Pepper API implementation for platform verification.

Plumbs all relevant sections of the PPAPI portions of the API for ChromeOS only. The test is currently disabled pending changes to implement the UI portions of this feature. BUG=270294 TEST=browser_tests --gtest_filter=*PlatformVerification* TBR=mnissler Review URL: https://chromiumcodereview.appspot.com/23523028 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@223687 0039d316-1c4b-4281-b951-d872f2087c98
author: dalecurtis@chromium.org <dalecurtis@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-09-17 20:58:27 +0000
committer: dalecurtis@chromium.org <dalecurtis@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-09-17 20:58:27 +0000
commit: b1a9d9a98b9e6aa6dcf6b4bbc6df950198594364 (patch)
tree: b506da54dd7fb640bcc263f3aba9f6089b30e885
parent: 3121bdc81fd9647a31e132af7246d97d6ec185c4 (diff)
download: chromium_src-b1a9d9a98b9e6aa6dcf6b4bbc6df950198594364.zip
chromium_src-b1a9d9a98b9e6aa6dcf6b4bbc6df950198594364.tar.gz
chromium_src-b1a9d9a98b9e6aa6dcf6b4bbc6df950198594364.tar.bz2
33 files changed, 763 insertions, 15 deletions
diff --git a/chrome/browser/chromeos/attestation/platform_verification_flow.cc b/chrome/browser/chromeos/attestation/platform_verification_flow.cc
index 5eb462e..4a854a2 100644
--- a/chrome/browser/chromeos/attestation/platform_verification_flow.cc
+++ b/chrome/browser/chromeos/attestation/platform_verification_flow.cc
@@ -82,6 +82,7 @@ PlatformVerificationFlow::PlatformVerificationFlow()
       async_caller_(cryptohome::AsyncMethodCaller::GetInstance()),
       cryptohome_client_(DBusThreadManager::Get()->GetCryptohomeClient()),
       user_manager_(UserManager::Get()),
+      statistics_provider_(system::StatisticsProvider::GetInstance()),
       delegate_(NULL),
       testing_prefs_(NULL),
       weak_factory_(this) {
diff --git a/chrome/browser/component_updater/ppapi_utils.cc b/chrome/browser/component_updater/ppapi_utils.cc
index 9696747..6b43400 100644
--- a/chrome/browser/component_updater/ppapi_utils.cc
+++ b/chrome/browser/component_updater/ppapi_utils.cc
@@ -5,6 +5,7 @@
 
 #include <cstring>
 
+#include "build/build_config.h"
 #include "ppapi/c/dev/ppb_audio_input_dev.h"
 #include "ppapi/c/dev/ppb_buffer_dev.h"
 #include "ppapi/c/dev/ppb_char_set_dev.h"
@@ -104,6 +105,10 @@
 #include "ppapi/c/trusted/ppb_url_loader_trusted.h"
 #include "ppapi/thunk/thunk.h"
 
+#if defined(OS_CHROMEOS)
+#include "ppapi/c/private/ppb_platform_verification_private.h"
+#endif
+
 bool IsSupportedPepperInterface(const char* name) {
   // TODO(brettw) put these in a hash map for better performance.
   #define UNPROXIED_IFACE(api_name, iface_str, iface_struct) \
diff --git a/chrome/browser/renderer_host/pepper/chrome_browser_pepper_host_factory.cc b/chrome/browser/renderer_host/pepper/chrome_browser_pepper_host_factory.cc
index f7b48f7..6887303 100644
--- a/chrome/browser/renderer_host/pepper/chrome_browser_pepper_host_factory.cc
+++ b/chrome/browser/renderer_host/pepper/chrome_browser_pepper_host_factory.cc
@@ -4,12 +4,14 @@
 
 #include "chrome/browser/renderer_host/pepper/chrome_browser_pepper_host_factory.h"
 
