| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 /** | 5 /** |
| 6 * Check the validity of the policy extension manifest. | 6 * Check the validity of the policy extension manifest. |
| 7 * | 7 * |
| 8 * This function is invoked by entd before the policy is loaded in order to | 8 * This function is invoked by entd before the policy is loaded in order to |
| 9 * check the validity of the extension manifest. If this function returns | 9 * check the validity of the extension manifest. If this function returns |
| 10 * false, entd exits and does not restart until the next user logs in. | 10 * false, entd exits and does not restart until the next user logs in. |
| (...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 95 throw new Error('Unable to determine current username'); | 95 throw new Error('Unable to determine current username'); |
| 96 | 96 |
| 97 var ary = entd.username.match(/([^@]+)@(.*)/); | 97 var ary = entd.username.match(/([^@]+)@(.*)/); |
| 98 this.setVariable('userEmail', entd.username); | 98 this.setVariable('userEmail', entd.username); |
| 99 this.setVariable('userName', ary[1]); | 99 this.setVariable('userName', ary[1]); |
| 100 this.setVariable('userDomain', ary[2]); | 100 this.setVariable('userDomain', ary[2]); |
| 101 | 101 |
| 102 this.callbacks = new Policy.Callbacks(this); | 102 this.callbacks = new Policy.Callbacks(this); |
| 103 } | 103 } |
| 104 | 104 |
| 105 // Store keys and certificates in the TPM | |
| 106 Policy.USE_TPM = true; | |
| 107 | |
| 108 // Well known user PIN for the TPM | 105 // Well known user PIN for the TPM |
| 109 Policy.PKCS11_USER_PIN = '111111'; | 106 Policy.PKCS11_USER_PIN = '111111'; |
| 110 | 107 |
| 111 /** | 108 /** |
| 112 * Set a variable for this policy. | 109 * Set a variable for this policy. |
| 113 * | 110 * |
| 114 * Variables can be referenced in various parts of the policy and | 111 * Variables can be referenced in various parts of the policy and |
| 115 * certificate configuration. This function is used to assign a value to | 112 * certificate configuration. This function is used to assign a value to |
| 116 * a variable. | 113 * a variable. |
| 117 * | 114 * |
| (...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 235 | 232 |
| 236 if ('variables' in params) { | 233 if ('variables' in params) { |
| 237 for (var key in params.variables) | 234 for (var key in params.variables) |
| 238 this.setVariable(key, params.variables[key]); | 235 this.setVariable(key, params.variables[key]); |
| 239 } | 236 } |
| 240 | 237 |
| 241 this.userVariables = params.userVariables || null; | 238 this.userVariables = params.userVariables || null; |
| 242 | 239 |
| 243 this.status = this.isInstalled() ? 'Installed' : 'Not Installed'; | 240 this.status = this.isInstalled() ? 'Installed' : 'Not Installed'; |
| 244 | 241 |
| 245 if (this.isInstalled() && typeof this.onInstall == "function") { | 242 if (this.isInstalled()) |
| 246 try { | 243 this.onInstall_(/* firstInstall: */ false); |
| 247 this.onInstall(/* firstInstall: */ false); | |
| 248 } catch (ex) { | |
| 249 this.error('Exception re-running post-install callback: ' + ex); | |
| 250 } | |
| 251 } | |
| 252 }; | 244 }; |
| 253 | 245 |
| 254 /** | 246 /** |
| 255 * Get a variable for this certificate definition. | 247 * Get a variable for this certificate definition. |
| 256 * | 248 * |
| 257 * Variables can be referenced in various parts of the policy and | 249 * Variables can be referenced in various parts of the policy and |
| 258 * certificate configuration. This function is used to retrieve the value of | 250 * certificate configuration. This function is used to retrieve the value of |
| 259 * a variable. | 251 * a variable. |
| 260 * | 252 * |
| 261 * @param {string} name The name of the variable. | 253 * @param {string} name The name of the variable. |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 326 this.status = type + ': ' + str; | 318 this.status = type + ': ' + str; |
| 327 return this.status; | 319 return this.status; |
| 328 }; | 320 }; |
| 329 | 321 |
| 330 Policy.Certificate.prototype.findSlotByLabel = | 322 Policy.Certificate.prototype.findSlotByLabel = |
| 331 function findSlotByLabel(label) { | 323 function findSlotByLabel(label) { |
| 332 return entd.pkcs11.slots[label] || null; | 324 return entd.pkcs11.slots[label] || null; |
| 333 } | 325 } |
| 334 | 326 |
| 335 /** | 327 /** |
| 328 * Finalize certificate installation and invoke any user specific onInstall |
| 329 * function. |
