Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(190)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/options/wifi_config_model.cc

Issue 7046051: CrOS - Fix incorrect user certs showing in enterprise Wi-Fi connect dialog (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 9 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/options/wifi_config_model.h" 5 #include "chrome/browser/chromeos/options/wifi_config_model.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 8
9 #include "base/utf_string_conversions.h" 9 #include "base/utf_string_conversions.h"
10 #include "chrome/browser/browser_process.h" // g_browser_process 10 #include "chrome/browser/browser_process.h" // g_browser_process
11 #include "chrome/common/net/x509_certificate_model.h" 11 #include "chrome/common/net/x509_certificate_model.h"
12 #include "crypto/nss_util.h" // crypto::GetTPMTokenInfo()
12 #include "net/base/cert_database.h" 13 #include "net/base/cert_database.h"
13 #include "net/base/x509_certificate.h" 14 #include "net/base/x509_certificate.h"
14 #include "ui/base/l10n/l10n_util_collator.h" // CompareString16WithCollator 15 #include "ui/base/l10n/l10n_util_collator.h" // CompareString16WithCollator
15 #include "unicode/coll.h" // icu::Collator 16 #include "unicode/coll.h" // icu::Collator
16 17
17 namespace chromeos { 18 namespace chromeos {
18 19
19 namespace { 20 namespace {
20 21
21 typedef scoped_refptr<net::X509Certificate> X509CertificateRefPtr; 22 typedef scoped_refptr<net::X509Certificate> X509CertificateRefPtr;
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
58 } 59 }
59 60
60 WifiConfigModel::~WifiConfigModel() { 61 WifiConfigModel::~WifiConfigModel() {
61 } 62 }
62 63
63 void WifiConfigModel::UpdateCertificates() { 64 void WifiConfigModel::UpdateCertificates() {
64 // CertDatabase and its wrappers do not have random access to certificates, 65 // CertDatabase and its wrappers do not have random access to certificates,
65 // so build filtered lists once. 66 // so build filtered lists once.
66 net::CertificateList cert_list; 67 net::CertificateList cert_list;
67 cert_db_.ListCerts(&cert_list); 68 cert_db_.ListCerts(&cert_list);
69
70 // Need TPM token name to filter user certificates.
71 std::string tpm_token_name;
72 if (crypto::IsTPMTokenReady()) {
73 std::string unused_pin;
74 // TODO(jamescook): Make this asynchronous. It results in a synchronous
75 // D-Bus call to cryptohome.
76 crypto::GetTPMTokenInfo(&tpm_token_name, &unused_pin);
77 } else {
78 LOG(WARNING) << "TPM token not ready";
79 }
80
68 for (net::CertificateList::const_iterator it = cert_list.begin(); 81 for (net::CertificateList::const_iterator it = cert_list.begin();
69 it != cert_list.end(); 82 it != cert_list.end();
70 ++it) { 83 ++it) {
71 net::X509Certificate* cert = it->get(); 84 net::X509Certificate* cert = it->get();
72 net::X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle(); 85 net::X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle();
73 net::CertType type = x509_certificate_model::GetType(cert_handle); 86 net::CertType type = x509_certificate_model::GetType(cert_handle);
74 switch (type) { 87 switch (type) {
75 case net::USER_CERT: 88 case net::USER_CERT: {
76 user_certs_.push_back(*it); 89 // Only include user certs that are in the TPM token (and hence
90 // available via PKCS#11 to flimflam and wpa_supplicant).
91 std::string cert_token_name =
92 x509_certificate_model::GetTokenName(cert_handle);
93 if (cert_token_name == tpm_token_name)
94 user_certs_.push_back(*it);
77 break; 95 break;
96 }
78 case net::CA_CERT: { 97 case net::CA_CERT: {
79 // Exclude root CA certificates that are built into Chrome. 98 // Exclude root CA certificates that are built into Chrome.
80 std::string token_name = 99 std::string token_name =
81 x509_certificate_model::GetTokenName(cert_handle); 100 x509_certificate_model::GetTokenName(cert_handle);
82 if (token_name != kRootCertificateTokenName) 101 if (token_name != kRootCertificateTokenName)
83 server_ca_certs_.push_back(*it); 102 server_ca_certs_.push_back(*it);
84 break; 103 break;
85 } 104 }
86 default: 105 default:
87 // We only care about those two types. 106 // We only care about those two types.
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after
163 net::X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle(); 182 net::X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle();
164 std::string nickname = x509_certificate_model::GetNickname(cert_handle); 183 std::string nickname = x509_certificate_model::GetNickname(cert_handle);
165 if (nickname == nss_nickname) 184 if (nickname == nss_nickname)
166 return i; 185 return i;
167 } 186 }
168 // Not found. 187 // Not found.
169 return -1; 188 return -1;
170 } 189 }
171 190
172 } // namespace chromeos 191 } // namespace chromeos
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698