108,8 @@ 'renderer/extensions/notifications_native_handler.h', 'renderer/extensions/page_capture_custom_bindings.cc', 'renderer/extensions/page_capture_custom_bindings.h', + 'renderer/extensions/platform_keys_natives.cc', + 'renderer/extensions/platform_keys_natives.h', 'renderer/extensions/renderer_permissions_policy_delegate.cc', 'renderer/extensions/renderer_permissions_policy_delegate.h', 'renderer/extensions/resource_request_policy.cc', diff --git a/chrome/common/extensions/api/_api_features.json b/chrome/common/extensions/api/_api_features.json index bee6ab4e2660..26abbd079db7 100644 --- a/chrome/common/extensions/api/_api_features.json +++ b/chrome/common/extensions/api/_api_features.json @@ -558,6 +558,11 @@ "extension_types": ["extension", "legacy_packaged_app", "platform_app"], "contexts": ["blessed_extension"] }, + "platformKeysInternal": [{ + "dependencies": ["permission:enterprise.platformKeys"], + "internal": true, + "contexts": ["blessed_extension"] + }], "preferencesPrivate": { "dependencies": ["permission:preferencesPrivate"], "contexts": ["blessed_extension"] diff --git a/chrome/common/extensions/api/enterprise_platform_keys_internal.idl b/chrome/common/extensions/api/enterprise_platform_keys_internal.idl index 347f1a958d27..7d35f90f4371 100644 --- a/chrome/common/extensions/api/enterprise_platform_keys_internal.idl +++ b/chrome/common/extensions/api/enterprise_platform_keys_internal.idl @@ -33,24 +33,5 @@ namespace enterprise.platformKeysInternal { static void generateKey(DOMString tokenId, long modulusLength, GenerateKeyCallback callback); - - // Internal version of Token.sign. - // |tokenId| The id of a Token returned by |getTokens|. - // |publicKey| The Subject Public Key Info of a key previously generated by - // |generateKey| in DER encoding. - // |hashAlgorithmName| The recognized algorithm name as specified by - // WebCrypto of the hash algorithm that will be used to digest |data| - // before signing. Currently supported are: SHA-{1,256,384,512}. - // TODO(pneubeck): use an enum once supported: - // http://www.crbug.com/385539 . - // |data| The data to sign. - // |callback| Called back with the signature of |data|. - // TODO: Instead of ArrayBuffer should be (ArrayBuffer or ArrayBufferView), - // or at least (ArrayBuffer or Uint8Array). - static void sign(DOMString tokenId, - ArrayBuffer publicKey, - DOMString hashAlgorithmName, - ArrayBuffer data, - SignCallback callback); }; }; diff --git a/chrome/common/extensions/api/platform_keys_internal.idl b/chrome/common/extensions/api/platform_keys_internal.idl new file mode 100644 index 000000000000..afd68e51a818 --- /dev/null +++ b/chrome/common/extensions/api/platform_keys_internal.idl @@ -0,0 +1,34 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Internal API for to implement the platformKeys and enterprise.platformKeys +// APIs. +[ implemented_in = "chrome/browser/extensions/api/platform_keys/platform_keys_api.h" ] +namespace platformKeysInternal { + // Invoked by sign. + // |signature| The signature, a octet string. + callback SignCallback = void(ArrayBuffer signature); + + interface Functions { + // Internal version of platformKeys.subtleCrypto.sign and + // enterprise.platformKeys.Token.subtleCrypto.sign. + // |tokenId| The id of a Token returned by |getTokens|. + // |publicKey| The Subject Public Key Info of a key previously generated by + // |generateKey| in DER encoding. + // |hashAlgorithmName| The recognized algorithm name as specified by + // WebCrypto of the hash algorithm that will be used to digest |data| + // before signing. Currently supported are: SHA-{1,256,384,512}. + // TODO(pneubeck): use an enum once supported: + // http://www.crbug.com/385539 . + // |data| The data to sign. + // |callback| Called back with the signature of |data|. + // TODO: Instead of ArrayBuffer should be (ArrayBuffer or