OLD | NEW |
1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 /** | 5 /** |
6 * Check the validity of the policy extension manifest. | 6 * Check the validity of the policy extension manifest. |
7 * | 7 * |
8 * This function is invoked by entd before the policy is loaded in order to | 8 * This function is invoked by entd before the policy is loaded in order to |
9 * check the validity of the extension manifest. If this function returns | 9 * check the validity of the extension manifest. If this function returns |
10 * false, entd exits and does not restart until the next user logs in. | 10 * false, entd exits and does not restart until the next user logs in. |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
95 throw new Error('Unable to determine current username'); | 95 throw new Error('Unable to determine current username'); |
96 | 96 |
97 var ary = entd.username.match(/([^@]+)@(.*)/); | 97 var ary = entd.username.match(/([^@]+)@(.*)/); |
98 this.setVariable('userEmail', entd.username); | 98 this.setVariable('userEmail', entd.username); |
99 this.setVariable('userName', ary[1]); | 99 this.setVariable('userName', ary[1]); |
100 this.setVariable('userDomain', ary[2]); | 100 this.setVariable('userDomain', ary[2]); |
101 | 101 |
102 this.callbacks = new Policy.Callbacks(this); | 102 this.callbacks = new Policy.Callbacks(this); |
103 } | 103 } |
104 | 104 |
105 // Store keys and certificates in the TPM | |
106 Policy.USE_TPM = true; | |
107 | |
108 // Well known user PIN for the TPM | 105 // Well known user PIN for the TPM |
109 Policy.PKCS11_USER_PIN = '111111'; | 106 Policy.PKCS11_USER_PIN = '111111'; |
110 | 107 |
111 /** | 108 /** |
112 * Set a variable for this policy. | 109 * Set a variable for this policy. |
113 * | 110 * |
114 * Variables can be referenced in various parts of the policy and | 111 * Variables can be referenced in various parts of the policy and |
115 * certificate configuration. This function is used to assign a value to | 112 * certificate configuration. This function is used to assign a value to |
116 * a variable. | 113 * a variable. |
117 * | 114 * |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
235 | 232 |
236 if ('variables' in params) { | 233 if ('variables' in params) { |
237 for (var key in params.variables) | 234 for (var key in params.variables) |
238 this.setVariable(key, params.variables[key]); | 235 this.setVariable(key, params.variables[key]); |
239 } | 236 } |
240 | 237 |
241 this.userVariables = params.userVariables || null; | 238 this.userVariables = params.userVariables || null; |
242 | 239 |
243 this.status = this.isInstalled() ? 'Installed' : 'Not Installed'; | 240 this.status = this.isInstalled() ? 'Installed' : 'Not Installed'; |
244 | 241 |
245 if (this.isInstalled() && typeof this.onInstall == "function") { | 242 if (this.isInstalled()) |
246 try { | 243 this.onInstall_(/* firstInstall: */ false); |
247 this.onInstall(/* firstInstall: */ false); | |
248 } catch (ex) { | |
249 this.error('Exception re-running post-install callback: ' + ex); | |
250 } | |
251 } | |
252 }; | 244 }; |
253 | 245 |
254 /** | 246 /** |
255 * Get a variable for this certificate definition. | 247 * Get a variable for this certificate definition. |
256 * | 248 * |
257 * Variables can be referenced in various parts of the policy and | 249 * Variables can be referenced in various parts of the policy and |
258 * certificate configuration. This function is used to retrieve the value of | 250 * certificate configuration. This function is used to retrieve the value of |
259 * a variable. | 251 * a variable. |
260 * | 252 * |
261 * @param {string} name The name of the variable. | 253 * @param {string} name The name of the variable. |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
326 this.status = type + ': ' + str; | 318 this.status = type + ': ' + str; |
327 return this.status; | 319 return this.status; |
328 }; | 320 }; |
329 | 321 |
330 Policy.Certificate.prototype.findSlotByLabel = | 322 Policy.Certificate.prototype.findSlotByLabel = |
331 function findSlotByLabel(label) { | 323 function findSlotByLabel(label) { |
332 return entd.pkcs11.slots[label] || null; | 324 return entd.pkcs11.slots[label] || null; |
333 } | 325 } |
334 | 326 |
335 /** | 327 /** |
