Chromium Code Reviews Chromium Code Reviews
Issue 1128153003:
Reland "Don't use RSAPrivateKey in NSS integration code." (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc |
| diff --git a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc b/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc |
| index a96f0aab78e77370c4e8a1185c3974d22f99774d..83586b5792fc3b22446e9e4120dda17a618dafba 100644 |
| --- a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc |
| +++ b/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc |
| @@ -4,6 +4,8 @@ |
| #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" |
| +#include <keyhi.h> |
| + |
| #include <algorithm> |
| #include <string> |
| @@ -29,9 +31,9 @@ |
| #include "content/public/browser/notification_service.h" |
| #include "content/public/browser/notification_source.h" |
| #include "content/public/common/content_switches.h" |
| +#include "crypto/nss_key_util.h" |
| #include "crypto/nss_util.h" |
| #include "crypto/nss_util_internal.h" |
| -#include "crypto/rsa_private_key.h" |
| #include "crypto/scoped_nss_types.h" |
| #include "crypto/signature_creator.h" |
| @@ -72,19 +74,24 @@ void LoadPrivateKeyByPublicKey( |
| crypto::ScopedPK11Slot private_slot = crypto::GetPrivateSlotForChromeOSUser( |
| username_hash, base::Callback<void(crypto::ScopedPK11Slot)>()); |
| - // If private slot is already available, this will check it. If not, |
| - // we'll get called again later when the TPM Token is ready, and the |
| - // slot will be available then. |
| - scoped_refptr<PrivateKey> private_key( |
| - new PrivateKey(owner_key_util->FindPrivateKeyInSlot(public_key->data(), |
| - private_slot.get()))); |
| - if (!private_key->key()) { |
| - private_key = new PrivateKey(owner_key_util->FindPrivateKeyInSlot( |
| - public_key->data(), public_slot.get())); |
| + crypto::RSAPrivateKey* private_key = nullptr; |
| + if (private_slot) { |
| + // If private slot is already available, this will check it. If not, we'll |
| + // get called again later when the TPM Token is ready, and the slot will be |
| + // available then. |
| + private_key = owner_key_util->FindPrivateKeyInSlot(public_key->data(), |
| + private_slot.get()); |
| + } |
| + if (!private_key && public_slot) { |
| + private_key = owner_key_util->FindPrivateKeyInSlot(public_key->data(), |
| + public_slot.get()); |
|
Ryan Sleevi
2015/05/06 23:46:03
This shouldn't have a private key. I have no clue
Dmitry Polukhin
2015/05/07 10:59:16
The code was added here https://codereview.chromiu
pneubeck (no reviews)
2015/05/07 12:19:16
This was added by Chris Masone here https://codere
davidben
2015/05/07 20:51:44
Unfortunately, I had to switch this back anyway be
|
| } |
| - BrowserThread::PostTask(BrowserThread::UI, |
| - FROM_HERE, |
| - base::Bind(callback, public_key, private_key)); |
| + // Note: Whether or not |private_key| is nullptr, the callback receives a |
| + // PrivateKey wrapper. |
| + BrowserThread::PostTask( |
| + BrowserThread::UI, FROM_HERE, |
| + base::Bind(callback, public_key, |
| + make_scoped_refptr(new PrivateKey(private_key)))); |
| } |
| void LoadPrivateKey( |
| @@ -124,10 +131,9 @@ bool DoesPrivateKeyExistAsyncHelper( |
| std::vector<uint8> public_key; |
| if (!owner_key_util->ImportPublicKey(&public_key)) |
| return false; |
| - scoped_ptr<crypto::RSAPrivateKey> key( |
| - crypto::RSAPrivateKey::FindFromPublicKeyInfo(public_key)); |
| - bool is_owner = key.get() != NULL; |
| - return is_owner; |
| + crypto::ScopedSECKEYPrivateKey key = |
| + crypto::FindNSSKeyFromPublicKeyInfo(public_key); |
| + return key && SECKEY_GetPrivateKeyType(key.get()) == rsaKey; |
| } |
| // Checks whether NSS slots with private key are mounted or |