+#include "build/build_config.h"
 #include "chrome/browser/renderer_host/pepper/pepper_broker_message_filter.h"
 #include "chrome/browser/renderer_host/pepper/pepper_crx_file_system_message_filter.h"
 #include "chrome/browser/renderer_host/pepper/pepper_extensions_common_message_filter.h"
 #include "chrome/browser/renderer_host/pepper/pepper_flash_browser_host.h"
 #include "chrome/browser/renderer_host/pepper/pepper_flash_clipboard_message_filter.h"
 #include "chrome/browser/renderer_host/pepper/pepper_flash_drm_host.h"
+#include "chrome/browser/renderer_host/pepper/pepper_platform_verification_message_filter.h"
 #include "chrome/browser/renderer_host/pepper/pepper_talk_host.h"
 #include "content/public/browser/browser_ppapi_host.h"
 #include "ppapi/host/message_filter_host.h"
@@ -70,6 +72,14 @@ scoped_ptr<ResourceHost> ChromeBrowserPepperHostFactory::CreateResourceHost(
             host_->GetPpapiHost(), instance, params.pp_resource(),
             broker_filter));
       }
+#if defined(OS_CHROMEOS)
+      case PpapiHostMsg_PlatformVerification_Create::ID: {
+        scoped_refptr<ResourceMessageFilter> pv_filter(
+            new PepperPlatformVerificationMessageFilter(host_, instance));
+        return scoped_ptr<ResourceHost>(new MessageFilterHost(
+            host_->GetPpapiHost(), instance, params.pp_resource(), pv_filter));
+      }
+#endif
       case PpapiHostMsg_Talk_Create::ID:
         return scoped_ptr<ResourceHost>(new PepperTalkHost(
             host_, instance, params.pp_resource()));
diff --git a/chrome/browser/renderer_host/pepper/pepper_platform_verification_message_filter.cc b/chrome/browser/renderer_host/pepper/pepper_platform_verification_message_filter.cc
new file mode 100644
index 0000000..23c2b7a
--- /dev/null
+++ b/chrome/browser/renderer_host/pepper/pepper_platform_verification_message_filter.cc
@@ -0,0 +1,138 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/renderer_host/pepper/pepper_platform_verification_message_filter.h"
+
+#include "base/bind_helpers.h"
+#include "content/public/browser/browser_ppapi_host.h"
+#include "content/public/browser/browser_thread.h"
+#include "content/public/browser/render_view_host.h"
+#include "content/public/browser/web_contents.h"
+#include "ppapi/c/pp_errors.h"
+#include "ppapi/host/dispatch_host_message.h"
+#include "ppapi/host/host_message_context.h"
+#include "ppapi/host/ppapi_host.h"
+#include "ppapi/proxy/ppapi_messages.h"
+
+using chromeos::attestation::PlatformVerificationFlow;
+
+namespace chrome {
+
+PepperPlatformVerificationMessageFilter::
+    PepperPlatformVerificationMessageFilter(content::BrowserPpapiHost* host,
+                                            PP_Instance instance)
+    : render_process_id_(0), render_view_id_(0) {
+  host->GetRenderViewIDsForInstance(
+      instance, &render_process_id_, &render_view_id_);
+}
+
+PepperPlatformVerificationMessageFilter::
+    ~PepperPlatformVerificationMessageFilter() {}
+
+scoped_refptr<base::TaskRunner>
+PepperPlatformVerificationMessageFilter::OverrideTaskRunnerForMessage(
+    const IPC::Message& msg) {
+  return content::BrowserThread::GetMessageLoopProxyForThread(
+      content::BrowserThread::UI);
+}
+
+int32_t PepperPlatformVerificationMessageFilter::OnResourceMessageReceived(
+    const IPC::Message& msg,
+    ppapi::host::HostMessageContext* context) {
+  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
+
+  IPC_BEGIN_MESSAGE_MAP(PepperPlatformVerificationMessageFilter, msg)
+    PPAPI_DISPATCH_HOST_RESOURCE_CALL_0(
+        PpapiHostMsg_PlatformVerification_CanChallengePlatform,
+        OnCanChallengePlatform)
+    PPAPI_DISPATCH_HOST_RESOURCE_CALL(
+        PpapiHostMsg_PlatformVerification_ChallengePlatform,
+        OnChallengePlatform)
+  IPC_END_MESSAGE_MAP()
+
+  return PP_ERROR_FAILED;
+}
+
+int32_t PepperPlatformVerificationMessageFilter::OnCanChallengePlatform(
+    ppapi::host::HostMessageContext* context) {
+  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
+  if (!pv_)
+    pv_.reset(new PlatformVerificationFlow());
+  pv_->CheckPlatformState(base::Bind(
+      &PepperPlatformVerificationMessageFilter::CanChallengePlatformCallback,
+      this,
+      context->MakeReplyMessageContext()));
+  return PP_OK_COMPLETIONPENDING;
+}
+
+int32_t PepperPlatformVerificationMessageFilter::OnChallengePlatform(
+    ppapi::host::HostMessageContext* context,
+    const std::string& service_id,
+    const std::vector<uint8_t>& challenge) {
+  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
+
+  // Ensure the RenderViewHost is still alive.
+  content::RenderViewHost* rvh =
+      content::RenderViewHost::FromID(render_process_id_, render_view_id_);
+  if (!rvh) {
+    ppapi::host::ReplyMessageContext reply_context =
+        context->MakeReplyMessageContext();
+    reply_context.params.set_result(PP_ERROR_FAILED);
+    SendReply(
+        reply_context,
+        PpapiHostMsg_PlatformVerification_ChallengePlatformReply(
+            std::vector<uint8_t>(), std::vector<uint8_t>(), std::string()));
+    return PP_OK_COMPLETIONPENDING;
+  }
+
+  if (!pv_)
+    pv_.reset(new PlatformVerificationFlow());
+
+  pv_->ChallengePlatformKey(
+      content::WebContents::FromRenderViewHost(rvh),
+      service_id,
+      std::string(challenge.begin(), challenge.end()),
+      base::Bind(
+          &PepperPlatformVerificationMessageFilter::ChallengePlatformCallback,
+          this,
+          context->MakeReplyMessageContext()));
+
+  return PP_OK_COMPLETIONPENDING;
+}
+
+void PepperPlatformVerificationMessageFilter::CanChallengePlatformCallback(
+    ppapi::host::ReplyMessageContext reply_context,
+    bool can_challenge_platform) {
+  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
+  reply_context.params.set_result(PP_OK);
+  SendReply(reply_context,
+            PpapiHostMsg_PlatformVerification_CanChallengePlatformReply(
+                can_challenge_platform));
+}
+
+void PepperPlatformVerificationMessageFilter::ChallengePlatformCallback(
+    ppapi::host::ReplyMessageContext reply_context,
+    chromeos::attestation::PlatformVerificationFlow::Result challenge_result,
+    const std::string& signed_data,
+    const std::string& signature,
+    const std::string& platform_key_certificate) {
+  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
+
+  if (challenge_result == PlatformVerificationFlow::SUCCESS) {
+    reply_context.params.set_result(PP_OK);
+  } else {
+    reply_context.params.set_result(PP_ERROR_FAILED);
+    DCHECK_EQ(signed_data.size(), 0u);
+    DCHECK_EQ(signature.size(), 0u);
+    DCHECK_EQ(platform_key_certificate.size(), 0u);
+  }
+
+  SendReply(reply_context,
+            PpapiHostMsg_PlatformVerification_ChallengePlatformReply(
+                std::vector<uint8_t>(signed_data.begin(), signed_data.end()),
+                std::vector<uint8_t>(signature.begin(), signature.end()),
+                platform_key_certificate));
+}
+
+}  // namespace chrome
diff --git a/chrome/browser/renderer_host/pepper/pepper_platform_verification_message_filter.h b/chrome/browser/renderer_host/pepper/pepper_platform_verification_message_filter.h
new file mode 100644
index 0000000..f13d320
--- /dev/null
+++ b/chrome/browser/renderer_host/pepper/pepper_platform_verification_message_filter.h
@@ -0,0 +1,69 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_RENDERER_HOST_PEPPER_PEPPER_PLATFORM_VERIFICATION_MESSAGE_FILTER_H_
+#define CHROME_BROWSER_RENDERER_HOST_PEPPER_PEPPER_PLATFORM_VERIFICATION_MESSAGE_FILTER_H_
+
+#include "chrome/browser/chromeos/attestation/platform_verification_flow.h"
+#include "ppapi/c/pp_instance.h"
+#include "ppapi/host/resource_message_filter.h"
+
+namespace content {
+class BrowserPpapiHost;
+}  // namespace content
+
+namespace ppapi {
+namespace host {
+struct HostMessageContext;
+}  // namespace host
+}  // namespace ppapi
+
+namespace chrome {
+
+// This filter handles messages for platform verification on the UI thread.
+class PepperPlatformVerificationMessageFilter
+    : public ppapi::host::ResourceMessageFilter {
+ public:
+  PepperPlatformVerificationMessageFilter(content::BrowserPpapiHost* host,
+                                          PP_Instance instance);
+
+ private:
+  virtual ~PepperPlatformVerificationMessageFilter();
+
+  // ppapi::host::ResourceMessageFilter overrides.
+  virtual scoped_refptr<base::TaskRunner> OverrideTaskRunnerForMessage(
+      const IPC::Message& message) OVERRIDE;
+  virtual int32_t OnResourceMessageReceived(
+      const IPC::Message& msg,
+      ppapi::host::HostMessageContext* context) OVERRIDE;
+
+  int32_t OnCanChallengePlatform(ppapi::host::HostMessageContext* context);
+  int32_t OnChallengePlatform(ppapi::host::HostMessageContext* context,
+                              const std::string& service_id,
+                              const std::vector<uint8_t>& challenge);
+
+  // PlatformVerificationFlow callbacks.
+  void CanChallengePlatformCallback(
+      ppapi::host::ReplyMessageContext reply_context,
+      bool can_challenge_platform);
+  void ChallengePlatformCallback(
+      ppapi::host::ReplyMessageContext reply_context,
+      chromeos::attestation::PlatformVerificationFlow::Result challenge_result,
+      const std::string& signed_data,
+      const std::string& signature,
+      const std::string& platform_key_certificate);
+
+  // Used to lookup the WebContents associated with this PP_Instance.
+  int render_process_id_;
+  int render_view_id_;
+
+  // Must only be accessed on the UI thread.
+  scoped_ptr<chromeos::attestation::PlatformVerificationFlow> pv_;
+
+  DISALLOW_COPY_AND_ASSIGN(PepperPlatformVerificationMessageFilter);
+};
+
+}  // namespace chrome
+
+#endif  // CHROME_BROWSER_RENDERER_HOST_PEPPER_PEPPER_PLATFORM_VERIFICATION_MESSAGE_FILTER_H_
diff --git a/chrome/chrome_browser.gypi b/chrome/chrome_browser.gypi
index 5684ce41..cbd7009 100644
--- a/chrome/chrome_browser.gypi
+++ b/chrome/chrome_browser.gypi
@@ -1764,6 +1764,8 @@
         'browser/renderer_host/pepper/pepper_flash_clipboard_message_filter.h',
         'browser/renderer_host/pepper/pepper_flash_drm_host.cc',
         'browser/renderer_host/pepper/pepper_flash_drm_host.h',
+        'browser/renderer_host/pepper/pepper_platform_verification_message_filter.cc',
+        'browser/renderer_host/pepper/pepper_platform_verification_message_filter.h',
         'browser/renderer_host/pepper/pepper_talk_host.cc',
         'browser/renderer_host/pepper/pepper_talk_host.h',
         'browser/renderer_host/safe_browsing_resource_throttle.cc',
@@ -2826,6 +2828,8 @@
             'browser/policy/proto/chrome_device_policy.pb.h',
             'browser/renderer_host/offline_resource_throttle.cc',
             'browser/renderer_host/offline_resource_throttle.h',
+            'browser/renderer_host/pepper/pepper_platform_verification_message_filter.cc',
+            'browser/renderer_host/pepper/pepper_platform_verification_message_filter.h',
           ],
         }, {  # chromeos==1
           'dependencies': [
diff --git a/chrome/test/ppapi/ppapi_browsertest.cc b/chrome/test/ppapi/ppapi_browsertest.cc
index 234598c..7dadd5c 100644
--- a/chrome/test/ppapi/ppapi_browsertest.cc
+++ b/chrome/test/ppapi/ppapi_browsertest.cc
@@ -1526,6 +1526,12 @@ TEST_PPAPI_OUT_OF_PROCESS(MAYBE_FlashFullscreen)
 