| 328 * Finalize certificate installation and invoke any user specific onInstall |
| 329 * function. |
| 330 * |
| 331 * @param {boolean} firstInstall True if this is the first time the certificate |
| 332 * has been installed. False if the certificate was already there when we |
| 333 * started. |
| 334 */ |
| 335 Policy.Certificate.prototype.onInstall_ = |
| 336 function onInstall(firstInstall) { |
| 337 this.path = 'SETTINGS:key_id=' + this.key_identifier + |
| 338 ',cert_id=' + this.key_identifier + |
| 339 ',pin=' + Policy.PKCS11_USER_PIN; |
| 340 |
| 341 this.info('Certificate installed to: ' + this.path); |
| 342 |
| 343 if (typeof this.onInstall == 'function') { |
| 344 try { |
| 345 this.onInstall(firstOnstall); |
| 346 } catch (ex) { |
| 347 this.error('Exception running post-install callback: ' + ex); |
| 348 } |
| 349 } |
| 350 }; |
| 351 |
| 352 /** |
336 * Determine if this certificate definition has been successfully installed. | 353 * Determine if this certificate definition has been successfully installed. |
337 * | 354 * |
338 * @return {boolean} A boolean indicating whether or not this certificate | 355 * @return {boolean} A boolean indicating whether or not this certificate |
339 * definition has been successfully installed in the PKCS#11 device. | 356 * definition has been successfully installed in the PKCS#11 device. |
340 */ | 357 */ |
341 Policy.Certificate.prototype.isInstalled = | 358 Policy.Certificate.prototype.isInstalled = |
342 function isInstalled() { | 359 function isInstalled() { |
343 var slot = this.findSlotByLabel(this.label); | 360 var slot = this.findSlotByLabel(this.label); |
344 return (slot && ('certificate' in slot)); | 361 return (slot && ('certificate' in slot)); |
345 }; | 362 }; |
(...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
491 | 508 |
492 // ...and store it in the TPM. | 509 // ...and store it in the TPM. |
493 var slot = this.findSlotByLabel(this.label); | 510 var slot = this.findSlotByLabel(this.label); |
494 if (!slot) { | 511 if (!slot) { |
495 this.error("Can't add certificate: missing slot object"); | 512 this.error("Can't add certificate: missing slot object"); |
496 return; | 513 return; |
497 } | 514 } |
498 | 515 |
499 slot.addCertificate(cert); | 516 slot.addCertificate(cert); |
500 | 517 |
501 if (Policy.USE_TPM) { | 518 this.onInstall_(/* firstInstall: */ true); |
502 this.path = "SETTINGS:" | |
503 + "key_id=" + this.key_identifier | |
504 + ",cert_id=" + this.key_identifier | |
505 + ",pin=" + Policy.PKCS11_USER_PIN; | |
506 } else { | |
507 this.path = "/home/chronos/user/Downloads/" + this.label + ".pem"; | |
508 // Note: This requires entd to be run with --allow-write-to-file | |
509 writeToFile(cert.toString(), this.path); | |
510 } | |
511 this.info('Certificate installed to: ' + this.path); | |
512 | |
513 if (typeof request.certificate.onInstall == "function") { | |
514 try { | |
515 request.certificate.onInstall(/* firstInstall: */ true); | |
516 } catch (ex) { | |
517 this.error('Exception running post-install callback: ' + ex); | |
518 } | |
519 } | |
520 }; | 519 }; |
521 | 520 |
522 | 521 |
523 /** | 522 /** |
524 * Policy.Callbacks constructor. | 523 * Policy.Callbacks constructor. |
525 * | 524 * |
526 * Policy callbacks contain the functions that can be invoked through the | 525 * Policy callbacks contain the functions that can be invoked through the |
527 * callback server. Each function can take a single parameter which can | 526 * callback server. Each function can take a single parameter which can |
528 * be any primitive JavaScript value (Object, Array, number, or string), | 527 * be any primitive JavaScript value (Object, Array, number, or string), |
529 * or any combination of primitive JavaScript values. | 528 * or any combination of primitive JavaScript values. |
(...skipping 405 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
935 return str; | 934 return str; |
936 } | 935 } |
937 | 936 |
938 /** | 937 /** |
939 * Detect a raw string. | 938 * Detect a raw string. |
940 */ | 939 */ |
941 util.isRawString = | 940 util.isRawString = |
942 function isRawString(str) { | 941 function isRawString(str) { |
943 return str instanceof String && str.isRaw_ == true; | 942 return str instanceof String && str.isRaw_ == true; |
944 } | 943 } |
OLD | NEW |