Test all algorithms in certificateProvider apitest

Extend the chrome.certificateProvider API's apitests to cover all
currently supported algorithms and legacy hashes.

This commit makes sure that regressions in rarely used algorithms are
caught early, and also prepares for the introduction of the RSA-PSS
algorithm support.

Bug: 792204
Change-Id: Icb13cff10738141e4aea9a84df2323fcf5d5e49e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2545386
Commit-Queue: Maksim Ivanov <emaxx@chromium.org>
Reviewed-by: Fabian Sommer <fabiansommer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#828781}

chrome/test/data/extensions/api_test/certificate_provider/basic.js

@@ -16,6 +16,8 @@ const callbackPass = chrome.test.callbackPass;
 // Read from 'l1_leaf.der', generated by create_test_certs.sh .
 let l1LeafCert = null;
 const INVALID_CERT = new Uint8Array([1, 2, 3, 4, 5]);
+let supportedAlgorithms = ['RSASSA_PKCS1_v1_5_SHA1'];
+let supportedLegacyHashes = ['SHA1'];
 
 function getInvalidClientCertificateInfos() {
   const badDer = {
@@ -54,7 +56,7 @@ function registerAsCertificateProvider() {
     assertTrue(Number.isInteger(request.certificatesRequestId));
     const validCert = {
       certificateChain: [l1LeafCert.buffer],
-      supportedAlgorithms: ['RSASSA_PKCS1_v1_5_SHA1']
+      supportedAlgorithms: supportedAlgorithms
     };
     chrome.certificateProvider.setCertificates(
         {
@@ -79,7 +81,7 @@ function registerAsLegacyCertificateProvider() {
   function reportCertificates(reportCallback) {
     const validCertInfo = {
       certificate: l1LeafCert.buffer,
-      supportedHashes: ['SHA1']
+      supportedHashes: supportedLegacyHashes
     };
     reportCallback(
         [validCertInfo, ...getInvalidLegacyCertificateInfos()],
@@ -96,7 +98,7 @@ function registerAsLegacyCertificateProvider() {
 function setCertificates() {
   const validCert = {
     certificateChain: [l1LeafCert.buffer],
-    supportedAlgorithms: ['RSASSA_PKCS1_v1_5_SHA1']
+    supportedAlgorithms: supportedAlgorithms
   };
   chrome.certificateProvider.setCertificates(
       {clientCertificates: [validCert, ...getInvalidClientCertificateInfos()]},
@@ -123,6 +125,7 @@ function unsetCertificates() {
   });
 }
 
+let signatureRequestAlgorithm;
 let signatureRequestData;
 let signatureCallback;
 
@@ -131,13 +134,14 @@ function registerForSignatureRequests() {
       request) {
     assertTrue(Number.isInteger(request.signRequestId));
     assertEq(l1LeafCert.buffer, request.certificate);
-    // The sign request must refer to the only algorithm that was declared to be
+    // The sign request must refer to an algorithm that was declared to be
     // supported.
-    assertEq('RSASSA_PKCS1_v1_5_SHA1', request.algorithm);
+    assertTrue(supportedAlgorithms.includes(request.algorithm));
     signatureCallback = (signature) => {
       chrome.certificateProvider.reportSignature(
           {signRequestId: request.signRequestId, signature: signature});
     };
+    signatureRequestAlgorithm = request.algorithm;
     signatureRequestData = request.input;
     chrome.test.sendMessage('signature request received');
   });
@@ -147,10 +151,10 @@ function registerForLegacySignatureRequests() {
   chrome.certificateProvider.onSignDigestRequested.addListener(function(
       request, callback) {
     assertEq(l1LeafCert.buffer, request.certificate);
-    // The sign request must refer to the only hash that was declared to be
-    // supported.
-    assertEq('SHA1', request.hash);
+    // The sign request must refer to a hash that was declared to be supported.
+    assertTrue(supportedLegacyHashes.includes(request.hash));
     signatureCallback = callback;
+    signatureRequestAlgorithm = request.hash;
     signatureRequestData = request.digest;
     chrome.test.sendMessage('signature request received');
   });