 TEST_PPAPI_OUT_OF_PROCESS(PDF)
 
+// TODO(dalecurtis): Renable once the platform verification infobar has been
+// implemented; see http://crbug.com/270908
+// #if defined(OS_CHROMEOS)
+// TEST_PPAPI_OUT_OF_PROCESS(PlatformVerificationPrivate)
+// #endif
+
 IN_PROC_BROWSER_TEST_F(OutOfProcessPPAPITest, FlashDRM) {
   RunTest(
 #if (defined(OS_WIN) && defined(ENABLE_RLZ)) || defined(OS_CHROMEOS)
diff --git a/content/renderer/pepper/plugin_module.cc b/content/renderer/pepper/plugin_module.cc
index 04a5041..e666b2d 100644
--- a/content/renderer/pepper/plugin_module.cc
+++ b/content/renderer/pepper/plugin_module.cc
@@ -13,6 +13,7 @@
 #include "base/message_loop/message_loop.h"
 #include "base/message_loop/message_loop_proxy.h"
 #include "base/time/time.h"
+#include "build/build_config.h"
 #include "content/common/view_messages.h"
 #include "content/public/renderer/content_renderer_client.h"
 #include "content/renderer/pepper/common.h"
@@ -137,6 +138,10 @@
 #include "ppapi/thunk/ppb_graphics_2d_api.h"
 #include "ppapi/thunk/thunk.h"
 
+#if defined(OS_CHROMEOS)
+#include "ppapi/c/private/ppb_platform_verification_private.h"
+#endif
+
 using ppapi::InputEventData;
 using ppapi::PpapiGlobals;
 using ppapi::TimeTicksToPPTimeTicks;
diff --git a/content/renderer/pepper/resource_creation_impl.cc b/content/renderer/pepper/resource_creation_impl.cc
index ca02ad4..61c73ae 100644
--- a/content/renderer/pepper/resource_creation_impl.cc
+++ b/content/renderer/pepper/resource_creation_impl.cc
@@ -234,6 +234,11 @@ PP_Resource ResourceCreationImpl::CreateNetworkMonitorPrivate(
   return 0;  // Not supported in-process.
 }
 
+PP_Resource ResourceCreationImpl::CreatePlatformVerificationPrivate(
+    PP_Instance instance) {
+  return 0;  // Not supported in-process.
+}
+
 PP_Resource ResourceCreationImpl::CreateScrollbar(PP_Instance instance,
                                                   PP_Bool vertical) {
   return PPB_Scrollbar_Impl::Create(instance, PP_ToBool(vertical));
diff --git a/content/renderer/pepper/resource_creation_impl.h b/content/renderer/pepper/resource_creation_impl.h
index 76c7d20..1a8ae64 100644
--- a/content/renderer/pepper/resource_creation_impl.h
+++ b/content/renderer/pepper/resource_creation_impl.h
@@ -109,6 +109,8 @@ class ResourceCreationImpl : public ppapi::thunk::ResourceCreationAPI {
       uint32_t modifiers) OVERRIDE;
   virtual PP_Resource CreateNetworkMonitorPrivate(
       PP_Instance instance) OVERRIDE;
+  virtual PP_Resource CreatePlatformVerificationPrivate(
+      PP_Instance instance) OVERRIDE;
   virtual PP_Resource CreateResourceArray(PP_Instance instance,
                                           const PP_Resource elements[],
                                           uint32_t size) OVERRIDE;
diff --git a/ppapi/api/private/ppb_platform_verification_private.idl b/ppapi/api/private/ppb_platform_verification_private.idl
index 68c2f54..86e4d16 100644
--- a/ppapi/api/private/ppb_platform_verification_private.idl
+++ b/ppapi/api/private/ppb_platform_verification_private.idl
@@ -51,11 +51,20 @@ interface PPB_PlatformVerification_Private {
    * Check if the underlying host platform can be challenged; i.e., verified as
    * a trusted platform. Useful for avoiding unnecessary work on platforms
    * which will always fail; i.e. dev mode Chrome OS.
-   *
-   * @return <code>PP_TRUE</code> if a platform challenge might pass and
+
+   * @param[out] can_challenge_platform A <code>PP_Bool</code> which is set to
+   * <code>PP_TRUE</code> if a platform challenge might pass and
    * <code>PP_FALSE</code> if it definitely won't.
+   *
+   * @param[in] callback A <code>PP_CompletionCallback</code> to be called after
+   * the method has been completed. This callback will only run if the return
+   * code is <code>PP_OK_COMPLETIONPENDING</code>.
+   *
+   * @return An int32_t containing an error code from <code>pp_errors.h</code>.
    */
-  PP_Bool CanChallengePlatform([in] PP_Resource instance);
+  int32_t CanChallengePlatform([in] PP_Resource instance,
+                               [out] PP_Bool can_challenge_platform,
+                               [in] PP_CompletionCallback callback);
 
   /**
    * Requests a platform challenge for a given service id.
diff --git a/ppapi/c/private/ppb_platform_verification_private.h b/ppapi/c/private/ppb_platform_verification_private.h
index ed76738..b16d074 100644
--- a/ppapi/c/private/ppb_platform_verification_private.h
+++ b/ppapi/c/private/ppb_platform_verification_private.h
@@ -4,7 +4,7 @@
  */
 
 /* From private/ppb_platform_verification_private.idl,
- *   modified Mon Sep  9 12:54:47 2013.
+ *   modified Thu Sep 12 11:48:28 2013.
  */
 