ArrayBufferView), + // or at least (ArrayBuffer or Uint8Array). + static void sign(DOMString tokenId, + ArrayBuffer publicKey, + DOMString hashAlgorithmName, + ArrayBuffer data, + SignCallback callback); + }; +}; diff --git a/chrome/common/extensions/api/schemas.gypi b/chrome/common/extensions/api/schemas.gypi index 4d1c3565165c..17fd692d40d9 100644 --- a/chrome/common/extensions/api/schemas.gypi +++ b/chrome/common/extensions/api/schemas.gypi @@ -117,6 +117,7 @@ 'file_system_provider_internal.idl', 'first_run_private.json', 'log_private.idl', + 'platform_keys_internal.idl', 'wallpaper.json', 'wallpaper_private.json', ], diff --git a/chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.cc b/chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.cc index 8625523aa285..4fe2ff4d0db6 100644 --- a/chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.cc +++ b/chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.cc @@ -16,12 +16,12 @@ #include "chrome/renderer/extensions/app_bindings.h" #include "chrome/renderer/extensions/automation_internal_custom_bindings.h" #include "chrome/renderer/extensions/chrome_v8_context.h" -#include "chrome/renderer/extensions/enterprise_platform_keys_natives.h" #include "chrome/renderer/extensions/file_browser_handler_custom_bindings.h" #include "chrome/renderer/extensions/file_manager_private_custom_bindings.h" #include "chrome/renderer/extensions/media_galleries_custom_bindings.h" #include "chrome/renderer/extensions/notifications_native_handler.h" #include "chrome/renderer/extensions/page_capture_custom_bindings.h" +#include "chrome/renderer/extensions/platform_keys_natives.h" #include "chrome/renderer/extensions/sync_file_system_custom_bindings.h" #include "chrome/renderer/extensions/tab_finder.h" #include "chrome/renderer/extensions/tabs_custom_bindings.h" @@ -100,10 +100,6 @@ void ChromeExtensionsDispatcherDelegate::RegisterNativeHandlers( scoped_ptr( new extensions::SyncFileSystemCustomBindings(context))); module_system->RegisterNativeHandler( - "enterprise_platform_keys_natives", - scoped_ptr( - new extensions::EnterprisePlatformKeysNatives(context))); - module_system->RegisterNativeHandler( "file_browser_handler", scoped_ptr( new extensions::FileBrowserHandlerCustomBindings(context))); @@ -124,6 +120,9 @@ void ChromeExtensionsDispatcherDelegate::RegisterNativeHandlers( scoped_ptr( new extensions::PageCaptureCustomBindings(context))); module_system->RegisterNativeHandler( + "platform_keys_natives", + scoped_ptr(new extensions::PlatformKeysNatives(context))); + module_system->RegisterNativeHandler( "tabs", scoped_ptr(new extensions::TabsCustomBindings(context))); module_system->RegisterNativeHandler( @@ -161,16 +160,12 @@ void ChromeExtensionsDispatcherDelegate::PopulateSourceMap( IDR_ENTERPRISE_PLATFORM_KEYS_CUSTOM_BINDINGS_JS); source_map->RegisterSource("enterprise.platformKeys.internalAPI", IDR_ENTERPRISE_PLATFORM_KEYS_INTERNAL_API_JS); - source_map->RegisterSource("enterprise.platformKeys.Key", - IDR_ENTERPRISE_PLATFORM_KEYS_KEY_JS); source_map->RegisterSource("enterprise.platformKeys.KeyPair", IDR_ENTERPRISE_PLATFORM_KEYS_KEY_PAIR_JS); source_map->RegisterSource("enterprise.platformKeys.SubtleCrypto", IDR_ENTERPRISE_PLATFORM_KEYS_SUBTLE_CRYPTO_JS); source_map->RegisterSource("enterprise.platformKeys.Token", IDR_ENTERPRISE_PLATFORM_KEYS_TOKEN_JS); - source_map->RegisterSource("enterprise.platformKeys.utils", - IDR_ENTERPRISE_PLATFORM_KEYS_UTILS_JS); source_map->RegisterSource("feedbackPrivate", IDR_FEEDBACK_PRIVATE_CUSTOM_BINDINGS_JS); source_map->RegisterSource("fileBrowserHandler", @@ -194,6 +189,12 @@ void