| 330 * |
| 331 * @param {boolean} firstInstall True if this is the first time the certificate |
| 332 * has been installed. False if the certificate was already there when we |
| 333 * started. |
| 334 */ |
| 335 Policy.Certificate.prototype.onInstall_ = |
| 336 function onInstall(firstInstall) { |
| 337 this.path = 'SETTINGS:key_id=' + this.key_identifier + |
| 338 ',cert_id=' + this.key_identifier + |
| 339 ',pin=' + Policy.PKCS11_USER_PIN; |
| 340 |
| 341 this.info('Certificate installed to: ' + this.path); |
| 342 |
| 343 if (typeof this.onInstall == 'function') { |
| 344 try { |
| 345 this.onInstall(firstOnstall); |
| 346 } catch (ex) { |
| 347 this.error('Exception running post-install callback: ' + ex); |
| 348 } |
| 349 } |
| 350 }; |
| 351 |
| 352 /** |
| 336 * Determine if this certificate definition has been successfully installed. | 353 * Determine if this certificate definition has been successfully installed. |
| 337 * | 354 * |
| 338 * @return {boolean} A boolean indicating whether or not this certificate | 355 * @return {boolean} A boolean indicating whether or not this certificate |
| 339 * definition has been successfully installed in the PKCS#11 device. | 356 * definition has been successfully installed in the PKCS#11 device. |
| 340 */ | 357 */ |
| 341 Policy.Certificate.prototype.isInstalled = | 358 Policy.Certificate.prototype.isInstalled = |
| 342 function isInstalled() { | 359 function isInstalled() { |
| 343 var slot = this.findSlotByLabel(this.label); | 360 var slot = this.findSlotByLabel(this.label); |
| 344 return (slot && ('certificate' in slot)); | 361 return (slot && ('certificate' in slot)); |
| 345 }; | 362 }; |
| (...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 491 | 508 |
| 492 // ...and store it in the TPM. | 509 // ...and store it in the TPM. |
| 493 var slot = this.findSlotByLabel(this.label); | 510 var slot = this.findSlotByLabel(this.label); |
| 494 if (!slot) { | 511 if (!slot) { |
| 495 this.error("Can't add certificate: missing slot object"); | 512 this.error("Can't add certificate: missing slot object"); |
| 496 return; | 513 return; |
| 497 } | 514 } |
| 498 | 515 |
| 499 slot.addCertificate(cert); | 516 slot.addCertificate(cert); |
| 500 | 517 |
| 501 if (Policy.USE_TPM) { | 518 this.onInstall_(/* firstInstall: */ true); |
| 502 this.path = "SETTINGS:" | |
| 503 + "key_id=" + this.key_identifier | |
| 504 + ",cert_id=" + this.key_identifier | |
| 505 + ",pin=" + Policy.PKCS11_USER_PIN; | |
| 506 } else { | |
| 507 this.path = "/home/chronos/user/Downloads/" + this.label + ".pem"; | |
| 508 // Note: This requires entd to be run with --allow-write-to-file | |
| 509 writeToFile(cert.toString(), this.path); | |
| 510 } | |
| 511 this.info('Certificate installed to: ' + this.path); | |
| 512 | |
| 513 if (typeof request.certificate.onInstall == "function") { | |
| 514 try { | |
| 515 request.certificate.onInstall(/* firstInstall: */ true); | |
| 516 } catch (ex) { | |
| 517 this.error('Exception running post-install callback: ' + ex); | |
| 518 } | |
| 519 } | |
| 520 }; | 519 }; |
| 521 | 520 |
| 522 | 521 |
| 523 /** | 522 /** |
| 524 * Policy.Callbacks constructor. | 523 * Policy.Callbacks constructor. |
| 525 * | 524 * |
| 526 * Policy callbacks contain the functions that can be invoked through the | 525 * Policy callbacks contain the functions that can be invoked through the |
| 527 * callback server. Each function can take a single parameter which can | 526 * callback server. Each function can take a single parameter which can |
| 528 * be any primitive JavaScript value (Object, Array, number, or string), | 527 * be any primitive JavaScript value (Object, Array, number, or string), |
| 529 * or any combination of primitive JavaScript values. | 528 * or any combination of primitive JavaScript values. |
| (...skipping 405 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 935 return str; | 934 return str; |
| 936 } | 935 } |
| 937 | 936 |
| 938 /** | 937 /** |
| 939 * Detect a raw string. | 938 * Detect a raw string. |
| 940 */ | 939 */ |
| 941 util.isRawString = | 940 util.isRawString = |
| 942 function isRawString(str) { | 941 function isRawString(str) { |
| 943 return str instanceof String && str.isRaw_ == true; | 942 return str instanceof String && str.isRaw_ == true; |
| 944 } | 943 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2694001:
policy-utils.js: reset cert.path in onInstall after a restart (Closed)
Base URL: ssh://git@chromiumos-git//entd.git