 #ifndef PPAPI_C_PRIVATE_PPB_PLATFORM_VERIFICATION_PRIVATE_H_
@@ -69,10 +69,19 @@ struct PPB_PlatformVerification_Private_0_1 {
    * a trusted platform. Useful for avoiding unnecessary work on platforms
    * which will always fail; i.e. dev mode Chrome OS.
    *
-   * @return <code>PP_TRUE</code> if a platform challenge might pass and
+   * @param[out] can_challenge_platform A <code>PP_Bool</code> which is set to
+   * <code>PP_TRUE</code> if a platform challenge might pass and
    * <code>PP_FALSE</code> if it definitely won't.
+   *
+   * @param[in] callback A <code>PP_CompletionCallback</code> to be called after
+   * the method has been completed. This callback will only run if the return
+   * code is <code>PP_OK_COMPLETIONPENDING</code>.
+   *
+   * @return An int32_t containing an error code from <code>pp_errors.h</code>.
    */
-  PP_Bool (*CanChallengePlatform)(PP_Resource instance);
+  int32_t (*CanChallengePlatform)(PP_Resource instance,
+                                  PP_Bool* can_challenge_platform,
+                                  struct PP_CompletionCallback callback);
   /**
    * Requests a platform challenge for a given service id.
    *
diff --git a/ppapi/cpp/output_traits.h b/ppapi/cpp/output_traits.h
index 37a8a65..31cdbbe 100644
--- a/ppapi/cpp/output_traits.h
+++ b/ppapi/cpp/output_traits.h
@@ -161,6 +161,29 @@ struct CallbackOutputTraits<Var> {
   }
 };
 
+// A specialization of CallbackOutputTraits for bool output parameters.
+// It passes a PP_Bool* to the browser and converts to a bool when passing
+// to the plugin.
+template<>
+struct CallbackOutputTraits<bool> {
+  // To call the browser, we just pass a PP_Bool* as an output param.
+  typedef PP_Bool* APIArgType;
+  typedef PP_Bool StorageType;
+
+  static inline APIArgType StorageToAPIArg(StorageType& t) {
+    return &t;
+  }
+
+  // Converts the PP_Bool to a bool object.
+  static inline bool StorageToPluginArg(StorageType& t) {
+    return PP_ToBool(t);
+  }
+
+  static inline void Initialize(StorageType* t) {
+    *t = PP_FALSE;
+  }
+};
+
 // Array output parameters -----------------------------------------------------
 
 // Output traits for vectors of all "plain old data" (POD) types. It is
diff --git a/ppapi/cpp/private/platform_verification.cc b/ppapi/cpp/private/platform_verification.cc
new file mode 100644
index 0000000..f908570
--- /dev/null
+++ b/ppapi/cpp/private/platform_verification.cc
@@ -0,0 +1,66 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ppapi/cpp/private/platform_verification.h"
+
+#include "ppapi/c/pp_bool.h"
+#include "ppapi/c/pp_errors.h"
+#include "ppapi/c/private/ppb_platform_verification_private.h"
+#include "ppapi/cpp/instance_handle.h"
+#include "ppapi/cpp/module_impl.h"
+#include "ppapi/cpp/var.h"
+
+namespace pp {
+
+namespace {
+
+template <> const char* interface_name<PPB_PlatformVerification_Private_0_1>() {
+  return PPB_PLATFORMVERIFICATION_PRIVATE_INTERFACE_0_1;
+}
+
+inline bool HasInterface() {
+  return has_interface<PPB_PlatformVerification_Private_0_1>();
+}
+
+inline const PPB_PlatformVerification_Private_0_1* GetInterface() {
+  return get_interface<PPB_PlatformVerification_Private_0_1>();
+}
+
+}  // namespace
+
+PlatformVerification::PlatformVerification(const InstanceHandle& instance) {
+  if (HasInterface())
+    PassRefFromConstructor(GetInterface()->Create(instance.pp_instance()));
+}
+
+PlatformVerification::~PlatformVerification() {}
+
+int32_t PlatformVerification::CanChallengePlatform(
+    const CompletionCallbackWithOutput<bool>& callback) {
+  if (!HasInterface())
+    return callback.MayForce(PP_ERROR_NOINTERFACE);
+
+  return GetInterface()->CanChallengePlatform(
+      pp_resource(), callback.output(), callback.pp_completion_callback());
+}
+
+int32_t PlatformVerification::ChallengePlatform(
+    const Var& service_id,
+    const Var& challenge,
+    Var* signed_data,
+    Var* signed_data_signature,
+    Var* platform_key_certificate,
+    const CompletionCallback& callback) {
+  if (!HasInterface())
+    return callback.MayForce(PP_ERROR_NOINTERFACE);
+
+  return GetInterface()->ChallengePlatform(
+      pp_resource(), service_id.pp_var(), challenge.pp_var(),
+      const_cast<PP_Var*>(&signed_data->pp_var()),
+      const_cast<PP_Var*>(&signed_data_signature->pp_var()),
+      const_cast<PP_Var*>(&platform_key_certificate->pp_var()),
+      callback.pp_completion_callback());
+}
+
+}  // namespace pp
diff --git a/ppapi/cpp/private/platform_verification.h b/ppapi/cpp/private/platform_verification.h
new file mode 100644
index 0000000..7f0f8a1
--- /dev/null
+++ b/ppapi/cpp/private/platform_verification.h
@@ -0,0 +1,33 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef PPAPI_CPP_PRIVATE_PLATFORM_VERIFICATION_H_
+#define PPAPI_CPP_PRIVATE_PLATFORM_VERIFICATION_H_
+
+#include "ppapi/cpp/completion_callback.h"
+#include "ppapi/cpp/resource.h"
+
+namespace pp {
+
+class InstanceHandle;
+class Var;
+
+class PlatformVerification : public Resource {
+ public:
+  explicit PlatformVerification(const InstanceHandle& instance);
+  virtual ~PlatformVerification();
+
+  int32_t CanChallengePlatform(
+      const CompletionCallbackWithOutput<bool>& callback);
+  int32_t ChallengePlatform(const Var& service_id,
+                            const Var& challenge,
+                            Var* signed_data,
+                            Var* signed_data_signature,
+                            Var* platform_key_certificate,
+                            const CompletionCallback& callback);
+};
+
+}  // namespace pp
+
+#endif  // PPAPI_CPP_PRIVATE_PLATFORM_VERIFICATION_H_
diff --git a/ppapi/native_client/src/untrusted/pnacl_irt_shim/pnacl_shim.c b/ppapi/native_client/src/untrusted/pnacl_irt_shim/pnacl_shim.c
index 7b20ec9..783fd7e 100644
--- a/ppapi/native_client/src/untrusted/pnacl_irt_shim/pnacl_shim.c
+++ b/ppapi/native_client/src/untrusted/pnacl_irt_shim/pnacl_shim.c
@@ -3184,9 +3184,9 @@ static PP_Bool Pnacl_M31_PPB_PlatformVerification_Private_IsPlatformVerification
   return iface->IsPlatformVerification(resource);
 }
 