ChromeExtensionsDispatcherDelegate::PopulateSourceMap( source_map->RegisterSource("pageAction", IDR_PAGE_ACTION_CUSTOM_BINDINGS_JS); source_map->RegisterSource("pageCapture", IDR_PAGE_CAPTURE_CUSTOM_BINDINGS_JS); + source_map->RegisterSource("platformKeys.internalAPI", + IDR_PLATFORM_KEYS_INTERNAL_API_JS); + source_map->RegisterSource("platformKeys.Key", IDR_PLATFORM_KEYS_KEY_JS); + source_map->RegisterSource("platformKeys.SubtleCrypto", + IDR_PLATFORM_KEYS_SUBTLE_CRYPTO_JS); + source_map->RegisterSource("platformKeys.utils", IDR_PLATFORM_KEYS_UTILS_JS); source_map->RegisterSource("syncFileSystem", IDR_SYNC_FILE_SYSTEM_CUSTOM_BINDINGS_JS); source_map->RegisterSource("systemIndicator", diff --git a/chrome/renderer/extensions/enterprise_platform_keys_natives.cc b/chrome/renderer/extensions/platform_keys_natives.cc similarity index 92% rename from chrome/renderer/extensions/enterprise_platform_keys_natives.cc rename to chrome/renderer/extensions/platform_keys_natives.cc index 9f84f7c60344..779b9091c9e3 100644 --- a/chrome/renderer/extensions/enterprise_platform_keys_natives.cc +++ b/chrome/renderer/extensions/platform_keys_natives.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "chrome/renderer/extensions/enterprise_platform_keys_natives.h" +#include "chrome/renderer/extensions/platform_keys_natives.h" #include @@ -73,15 +73,14 @@ scoped_ptr WebCryptoAlgorithmToBaseValue( } // namespace -EnterprisePlatformKeysNatives::EnterprisePlatformKeysNatives( - ScriptContext* context) +PlatformKeysNatives::PlatformKeysNatives(ScriptContext* context) : ObjectBackedNativeHandler(context) { RouteFunction("NormalizeAlgorithm", - base::Bind(&EnterprisePlatformKeysNatives::NormalizeAlgorithm, + base::Bind(&PlatformKeysNatives::NormalizeAlgorithm, base::Unretained(this))); } -void EnterprisePlatformKeysNatives::NormalizeAlgorithm( +void PlatformKeysNatives::NormalizeAlgorithm( const v8::FunctionCallbackInfo& call_info) { DCHECK_EQ(call_info.Length(), 2); DCHECK(call_info[0]->IsObject()); diff --git a/chrome/renderer/extensions/enterprise_platform_keys_natives.h b/chrome/renderer/extensions/platform_keys_natives.h similarity index 71% rename from chrome/renderer/extensions/enterprise_platform_keys_natives.h rename to chrome/renderer/extensions/platform_keys_natives.h index 9649aee268d1..e83341424e7a 100644 --- a/chrome/renderer/extensions/enterprise_platform_keys_natives.h +++ b/chrome/renderer/extensions/platform_keys_natives.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef CHROME_RENDERER_EXTENSIONS_ENTERPRISE_PLATFORM_KEYS_NATIVES_H_ -#define CHROME_RENDERER_EXTENSIONS_ENTERPRISE_PLATFORM_KEYS_NATIVES_H_ +#ifndef CHROME_RENDERER_EXTENSIONS_PLATFORM_KEYS_NATIVES_H_ +#define CHROME_RENDERER_EXTENSIONS_PLATFORM_KEYS_NATIVES_H_ #include "extensions/renderer/object_backed_native_handler.h" #include "v8/include/v8.h" @@ -11,9 +11,9 @@ namespace extensions { class ScriptContext; -class EnterprisePlatformKeysNatives : public ObjectBackedNativeHandler { +class PlatformKeysNatives : public ObjectBackedNativeHandler { public: - explicit EnterprisePlatformKeysNatives(ScriptContext* context); + explicit PlatformKeysNatives(ScriptContext* context); private: // Normalizes algorithm parameters, and then validates the expected parameters @@ -27,9 +27,9 @@ class EnterprisePlatformKeysNatives : public ObjectBackedNativeHandler { // arrays instead of typed arrays (e.g. for RSA publicExponent). void NormalizeAlgorithm(const v8::FunctionCallbackInfo& call_info); - DISALLOW_COPY_AND_ASSIGN(EnterprisePlatformKeysNatives); + DISALLOW_COPY_AND_ASSIGN(PlatformKeysNatives); }; } // namespace extensions -#endif // CHROME_RENDERER_EXTENSIONS_ENTERPRISE_PLATFORM_KEYS_NATIVES_H_ +#endif // CHROME_RENDERER_EXTENSIONS_PLATFORM_KEYS_NATIVES_H_ diff --git a/chrome/renderer/resources/extensions/enterprise_platform_keys/key_pair.js b/chrome/renderer/resources/extensions/enterprise_platform_keys/key_pair.js index 581a2e870649..dc06f16498dd 100644 --- a/chrome/renderer/resources/extensions/enterprise_platform_keys/key_pair.js +++ b/chrome/renderer/resources/extensions/enterprise_platform_keys/key_pair.js @@ -3,8 +3,8 @@ // found in the LICENSE file. var utils = require('utils'); -var intersect = require('enterprise.platformKeys.utils').intersect; -var keyModule = require('enterprise.platformKeys.Key'); +var intersect = require('platformKeys.utils').intersect; +var keyModule = require('platformKeys.Key'); var Key = keyModule.Key; var KeyType = keyModule.KeyType; var KeyUsage = keyModule.KeyUsage; diff --git a/chrome/renderer/resources/extensions/enterprise_platform_keys/subtle_crypto.js b/chrome/renderer/resources/extensions/enterprise_platform_keys/subtle_crypto.js index 017a3e26d7f0..ece243057d53 100644 --- a/chrome/renderer/resources/extensions/enterprise_platform_keys/subtle_crypto.js +++ b/chrome/renderer/resources/extensions/enterprise_platform_keys/subtle_crypto.js @@ -4,14 +4,15 @@ var utils = require('utils'); var internalAPI = require('enterprise.platformKeys.internalAPI'); -var intersect = require('enterprise.platformKeys.utils').intersect; +var intersect = require('platformKeys.utils').intersect; +var subtleCryptoModule = require('platformKeys.SubtleCrypto'); +var SubtleCrypto = subtleCryptoModule.SubtleCrypto; +var SubtleCryptoImpl = subtleCryptoModule.SubtleCryptoImpl; var KeyPair = require('enterprise.platformKeys.KeyPair').KeyPair; -var keyModule = require('enterprise.platformKeys.Key'); -var getSpki = keyModule.getSpki; -var KeyUsage = keyModule.KeyUsage; +var KeyUsage = require('platformKeys.Key').KeyUsage; var normalizeAlgorithm = - requireNative('enterprise_platform_keys_natives').NormalizeAlgorithm; + requireNative('platform_keys_natives').NormalizeAlgorithm; // This error is thrown by the internal and public API's token functions and // must be rethrown by this custom binding. Keep this in sync with the C++ part @@ -72,14 +73,18 @@ function equalsStandardPublicExponent(array) { /** * Implementation of WebCrypto.SubtleCrypto used in enterprise.platformKeys. + * Derived from platformKeys.SubtleCrypto. * @param {string} tokenId The id of the backing Token. * @constructor */ -var SubtleCryptoImpl = function(tokenId) { - this.tokenId = tokenId; +var EnterpriseSubtleCryptoImpl = function(tokenId) { + SubtleCryptoImpl.call(this, tokenId); }; -SubtleCryptoImpl.prototype.generateKey = +EnterpriseSubtleCryptoImpl.prototype = + Object.create(SubtleCryptoImpl.prototype); + +EnterpriseSubtleCryptoImpl.prototype.generateKey = function(algorithm, extractable, keyUsages) { var subtleCrypto = this; return new Promise(function(resolve, reject) { @@ -128,58 +133,11 @@ SubtleCryptoImpl.prototype.generateKey = }); }; -SubtleCryptoImpl.prototype.sign = function(algorithm, key, dataView) { - var subtleCrypto = this; - return new Promise(function(resolve, reject) { - if (key.type != 'private' || key.usages.indexOf(KeyUsage.sign) == -1) - throw CreateInvalidAccessError(); - - var normalizedAlgorithmParameters = - normalizeAlgorithm(algorithm, 'Sign'); - if (!normalizedAlgorithmParameters) { - // TODO(pneubeck): It's not clear from the WebCrypto spec which error to - // throw here. - throw CreateSyntaxError(); - } - - // Create an ArrayBuffer that equals the dataView. Note that dataView.buffer - // might contain more data than dataView. - var data = dataView.buffer.slice(dataView.byteOffset, - dataView.byteOffset + dataView.byteLength); - internalAPI.sign(subtleCrypto.tokenId, - getSpki(key), - key.algorithm.hash.name, - data, - function(signature) { - if (catchInvalidTokenError(reject)) - return; - if (chrome.runtime.lastError) { - reject(CreateOperationError()); - return; - } - resolve(signature); - }); - }); -}; - -SubtleCryptoImpl.prototype.exportKey = function(format, key) { - return new Promise(function(resolve, reject) { - if (format == 'pkcs8') { - // Either key.type is not 'private' or the key is not extractable. In both - // cases the error is the same. - throw CreateInvalidAccessError(); - } else