platformKeys: Add per-extension sign permissions.

PlatformKeysService now supports persisting whether an extension is allowed to sign data with a key an unlimited number of times. Currently, these permissions are only granted in the accompanying browser test and not in production, because UI is still missing. BUG=450167 Review URL: https://codereview.chromium.org/905523002 Cr-Commit-Position: refs/heads/master@{#317053}
marcosholgado · Feb 19, 2015 · cbcdfd8 · cbcdfd8
1 parent e2c9d12
commit cbcdfd8
Show file tree

Hide file tree

Showing 7 changed files with 701 additions and 177 deletions.
diff --git a/chrome/browser/chromeos/platform_keys/platform_keys.h b/chrome/browser/chromeos/platform_keys/platform_keys.h
@@ -113,16 +113,19 @@ void SelectClientCertificates(const ClientCertificateRequest& request,
 
 }  // namespace subtle
 
+// Returns the DER encoding of the X.509 Subject Public Key Info of the public
+// key in |certificate|.
+std::string GetSubjectPublicKeyInfo(
+    const scoped_refptr<net::X509Certificate>& certificate);
+
 // Obtains information about the public key in |certificate|.
 // If |certificate| contains an RSA key, sets |key_size_bits| to the modulus
-// length, |public_key_spki_der| to the DER encoding of the X.509 Subject Public
-// Key Info, and |key_type| to type RSA and returns true.
+// length, and |key_type| to type RSA and returns true.
 // If |certificate| contains any other key type, or if the public exponent of
 // the RSA key in |certificate| is not F4, returns false and does not update any
 // of the output parameters.
 // All pointer arguments must not be null.
 bool GetPublicKey(const scoped_refptr<net::X509Certificate>& certificate,
-                  std::string* public_key_spki_der,
                   net::X509Certificate::PublicKeyType* key_type,
                   size_t* key_size_bits);
 

diff --git a/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc b/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
@@ -777,12 +777,15 @@ void SelectClientCertificates(const ClientCertificateRequest& request,
 
 }  // namespace subtle
 
+std::string GetSubjectPublicKeyInfo(
+    const scoped_refptr<net::X509Certificate>& certificate) {
+  const SECItem& spki_der = certificate->os_cert_handle()->derPublicKey;
+  return std::string(spki_der.data, spki_der.data + spki_der.len);
+}
+
 bool GetPublicKey(const scoped_refptr<net::X509Certificate>& certificate,
-                  std::string* public_key_spki_der,
                   net::X509Certificate::PublicKeyType* key_type,
                   size_t* key_size_bits) {
-  const SECItem& spki_der = certificate->os_cert_handle()->derPublicKey;
-
   net::X509Certificate::PublicKeyType key_type_tmp =
       net::X509Certificate::kPublicKeyTypeUnknown;
   size_t key_size_bits_tmp = 0;
@@ -810,10 +813,8 @@ bool GetPublicKey(const scoped_refptr<net::X509Certificate>& certificate,
     return false;
   }
 
-  public_key_spki_der->assign(spki_der.data, spki_der.data + spki_der.len);
   *key_type = key_type_tmp;
   *key_size_bits = key_size_bits_tmp;
-
   return true;
 }