-static PP_Bool Pnacl_M31_PPB_PlatformVerification_Private_CanChallengePlatform(PP_Resource instance) {
+static int32_t Pnacl_M31_PPB_PlatformVerification_Private_CanChallengePlatform(PP_Resource instance, PP_Bool* can_challenge_platform, struct PP_CompletionCallback* callback) {
   const struct PPB_PlatformVerification_Private_0_1 *iface = Pnacl_WrapperInfo_PPB_PlatformVerification_Private_0_1.real_iface;
-  return iface->CanChallengePlatform(instance);
+  return iface->CanChallengePlatform(instance, can_challenge_platform, *callback);
 }
 
 static int32_t Pnacl_M31_PPB_PlatformVerification_Private_ChallengePlatform(PP_Resource instance, struct PP_Var* service_id, struct PP_Var* challenge, struct PP_Var* signed_data, struct PP_Var* signed_data_signature, struct PP_Var* platform_key_certificate, struct PP_CompletionCallback* callback) {
@@ -4884,7 +4884,7 @@ struct PPB_OutputProtection_Private_0_1 Pnacl_Wrappers_PPB_OutputProtection_Priv
 struct PPB_PlatformVerification_Private_0_1 Pnacl_Wrappers_PPB_PlatformVerification_Private_0_1 = {
     .Create = (PP_Resource (*)(PP_Instance instance))&Pnacl_M31_PPB_PlatformVerification_Private_Create,
     .IsPlatformVerification = (PP_Bool (*)(PP_Resource resource))&Pnacl_M31_PPB_PlatformVerification_Private_IsPlatformVerification,
-    .CanChallengePlatform = (PP_Bool (*)(PP_Resource instance))&Pnacl_M31_PPB_PlatformVerification_Private_CanChallengePlatform,
+    .CanChallengePlatform = (int32_t (*)(PP_Resource instance, PP_Bool* can_challenge_platform, struct PP_CompletionCallback callback))&Pnacl_M31_PPB_PlatformVerification_Private_CanChallengePlatform,
     .ChallengePlatform = (int32_t (*)(PP_Resource instance, struct PP_Var service_id, struct PP_Var challenge, struct PP_Var* signed_data, struct PP_Var* signed_data_signature, struct PP_Var* platform_key_certificate, struct PP_CompletionCallback callback))&Pnacl_M31_PPB_PlatformVerification_Private_ChallengePlatform
 };
 