if (format == 'spki') { - if (key.type != 'public') - throw CreateInvalidAccessError(); - resolve(getSpki(key)); - } else { - // TODO(pneubeck): It should be possible to export to format 'jwk'. - throw CreateNotSupportedError(); - } - }); -}; - exports.SubtleCrypto = utils.expose('SubtleCrypto', - SubtleCryptoImpl, - {functions:['generateKey', 'sign', 'exportKey']}); + EnterpriseSubtleCryptoImpl, + { + superclass: SubtleCrypto, + functions: ['generateKey'] + // ['sign', 'exportKey'] are exposed by the base class + }); diff --git a/chrome/renderer/resources/extensions/platform_keys/OWNERS b/chrome/renderer/resources/extensions/platform_keys/OWNERS new file mode 100644 index 000000000000..713045b673fa --- /dev/null +++ b/chrome/renderer/resources/extensions/platform_keys/OWNERS @@ -0,0 +1 @@ +pneubeck@chromium.org diff --git a/chrome/renderer/resources/extensions/platform_keys/internal_api.js b/chrome/renderer/resources/extensions/platform_keys/internal_api.js new file mode 100644 index 000000000000..b15211667806 --- /dev/null +++ b/chrome/renderer/resources/extensions/platform_keys/internal_api.js @@ -0,0 +1,9 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +var binding = require('binding') + .Binding.create('platformKeysInternal') + .generate(); + +exports.sign = binding.sign; diff --git a/chrome/renderer/resources/extensions/enterprise_platform_keys/key.js b/chrome/renderer/resources/extensions/platform_keys/key.js similarity index 100% rename from chrome/renderer/resources/extensions/enterprise_platform_keys/key.js rename to chrome/renderer/resources/extensions/platform_keys/key.js diff --git a/chrome/renderer/resources/extensions/enterprise_platform_keys/subtle_crypto.js b/chrome/renderer/resources/extensions/platform_keys/subtle_crypto.js similarity index 54% copy from chrome/renderer/resources/extensions/enterprise_platform_keys/subtle_crypto.js copy to chrome/renderer/resources/extensions/platform_keys/subtle_crypto.js index 017a3e26d7f0..14a5388cef3a 100644 --- a/chrome/renderer/resources/extensions/enterprise_platform_keys/subtle_crypto.js +++ b/chrome/renderer/resources/extensions/platform_keys/subtle_crypto.js @@ -1,17 +1,15 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. +// Copyright 2015 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. var utils = require('utils'); -var internalAPI = require('enterprise.platformKeys.internalAPI'); -var intersect = require('enterprise.platformKeys.utils').intersect; -var KeyPair = require('enterprise.platformKeys.KeyPair').KeyPair; -var keyModule = require('enterprise.platformKeys.Key'); +var internalAPI = require('platformKeys.internalAPI'); +var keyModule = require('platformKeys.Key'); var getSpki = keyModule.getSpki; var KeyUsage = keyModule.KeyUsage; var normalizeAlgorithm = - requireNative('enterprise_platform_keys_natives').NormalizeAlgorithm; + requireNative('platform_keys_natives').NormalizeAlgorithm; // This error is thrown by the internal and public API's token functions and // must be rethrown by this custom binding. Keep this in sync with the C++ part @@ -51,27 +49,9 @@ function catchInvalidTokenError(reject) { return false; } -// Returns true if |array| is a BigInteger describing the standard public -// exponent 65537. In particular, it ignores leading zeros as required by the -// BigInteger definition in WebCrypto. -function equalsStandardPublicExponent(array) { - var expected = [0x01, 0x00, 0x01]; - if (array.length < expected.length) - return false; - for (var i = 0; i < array.length; i++) { - var expectedDigit = 0; - if (i < expected.length) { - // |expected| is symmetric, endianness doesn't matter. - expectedDigit = expected[i]; - } - if (array[array.length - 1 - i] !