[ChromeOS] Add a "hardware-backed" suffix to tpm-backed cert.

chrome/browser/certificate_manager_model.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/certificate_manager_model.h"
 
 #include "base/callback_old.h"
 #include "base/i18n/time_formatting.h"
 #include "base/logging.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/ui/crypto_module_password_dialog.h"
 #include "chrome/common/net/x509_certificate_model.h"
 #include "net/base/crypto_module.h"
 #include "net/base/net_errors.h"
 #include "net/base/x509_certificate.h"
 
+#if defined(OS_CHROMEOS)
+#include <pk11pub.h>
+
+#include "crypto/nss_util.h"
+#include "grit/generated_resources.h"
+#include "net/base/x509_certificate.h"
+#include "ui/base/l10n/l10n_util.h"
+#endif
+
 CertificateManagerModel::CertificateManagerModel(Observer* observer)
     : observer_(observer) {
 }
 
 CertificateManagerModel::~CertificateManagerModel() {
 }
 
 void CertificateManagerModel::Refresh() {
   VLOG(1) << "refresh started";
   net::CryptoModuleList modules;
@@ skipping 36 matching lines @@
 }
 
 string16 CertificateManagerModel::GetColumnText(
     const net::X509Certificate& cert,
     Column column) const {
   string16 rv;
   switch (column) {
     case COL_SUBJECT_NAME:
       rv = UTF8ToUTF16(
           x509_certificate_model::GetCertNameOrNickname(cert.os_cert_handle()));
+
+#if defined(OS_CHROMEOS)
+      // TODO(xiyuan): Put this into a column when we have js tree-table.
+      if (crypto::IsTPMTokenReady()) {
+        std::string tpm_token_name;
+        std::string user_pin;
+        crypto::GetTPMTokenInfo(&tpm_token_name, &user_pin);
+
+        PK11SlotInfo* cert_slot = cert.os_cert_handle()->slot;
+        if (cert_slot && PK11_GetTokenName(cert_slot) == tpm_token_name) {

[mattm, 2011/06/04 02:00:32]

If we want to do it by comparing the name, it could use
x509_certificate_model::GetTokenName instead of calling NSS directly here.

Alternatively I think we could do this by comparing the slot handles instead. 
Seems a bit cleaner, but I guess either way is fine.

[xiyuan, 2011/06/06 17:17:17]

This is what I want to hear. I'd like to compare handle but was not sure whether
it is safe to do so. Changed to compare slot handle now.

+          rv = l10n_util::GetStringFUTF16(
+              IDS_CERT_MANAGER_HARDWARE_BACKED_KEY_FORMAT,
+              rv,
+              l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED));
+        }
+      }
+#endif
       break;
     case COL_CERTIFICATE_STORE:
       rv = UTF8ToUTF16(
           x509_certificate_model::GetTokenName(cert.os_cert_handle()));
       break;
     case COL_SERIAL_NUMBER:
       rv = ASCIIToUTF16(
           x509_certificate_model::GetSerialNumberHexified(
               cert.os_cert_handle(), ""));
       break;
@@ skipping 40 matching lines @@
                                            unsigned int trust_bits) {
   return cert_db_.SetCertTrust(cert, type, trust_bits);
 }
 
 bool CertificateManagerModel::Delete(net::X509Certificate* cert) {
   bool result = cert_db_.DeleteCertAndKey(cert);
   if (result)
     Refresh();
   return result;
 }