diff --git a/ppapi/ppapi_proxy.gypi b/ppapi/ppapi_proxy.gypi
index d0bbe65..4834418 100644
--- a/ppapi/ppapi_proxy.gypi
+++ b/ppapi/ppapi_proxy.gypi
@@ -90,6 +90,8 @@
           'proxy/network_proxy_resource.h',
           'proxy/pdf_resource.cc',
           'proxy/pdf_resource.h',
+          'proxy/platform_verification_private_resource.cc',
+          'proxy/platform_verification_private_resource.h',
           'proxy/plugin_array_buffer_var.cc',
           'proxy/plugin_array_buffer_var.h',
           'proxy/plugin_dispatcher.cc',
@@ -233,6 +235,8 @@
               'proxy/host_dispatcher.cc',
               'proxy/host_var_serialization_rules.cc',
               'proxy/pdf_resource.cc',
+              'proxy/platform_verification_private_resource.cc',
+              'proxy/platform_verification_private_resource.h',
               'proxy/ppb_broker_proxy.cc',
               'proxy/ppb_buffer_proxy.cc',
               'proxy/ppb_flash_message_loop_proxy.cc',
diff --git a/ppapi/ppapi_shared.gypi b/ppapi/ppapi_shared.gypi
index 8c9b658..33d9b85 100644
--- a/ppapi/ppapi_shared.gypi
+++ b/ppapi/ppapi_shared.gypi
@@ -214,6 +214,8 @@
           'thunk/ppb_network_proxy_thunk.cc',
           'thunk/ppb_pdf_api.h',
           'thunk/ppb_pdf_thunk.cc',
+          'thunk/ppb_platform_verification_api.h',
+          'thunk/ppb_platform_verification_private_thunk.cc',
           'thunk/ppb_printing_api.h',
           'thunk/ppb_printing_dev_thunk.cc',
           'thunk/ppb_resource_array_api.h',
@@ -302,6 +304,7 @@
               'thunk/ppb_flash_message_loop_thunk.cc',
               'thunk/ppb_gles_chromium_texture_mapping_thunk.cc',
               'thunk/ppb_pdf_thunk.cc',
+              'thunk/ppb_platform_verification_private_thunk.cc',
               'thunk/ppb_scrollbar_thunk.cc',
               'thunk/ppb_talk_private_thunk.cc',
               'thunk/ppb_transport_thunk.cc',
diff --git a/ppapi/ppapi_sources.gypi b/ppapi/ppapi_sources.gypi
index a24d247..8149b61 100644
--- a/ppapi/ppapi_sources.gypi
+++ b/ppapi/ppapi_sources.gypi
@@ -115,6 +115,7 @@
       'c/private/ppb_nacl_private.h',
       'c/private/ppb_net_address_private.h',
       'c/private/ppb_pdf.h',
+      'c/private/ppb_platform_verification_private.h',
       'c/private/ppb_proxy_private.h',
       'c/private/ppp_instance_private.h',
       'c/private/ppb_network_list_private.h',
@@ -325,6 +326,8 @@
       'cpp/private/pass_file_handle.h',
       'cpp/private/pdf.cc',
       'cpp/private/pdf.h',
+      'cpp/private/platform_verification.cc',
+      'cpp/private/platform_verification.h',
       'cpp/private/tcp_server_socket_private.cc',
       'cpp/private/tcp_server_socket_private.h',
       'cpp/private/tcp_socket_private.cc',
@@ -535,6 +538,8 @@
       'tests/test_net_address_private.h',
       'tests/test_pdf.cc',
       'tests/test_pdf.h',
+      'tests/test_platform_verification_private.cc',
+      'tests/test_platform_verification_private.h',
       'tests/test_resource_array.cc',
       'tests/test_resource_array.h',
       'tests/test_struct_sizes.c',
diff --git a/ppapi/proxy/interface_list.cc b/ppapi/proxy/interface_list.cc
index 409f12f..b5f561a 100644
--- a/ppapi/proxy/interface_list.cc
+++ b/ppapi/proxy/interface_list.cc
@@ -82,6 +82,7 @@
 #include "ppapi/c/private/ppb_network_list_private.h"
 #include "ppapi/c/private/ppb_network_monitor_private.h"
 #include "ppapi/c/private/ppb_pdf.h"
+#include "ppapi/c/private/ppb_platform_verification_private.h"
 #include "ppapi/c/private/ppb_talk_private.h"
 #include "ppapi/c/private/ppb_tcp_server_socket_private.h"
 #include "ppapi/c/private/ppb_tcp_socket_private.h"
diff --git a/ppapi/proxy/platform_verification_private_resource.cc b/ppapi/proxy/platform_verification_private_resource.cc
new file mode 100644
index 0000000..4da3ca0
--- /dev/null
+++ b/ppapi/proxy/platform_verification_private_resource.cc
@@ -0,0 +1,132 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ppapi/proxy/platform_verification_private_resource.h"
+
+#include "base/bind.h"
+#include "ppapi/c/pp_errors.h"
+#include "ppapi/proxy/dispatch_reply_message.h"
+#include "ppapi/proxy/ppapi_messages.h"
+#include "ppapi/shared_impl/ppapi_globals.h"
+#include "ppapi/shared_impl/tracked_callback.h"
+#include "ppapi/shared_impl/var.h"
+#include "ppapi/shared_impl/var_tracker.h"
+
+namespace ppapi {
+namespace proxy {
+
+PlatformVerificationPrivateResource::PlatformVerificationPrivateResource(
+    Connection connection,
+    PP_Instance instance)
+    : PluginResource(connection, instance) {
+  SendCreate(BROWSER, PpapiHostMsg_PlatformVerification_Create());
+}
+
+PlatformVerificationPrivateResource::~PlatformVerificationPrivateResource() {}
+
+thunk::PPB_PlatformVerification_API*
+PlatformVerificationPrivateResource::AsPPB_PlatformVerification_API() {
+  return this;
+}
+
+int32_t PlatformVerificationPrivateResource::CanChallengePlatform(
+    PP_Bool* can_challenge_platform,
+    const scoped_refptr<TrackedCallback>& callback) {
+  if (!can_challenge_platform)
+    return PP_ERROR_BADARGUMENT;
+
+  Call<PpapiHostMsg_PlatformVerification_CanChallengePlatformReply>(
+      BROWSER, PpapiHostMsg_PlatformVerification_CanChallengePlatform(),
+      base::Bind(
+          &PlatformVerificationPrivateResource::OnCanChallengePlatformReply,
+          base::Unretained(this), can_challenge_platform, callback));
+
+  return PP_OK_COMPLETIONPENDING;
+}
+
+void PlatformVerificationPrivateResource::OnCanChallengePlatformReply(
+    PP_Bool* can_challenge_platform,
+    const scoped_refptr<TrackedCallback>& callback,
+    const ResourceMessageReplyParams& params,
+    bool can_challenge_platform_response) {
+  if (!TrackedCallback::IsPending(callback) ||
+      TrackedCallback::IsScheduledToRun(callback)) {
+    return;
+  }
+
+  *can_challenge_platform = PP_FromBool(can_challenge_platform_response);
+  callback->Run(params.result());
+}
+
+int32_t PlatformVerificationPrivateResource::ChallengePlatform(
+    const PP_Var& service_id,
+    const PP_Var& challenge,
+    PP_Var* signed_data,
+    PP_Var* signed_data_signature,
+    PP_Var* platform_key_certificate,
+    const scoped_refptr<TrackedCallback>& callback) {
+  // Prevent null types for obvious reasons, but also ref-counted types to avoid
+  // leaks on challenge failures (since they're only written to on success).
+  if (!signed_data || !signed_data_signature || !platform_key_certificate ||
+      VarTracker::IsVarTypeRefcounted(signed_data->type) ||
+      VarTracker::IsVarTypeRefcounted(signed_data_signature->type) ||
+      VarTracker::IsVarTypeRefcounted(platform_key_certificate->type)) {
+    return PP_ERROR_BADARGUMENT;
+  }
+
+  StringVar* service_id_str = StringVar::FromPPVar(service_id);
+  if (!service_id_str)
+    return PP_ERROR_BADARGUMENT;
+
+  scoped_refptr<ArrayBufferVar> challenge_buffer =
+      ArrayBufferVar::FromPPVar(challenge);
+  if (!challenge_buffer)
+    return PP_ERROR_BADARGUMENT;
+
+  uint8_t* challenge_data = static_cast<uint8_t*>(challenge_buffer->Map());
+  uint32 challenge_length = challenge_buffer->ByteLength();
+  std::vector<uint8_t> challenge_vector(challenge_data,
+                                        challenge_data + challenge_length);
+  challenge_buffer->Unmap();
+
+  PpapiHostMsg_PlatformVerification_ChallengePlatform challenge_message(
+      service_id_str->value(), challenge_vector);
+
+  ChallengePlatformParams output_params = {
+      signed_data, signed_data_signature, platform_key_certificate, callback };
+
+  Call<PpapiHostMsg_PlatformVerification_ChallengePlatformReply>(
+      BROWSER, challenge_message, base::Bind(
+          &PlatformVerificationPrivateResource::OnChallengePlatformReply,
+          base::Unretained(this), output_params));
+  return PP_OK_COMPLETIONPENDING;
+}
+
+void PlatformVerificationPrivateResource::OnChallengePlatformReply(
+    ChallengePlatformParams output_params,
+    const ResourceMessageReplyParams& params,
+    const std::vector<uint8_t>& raw_signed_data,
+    const std::vector<uint8_t>& raw_signed_data_signature,
+    const std::string& raw_platform_key_certificate) {
+  if (!TrackedCallback::IsPending(output_params.callback) ||
+      TrackedCallback::IsScheduledToRun(output_params.callback)) {
+    return;
+  }
+
+  if (params.result() == PP_OK) {
+    *(output_params.signed_data) =
+        (PpapiGlobals::Get()->GetVarTracker()->MakeArrayBufferVar(
+            raw_signed_data.size(), &raw_signed_data.front()))->GetPPVar();
+    *(output_params.signed_data_signature) =
+        (PpapiGlobals::Get()->GetVarTracker()->MakeArrayBufferVar(
+            raw_signed_data_signature.size(),
+            &raw_signed_data_signature.front()))->GetPPVar();
+    *(output_params.platform_key_certificate) =
+        (new StringVar(raw_platform_key_certificate))->GetPPVar();
+  }
+  output_params.callback->Run(params.result());
+}
+
+}  // namespace proxy
+}  // namespace ppapi
diff --git a/ppapi/proxy/platform_verification_private_resource.h b/ppapi/proxy/platform_verification_private_resource.h
new file mode 100644
index 0000000..ba7d3b1
--- /dev/null
+++ b/ppapi/proxy/platform_verification_private_resource.h
@@ -0,0 +1,66 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef PPAPI_PROXY_PLATFORM_VERIFICATION_PRIVATE_RESOURCE_H_
+#define PPAPI_PROXY_PLATFORM_VERIFICATION_PRIVATE_RESOURCE_H_
+
+#include "ppapi/proxy/plugin_resource.h"
+#include "ppapi/proxy/ppapi_proxy_export.h"
+#include "ppapi/thunk/ppb_platform_verification_api.h"
+
+namespace ppapi {
+namespace proxy {
+
+class PPAPI_PROXY_EXPORT PlatformVerificationPrivateResource
+    : public PluginResource,
+      public thunk::PPB_PlatformVerification_API {
+ public:
+  PlatformVerificationPrivateResource(Connection connection,
+                                      PP_Instance instance);
+
+ private:
+  struct ChallengePlatformParams {
+    PP_Var* signed_data;
+    PP_Var* signed_data_signature;
+    PP_Var* platform_key_certificate;
+    scoped_refptr<TrackedCallback> callback;
+  };
+
+  virtual ~PlatformVerificationPrivateResource();
+
+  // PluginResource overrides.
+  virtual thunk::PPB_PlatformVerification_API*
+      AsPPB_PlatformVerification_API() OVERRIDE;
+
+  // PPB_PlatformVerification_API implementation.
+  virtual int32_t CanChallengePlatform(
+      PP_Bool* can_challenge_platform,
+      const scoped_refptr<TrackedCallback>& callback) OVERRIDE;
+  virtual int32_t ChallengePlatform(
+      const PP_Var& service_id,
+      const PP_Var& challenge,
+      PP_Var* signed_data,
+      PP_Var* signed_data_signature,
+      PP_Var* platform_key_certificate,
+      const scoped_refptr<TrackedCallback>& callback) OVERRIDE;
+
+  void OnCanChallengePlatformReply(
+      PP_Bool* can_challenge_platform,
+      const scoped_refptr<TrackedCallback>& callback,
+      const ResourceMessageReplyParams& params,
+      bool can_challenge_platform_response);
+  void OnChallengePlatformReply(
+      ChallengePlatformParams output_params,
+      const ResourceMessageReplyParams& params,
+      const std::vector<uint8_t>& raw_signed_data,
+      const std::vector<uint8_t>& raw_signed_data_signature,
+      const std::string& raw_platform_key_certificate);
+
+  DISALLOW_COPY_AND_ASSIGN(PlatformVerificationPrivateResource);
+};
+
+}  // namespace proxy
+}  // namespace ppapi
+
+#endif  // PPAPI_PROXY_PLATFORM_VERIFICATION_PRIVATE_RESOURCE_H_
diff --git a/ppapi/proxy/ppapi_messages.h b/ppapi/proxy/ppapi_messages.h
index 9108ea1e..c92d708 100644
--- a/ppapi/proxy/ppapi_messages.h
+++ b/ppapi/proxy/ppapi_messages.h
@@ -1492,6 +1492,20 @@ IPC_MESSAGE_CONTROL2(PpapiPluginMsg_HostResolver_ResolveReply,
                      std::string /* canonical_name */,
                      std::vector<PP_NetAddress_Private> /* net_address_list */)
 