== expectedDigit) - return false; - } - return true; -} - /** - * Implementation of WebCrypto.SubtleCrypto used in enterprise.platformKeys. + * Implementation of WebCrypto.SubtleCrypto used in platformKeys and + * enterprise.platformKeys. * @param {string} tokenId The id of the backing Token. * @constructor */ @@ -79,55 +59,6 @@ var SubtleCryptoImpl = function(tokenId) { this.tokenId = tokenId; }; -SubtleCryptoImpl.prototype.generateKey = - function(algorithm, extractable, keyUsages) { - var subtleCrypto = this; - return new Promise(function(resolve, reject) { - // TODO(pneubeck): Apply the algorithm normalization of the WebCrypto - // implementation. - - if (extractable) { - // Note: This deviates from WebCrypto.SubtleCrypto. - throw CreateNotSupportedError(); - } - if (intersect(keyUsages, [KeyUsage.sign, KeyUsage.verify]).length != - keyUsages.length) { - throw CreateDataError(); - } - var normalizedAlgorithmParameters = - normalizeAlgorithm(algorithm, 'GenerateKey'); - if (!normalizedAlgorithmParameters) { - // TODO(pneubeck): It's not clear from the WebCrypto spec which error to - // throw here. - throw CreateSyntaxError(); - } - - // normalizeAlgorithm returns an array, but publicExponent should be a - // Uint8Array. - normalizedAlgorithmParameters.publicExponent = - new Uint8Array(normalizedAlgorithmParameters.publicExponent); - - if (normalizedAlgorithmParameters.name !== 'RSASSA-PKCS1-v1_5' || - !equalsStandardPublicExponent( - normalizedAlgorithmParameters.publicExponent)) { - // Note: This deviates from WebCrypto.SubtleCrypto. - throw CreateNotSupportedError(); - } - - internalAPI.generateKey(subtleCrypto.tokenId, - normalizedAlgorithmParameters.modulusLength, - function(spki) { - if (catchInvalidTokenError(reject)) - return; - if (chrome.runtime.lastError) { - reject(CreateOperationError()); - return; - } - resolve(new KeyPair(spki, normalizedAlgorithmParameters, keyUsages)); - }); - }); -}; - SubtleCryptoImpl.prototype.sign = function(algorithm, key, dataView) { var subtleCrypto = this; return new Promise(function(resolve, reject) { @@ -179,7 +110,10 @@ SubtleCryptoImpl.prototype.exportKey = function(format, key) { }); }; +// Required for subclassing. +exports.SubtleCryptoImpl = SubtleCryptoImpl + exports.SubtleCrypto = utils.expose('SubtleCrypto', SubtleCryptoImpl, - {functions:['generateKey', 'sign', 'exportKey']}); + {functions:['sign', 'exportKey']}); diff --git a/chrome/renderer/resources/extensions/enterprise_platform_keys/utils.js b/chrome/renderer/resources/extensions/platform_keys/utils.js similarity index 100% rename from chrome/renderer/resources/extensions/enterprise_platform_keys/utils.js rename to chrome/renderer/resources/extensions/platform_keys/utils.js diff --git a/chrome/renderer/resources/renderer_resources.grd b/chrome/renderer/resources/renderer_resources.grd index 7fdc68243b07..da0a535dfbf2 100644 --- a/chrome/renderer/resources/renderer_resources.grd +++ b/chrome/renderer/resources/renderer_resources.grd @@ -53,11 +53,9 @@ - - @@ -76,6 +74,10 @@ + + + + diff --git a/extensions/browser/extension_function_histogram_value.h b/extensions/browser/extension_function_histogram_value.h index b6a4fdb63552..83353a18f16f 100644 --- a/extensions/browser/extension_function_histogram_value.h +++ b/extensions/browser/extension_function_histogram_value.h @@ -835,7 +835,7 @@ enum HistogramValue { NETWORKINGPRIVATE_GETNETWORKS, DELETED_WEBVIEW_SETNAME, ENTERPRISE_PLATFORMKEYSINTERNAL_GENERATEKEY, - ENTERPRISE_PLATFORMKEYSINTERNAL_SIGN, + PLATFORMKEYSINTERNAL_SIGN, ENTERPRISE_PLATFORMKEYSINTERNAL_GETTOKENS, ENTERPRISE_PLATFORMKEYS_GETCERTIFICATES, ENTERPRISE_PLATFORMKEYS_IMPORTCERTIFICATE, diff --git a/tools/metrics/histograms/histograms.xml b/tools/metrics/histograms/histograms.xml index 31a820824cb0..527ea1c9d418 100644 --- a/tools/metrics/histograms/histograms.xml +++ b/tools/metrics/histograms/histograms.xml @@ -46698,7 +46698,7 @@ Therefore, the affected-histogram name has to have at least one dot in it. - + -- 2.11.4.GIT