net/base/cert_database_nss.cc - Issue 10407072: certificate manager: Disable export option for TPM-backed certs.

Side by Side Diff: net/base/cert_database_nss.cc

Issue 10407072: certificate manager: Disable export option for TPM-backed certs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Fix compile error in cert_database_nss.cc Created 8 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/cert_database.h"	5 #include "net/base/cert_database.h"

6	6

7 #include <cert.h>	7 #include <cert.h>

8 #include <certdb.h>	8 #include <certdb.h>

9 #include <keyhi.h>	9 #include <keyhi.h>

10 #include <pk11pub.h>	10 #include <pk11pub.h>

(...skipping 261 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
272 if (CERT_CompareName(&cert->os_cert_handle()->issuer,	272 if (CERT_CompareName(&cert->os_cert_handle()->issuer,

273 &cert->os_cert_handle()->subject) == SECEqual) {	273 &cert->os_cert_handle()->subject) == SECEqual) {

274 return (nsstrust.sslFlags & kTrusted) == 0 &&	274 return (nsstrust.sslFlags & kTrusted) == 0 &&

275 (nsstrust.emailFlags & kTrusted) == 0 &&	275 (nsstrust.emailFlags & kTrusted) == 0 &&

276 (nsstrust.objectSigningFlags & kTrusted) == 0;	276 (nsstrust.objectSigningFlags & kTrusted) == 0;

277 }	277 }

278	278

279 return false;	279 return false;

280 }	280 }

281	281

	282 bool CertDatabase::IsHardwareBacked(const X509Certificate* cert) const {
	Ryan Sleevi 2012/05/21 22:08:32 I'd prefer this method not be in CertDatabase, bec I'd prefer this method not be in CertDatabase, because CertDatabase is meant to live on the IO thread. IsTPMTokenReady() and GetPrivateModule() are only meant to be called on the UI thread. The fact that this /is/ called on the UI thread doesn't make it any safer. See http://crbug.com/125848 for my general thoughts on this. This also isn't "accurate" for != ChromeOS. The 'correct' function to determine if a slot is hardware backed is to call PK11_IsHW(). However, you're passing an \|X509Certificate\|, so the real 'correct' solution is to figure out where the /key/ lives, not where the /cert/ lives. If the /key/ lives on a /non-exportable/ token, then we shouldn't allow the key to be exported. If this is kept in ChromeOS-only code (outside of the net/ layer), then sure, this approach is 'fine' because CrOS doesn't support smart cards, but if intended to be generic, then it's not really. hshi1* 2012/05/21 22:28:36 Done. Show quoted text On 2012/05/21 22:08:32, Ryan Sleevi wrote: > I'd prefer this method not be in CertDatabase, because CertDatabase is meant to > live on the IO thread. > > IsTPMTokenReady() and GetPrivateModule() are only meant to be called on the UI > thread. > > The fact that this /is/ called on the UI thread doesn't make it any safer. > > See http://crbug.com/125848 for my general thoughts on this. > > This also isn't "accurate" for != ChromeOS. The 'correct' function to determine > if a slot is hardware backed is to call PK11_IsHW(). However, you're passing an > \|X509Certificate*\|, so the real 'correct' solution is to figure out where the > /key/ lives, not where the /cert/ lives. > > If the /key/ lives on a /non-exportable/ token, then we shouldn't allow the key > to be exported. > > If this is kept in ChromeOS-only code (outside of the net/ layer), then sure, > this approach is 'fine' because CrOS doesn't support smart cards, but if > intended to be generic, then it's not really. Done.
	283 #if defined(OS_CHROMEOS)

	284 return crypto::IsTPMTokenReady() &&

	285 cert->os_cert_handle()->slot == GetPrivateModule()->os_module_handle();

	286 #else

	287 return false;

	288 #endif

	289 }

	290

282 bool CertDatabase::SetCertTrust(const X509Certificate* cert,	291 bool CertDatabase::SetCertTrust(const X509Certificate* cert,

283 CertType type,	292 CertType type,

284 TrustBits trust_bits) {	293 TrustBits trust_bits) {

285 bool success = psm::SetCertTrust(cert, type, trust_bits);	294 bool success = psm::SetCertTrust(cert, type, trust_bits);

286 if (success)	295 if (success)

287 CertDatabase::NotifyObserversOfCertTrustChanged(cert);	296 CertDatabase::NotifyObserversOfCertTrustChanged(cert);

288	297

289 return success;	298 return success;

290 }	299 }

291	300

(...skipping 21 matching lines...) Expand all Loading...
313	322

314 return true;	323 return true;

315 }	324 }

316	325

317 bool CertDatabase::IsReadOnly(const X509Certificate* cert) const {	326 bool CertDatabase::IsReadOnly(const X509Certificate* cert) const {

318 PK11SlotInfo* slot = cert->os_cert_handle()->slot;	327 PK11SlotInfo* slot = cert->os_cert_handle()->slot;

319 return slot && PK11_IsReadOnly(slot);	328 return slot && PK11_IsReadOnly(slot);

320 }	329 }

321	330

322 } // namespace net	331 } // namespace net

OLD	NEW

« chrome/browser/ui/webui/options2/certificate_manager_handler2.cc ('K') | « net/base/cert_database.h ('k') | no next file » | no next file with comments »