+// Platform Verification -------------------------------------------------------
+IPC_MESSAGE_CONTROL0(PpapiHostMsg_PlatformVerification_Create)
+IPC_MESSAGE_CONTROL0(PpapiHostMsg_PlatformVerification_CanChallengePlatform)
+IPC_MESSAGE_CONTROL1(
+    PpapiHostMsg_PlatformVerification_CanChallengePlatformReply,
+    bool /* can_challenge_platform */)
+IPC_MESSAGE_CONTROL2(PpapiHostMsg_PlatformVerification_ChallengePlatform,
+                     std::string /* service_id  */,
+                     std::vector<uint8_t> /* challenge */)
+IPC_MESSAGE_CONTROL3(PpapiHostMsg_PlatformVerification_ChallengePlatformReply,
+                     std::vector<uint8_t> /* signed_data */,
+                     std::vector<uint8_t> /* signed_data_signature */,
+                     std::string /* platform_key_certificate */)
+
 // Printing.
 IPC_MESSAGE_CONTROL0(PpapiHostMsg_Printing_Create)
 IPC_MESSAGE_CONTROL0(PpapiHostMsg_Printing_GetDefaultPrintSettings)
diff --git a/ppapi/proxy/resource_creation_proxy.cc b/ppapi/proxy/resource_creation_proxy.cc
index a3ce05e..4c1643d 100644
--- a/ppapi/proxy/resource_creation_proxy.cc
+++ b/ppapi/proxy/resource_creation_proxy.cc
@@ -20,6 +20,7 @@
 #include "ppapi/proxy/host_resolver_resource.h"
 #include "ppapi/proxy/net_address_resource.h"
 #include "ppapi/proxy/network_monitor_resource.h"
+#include "ppapi/proxy/platform_verification_private_resource.h"
 #include "ppapi/proxy/plugin_dispatcher.h"
 #include "ppapi/proxy/plugin_globals.h"
 #include "ppapi/proxy/plugin_resource_tracker.h"
@@ -420,6 +421,12 @@ PP_Resource ResourceCreationProxy::CreateFlashMessageLoop(
   return PPB_Flash_MessageLoop_Proxy::CreateProxyResource(instance);
 }
 
+PP_Resource ResourceCreationProxy::CreatePlatformVerificationPrivate(
+    PP_Instance instance) {
+  return (new PlatformVerificationPrivateResource(GetConnection(), instance))->
+      GetReference();
+}
+
 PP_Resource ResourceCreationProxy::CreateScrollbar(PP_Instance instance,
                                                    PP_Bool vertical) {
   NOTIMPLEMENTED();  // Not proxied yet.
diff --git a/ppapi/proxy/resource_creation_proxy.h b/ppapi/proxy/resource_creation_proxy.h
index 1a8bd53..570fc02 100644
--- a/ppapi/proxy/resource_creation_proxy.h
+++ b/ppapi/proxy/resource_creation_proxy.h
@@ -165,6 +165,8 @@ class ResourceCreationProxy : public InterfaceProxy,
   virtual PP_Resource CreateFlashMenu(PP_Instance instance,
                                       const PP_Flash_Menu* menu_data) OVERRIDE;
   virtual PP_Resource CreateFlashMessageLoop(PP_Instance instance) OVERRIDE;
+  virtual PP_Resource CreatePlatformVerificationPrivate(
+      PP_Instance instance) OVERRIDE;
   virtual PP_Resource CreateScrollbar(PP_Instance instance,
                                       PP_Bool vertical) OVERRIDE;
   virtual PP_Resource CreateTalk(PP_Instance instance) OVERRIDE;
diff --git a/ppapi/shared_impl/resource.h b/ppapi/shared_impl/resource.h
index 1790e4d..15ce142 100644
--- a/ppapi/shared_impl/resource.h
+++ b/ppapi/shared_impl/resource.h
@@ -58,6 +58,7 @@
   F(PPB_NetworkMonitor_API) \
   F(PPB_NetworkProxy_API) \
   F(PPB_PDF_API) \
+  F(PPB_PlatformVerification_API) \
   F(PPB_Printing_API) \
   F(PPB_ResourceArray_API) \
   F(PPB_Scrollbar_API) \
diff --git a/ppapi/tests/all_c_includes.h b/ppapi/tests/all_c_includes.h
index 54130c5..4f8a77f 100644
--- a/ppapi/tests/all_c_includes.h
+++ b/ppapi/tests/all_c_includes.h
@@ -118,6 +118,7 @@
 #include "ppapi/c/private/ppb_network_list_private.h"
 #include "ppapi/c/private/ppb_network_monitor_private.h"
 #include "ppapi/c/private/ppb_pdf.h"
+#include "ppapi/c/private/ppb_platform_verification_private.h"
 #include "ppapi/c/private/ppb_proxy_private.h"
 #include "ppapi/c/private/ppb_tcp_socket_private.h"
 #include "ppapi/c/private/ppb_udp_socket_private.h"
diff --git a/ppapi/tests/test_platform_verification_private.cc b/ppapi/tests/test_platform_verification_private.cc
new file mode 100644
index 0000000..f68425a
--- /dev/null
+++ b/ppapi/tests/test_platform_verification_private.cc
@@ -0,0 +1,58 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ppapi/tests/test_platform_verification_private.h"
+
+#include "ppapi/cpp/instance.h"
+#include "ppapi/cpp/module.h"
+#include "ppapi/cpp/private/platform_verification.h"
+#include "ppapi/cpp/var.h"
+#include "ppapi/tests/test_utils.h"
+#include "ppapi/tests/testing_instance.h"
+
+REGISTER_TEST_CASE(PlatformVerificationPrivate);
+
+TestPlatformVerificationPrivate::TestPlatformVerificationPrivate(
+    TestingInstance* instance)
+    : TestCase(instance) {}
+
+void TestPlatformVerificationPrivate::RunTests(const std::string& filter) {
+  RUN_CALLBACK_TEST(
+      TestPlatformVerificationPrivate, CanChallengePlatform, filter);
+  RUN_CALLBACK_TEST(TestPlatformVerificationPrivate, ChallengePlatform, filter);
+}
+
+std::string TestPlatformVerificationPrivate::TestCanChallengePlatform() {
+  TestCompletionCallbackWithOutput<bool> callback(
+      instance_->pp_instance(), callback_type());
+
+  pp::PlatformVerification platform_verification_api(instance_);
+  callback.WaitForResult(platform_verification_api.CanChallengePlatform(
+      callback.GetCallback()));
+  CHECK_CALLBACK_BEHAVIOR(callback);
+
+  // Doesn't work on all platforms, so just ensure the function runs.
+  ASSERT_EQ(callback.result(), PP_OK);
+  PASS();
+}
+
+std::string TestPlatformVerificationPrivate::TestChallengePlatform() {
+  pp::PlatformVerification platform_verification_api(instance_);
+
+  pp::VarArrayBuffer challenge_array(256);
+  uint8_t* var_data = static_cast<uint8_t*>(challenge_array.Map());
+  for (uint32_t i = 0; i < challenge_array.ByteLength(); ++i)
+    var_data[i] = i;
+
+  TestCompletionCallback callback(instance_->pp_instance(), callback_type());
+  std::string service_id_str("fake.service.id");
+  pp::Var signed_data, signed_data_signature, platform_key_certificate;
+  callback.WaitForResult(platform_verification_api.ChallengePlatform(
+      pp::Var(service_id_str), challenge_array, &signed_data,
+      &signed_data_signature, &platform_key_certificate,
+      callback.GetCallback()));
+  CHECK_CALLBACK_BEHAVIOR(callback);
+  ASSERT_EQ(callback.result(), PP_ERROR_FAILED);
+  PASS();
+}
diff --git a/ppapi/tests/test_platform_verification_private.h b/ppapi/tests/test_platform_verification_private.h
new file mode 100644
index 0000000..278f5d9
--- /dev/null
+++ b/ppapi/tests/test_platform_verification_private.h
@@ -0,0 +1,24 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef PAPPI_TESTS_TEST_PLATFORM_VERIFICATION_PRIVATE_H_
+#define PAPPI_TESTS_TEST_PLATFORM_VERIFICATION_PRIVATE_H_
+
+#include <string>
+
+#include "ppapi/tests/test_case.h"
+
+class TestPlatformVerificationPrivate : public TestCase {
+ public:
+  explicit TestPlatformVerificationPrivate(TestingInstance* instance);
+
+  // TestCase implementation.
+  virtual void RunTests(const std::string& filter);
+
+ private:
+  std::string TestCanChallengePlatform();
+  std::string TestChallengePlatform();
+};
+
+#endif  // PAPPI_TESTS_TEST_PLATFORM_VERIFICATION_PRIVATE_H_
diff --git a/ppapi/thunk/interfaces_ppb_private.h b/ppapi/thunk/interfaces_ppb_private.h
index 3e0289c..56caafb 100644
--- a/ppapi/thunk/interfaces_ppb_private.h
+++ b/ppapi/thunk/interfaces_ppb_private.h
@@ -44,7 +44,10 @@ PROXIED_IFACE(PPB_Instance, PPB_FLASHFULLSCREEN_INTERFACE_1_0,
               PPB_FlashFullscreen_0_1)
 PROXIED_IFACE(NoAPIName, PPB_PDF_INTERFACE,
               PPB_PDF)
-
+#if defined(OS_CHROMEOS)
+PROXIED_IFACE(NoAPIName, PPB_PLATFORMVERIFICATION_PRIVATE_INTERFACE_0_1,
+              PPB_PlatformVerification_Private_0_1)
+#endif
 PROXIED_IFACE(NoAPIName, PPB_TALK_PRIVATE_INTERFACE_1_0,
               PPB_Talk_Private_1_0)
 PROXIED_IFACE(NoAPIName, PPB_TALK_PRIVATE_INTERFACE_2_0,
diff --git a/ppapi/thunk/ppb_platform_verification_api.h b/ppapi/thunk/ppb_platform_verification_api.h
new file mode 100644
index 0000000..fc2872b
--- /dev/null
+++ b/ppapi/thunk/ppb_platform_verification_api.h
@@ -0,0 +1,36 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef PPAPI_THUNK_PPB_PLATFORM_VERIFICATION_API_H_
+#define PPAPI_THUNK_PPB_PLATFORM_VERIFICATION_API_H_
+
+#include "base/memory/ref_counted.h"
+#include "ppapi/thunk/ppapi_thunk_export.h"
+
+namespace ppapi {
+
+class TrackedCallback;
+
+namespace thunk {
+
+class PPAPI_THUNK_EXPORT PPB_PlatformVerification_API {
+ public:
+  virtual ~PPB_PlatformVerification_API() {}
+
+  virtual int32_t CanChallengePlatform(
+      PP_Bool* can_challenge_platform,
+      const scoped_refptr<TrackedCallback>& callback) = 0;
+  virtual int32_t ChallengePlatform(
+      const PP_Var& service_id,
+      const PP_Var& challenge,
+      PP_Var* signed_data,
+      PP_Var* signed_data_signature,
+      PP_Var* platform_key_certificate,
+      const scoped_refptr<TrackedCallback>& callback) = 0;
+};
+
+}  // namespace thunk
+}  // namespace ppapi
+
+#endif  // PPAPI_THUNK_PPB_PLATFORM_VERIFICATION_API_H_
diff --git a/ppapi/thunk/ppb_platform_verification_private_thunk.cc b/ppapi/thunk/ppb_platform_verification_private_thunk.cc
index 6ab8346..74cd360 100644
--- a/ppapi/thunk/ppb_platform_verification_private_thunk.cc
+++ b/ppapi/thunk/ppb_platform_verification_private_thunk.cc
@@ -3,7 +3,7 @@
 // found in the LICENSE file.
 
 // From private/ppb_platform_verification_private.idl,
-//   modified Thu Sep  5 17:37:17 2013.
+//   modified Thu Sep 12 11:48:28 2013.
 
 #include "ppapi/c/pp_completion_callback.h"
 #include "ppapi/c/pp_errors.h"
@@ -34,12 +34,16 @@ PP_Bool IsPlatformVerification(PP_Resource resource) {
   return PP_FromBool(enter.succeeded());
 }
 
-PP_Bool CanChallengePlatform(PP_Resource instance) {
+int32_t CanChallengePlatform(PP_Resource instance,
+                             PP_Bool* can_challenge_platform,
+                             struct PP_CompletionCallback callback) {
   VLOG(4) << "PPB_PlatformVerification_Private::CanChallengePlatform()";
-  EnterResource<PPB_PlatformVerification_API> enter(instance, true);
+  EnterResource<PPB_PlatformVerification_API> enter(instance, callback, true);
   if (enter.failed())
-    return PP_FALSE;
-  return enter.object()->CanChallengePlatform();
+    return enter.retval();
+  return enter.SetResult(enter.object()->CanChallengePlatform(
+      can_challenge_platform,
+      enter.callback()));
 }
 
 int32_t ChallengePlatform(PP_Resource instance,
diff --git a/ppapi/thunk/resource_creation_api.h b/ppapi/thunk/resource_creation_api.h
index f6e985a..be81aa6 100644
--- a/ppapi/thunk/resource_creation_api.h
+++ b/ppapi/thunk/resource_creation_api.h
@@ -177,6 +177,8 @@ class ResourceCreationAPI {
   virtual PP_Resource CreateFlashMenu(PP_Instance instance,
                                       const PP_Flash_Menu* menu_data) = 0;
   virtual PP_Resource CreateFlashMessageLoop(PP_Instance instance) = 0;
+  virtual PP_Resource CreatePlatformVerificationPrivate(
+      PP_Instance instance) = 0;
   virtual PP_Resource CreateScrollbar(PP_Instance instance,
                                       PP_Bool vertical) = 0;
   virtual PP_Resource CreateTalk(PP_Instance instance) = 0;
author	dalecurtis@chromium.org <dalecurtis@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-09-17 20:58:27 +0000
committer	dalecurtis@chromium.org <dalecurtis@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-09-17 20:58:27 +0000
commit	b1a9d9a98b9e6aa6dcf6b4bbc6df950198594364 (patch)
tree	b506da54dd7fb640bcc263f3aba9f6089b30e885
parent	3121bdc81fd9647a31e132af7246d97d6ec185c4 (diff)
download	chromium_src-b1a9d9a98b9e6aa6dcf6b4bbc6df950198594364.zip chromium_src-b1a9d9a98b9e6aa6dcf6b4bbc6df950198594364.tar.gz chromium_src-b1a9d9a98b9e6aa6dcf6b4bbc6df950198594364.tar.bz2