chromeos/network/onc/onc_certificate_importer.cc - Issue 11664005: Extending the translation from ONC to Shill.

Side by Side Diff: chromeos/network/onc/onc_certificate_importer.cc

Issue 11664005: Extending the translation from ONC to Shill. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master

Patch Set: Initial patch. Created 8 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chromeos/network/onc/onc_certificate_importer.h"	5 #include "chromeos/network/onc/onc_certificate_importer.h"

6	6

7 #include <cert.h>	7 #include <cert.h>

8 #include <keyhi.h>	8 #include <keyhi.h>

9 #include <pk11pub.h>	9 #include <pk11pub.h>

10	10

11 #include "base/base64.h"	11 #include "base/base64.h"

12 #include "base/logging.h"	12 #include "base/logging.h"

	13 #include "base/string_number_conversions.h"

13 #include "base/values.h"	14 #include "base/values.h"

14 #include "chromeos/network/network_event_log.h"	15 #include "chromeos/network/network_event_log.h"

15 #include "chromeos/network/onc/onc_constants.h"	16 #include "chromeos/network/onc/onc_constants.h"

16 #include "net/base/crypto_module.h"	17 #include "net/base/crypto_module.h"

17 #include "net/base/net_errors.h"	18 #include "net/base/net_errors.h"

18 #include "net/base/nss_cert_database.h"	19 #include "net/base/nss_cert_database.h"

19 #include "net/base/pem_tokenizer.h"	20 #include "net/base/pem_tokenizer.h"

20 #include "net/base/x509_certificate.h"	21 #include "net/base/x509_certificate.h"

21	22

22 #define ONC_LOG_WARNING(message) NET_LOG_WARNING("ONC", message)	23 #define ONC_LOG_WARNING(message) NET_LOG_WARNING("ONC", message)

(...skipping 110 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
133 if (private_key) {	134 if (private_key) {

134 char* private_key_nickname = PK11_GetPrivateKeyNickname(private_key);	135 char* private_key_nickname = PK11_GetPrivateKeyNickname(private_key);

135 if (private_key_nickname && std::string(label) == private_key_nickname)	136 if (private_key_nickname && std::string(label) == private_key_nickname)

136 result->push_back(*iter);	137 result->push_back(*iter);

137 PORT_Free(private_key_nickname);	138 PORT_Free(private_key_nickname);

138 SECKEY_DestroyPrivateKey(private_key);	139 SECKEY_DestroyPrivateKey(private_key);

139 }	140 }

140 }	141 }

141 }	142 }

142	143

	144 namespace {

	145

	146 // Copied from chrome/common/net/x509_certificate_model_nss.cc

	147 #if defined(USE_NSS)

	148 // For background see this discussion on dev-tech-crypto.lists.mozilla.org:

	149 // http://web.archiveorange.com/archive/v/6JJW7E40sypfZGtbkzxX

	150 //

	151 // NOTE: This function relies on the convention that the same PKCS#11 ID

	152 // is shared between a certificate and its associated private and public

	153 // keys. I tried to implement this with PK11_GetLowLevelKeyIDForCert(),

	154 // but that always returns NULL on Chrome OS for me.

	155 std::string GetPkcs11Id(net::X509Certificate::OSCertHandle cert_handle) {

	156 std::string pkcs11_id;

	157 SECKEYPrivateKey *priv_key = PK11_FindKeyByAnyCert(cert_handle,

	158 NULL /* wincx */);

	159 if (priv_key) {

	160 // Get the CKA_ID attribute for a key.

	161 SECItem* sec_item = PK11_GetLowLevelKeyIDForPrivateKey(priv_key);

	162 if (sec_item) {

	163 pkcs11_id = base::HexEncode(sec_item->data, sec_item->len);

	164 SECITEM_FreeItem(sec_item, PR_TRUE);

	165 }

	166 SECKEY_DestroyPrivateKey(priv_key);

	167 }

	168 return pkcs11_id;

	169 }

	170 #else

	171 std::string GetPkcs11Id(net::X509Certificate::OSCertHandle cert_handle) {

	172 // TODO(jamescook): implement me.
	Greg Spencer (Chromium) 2012/12/21 18:50:55 Should probably have "NOTIMPLEMENTED()" Should probably have "NOTIMPLEMENTED()" stevenjb 2012/12/26 21:37:00 +1 Show quoted text On 2012/12/21 18:50:55, Greg Spencer (Chromium) wrote: > Should probably have "NOTIMPLEMENTED()" +1 pneubeck (no reviews) 2013/01/08 13:39:44 Done. Show quoted text On 2012/12/26 21:37:00, stevenjb (chromium) wrote: > On 2012/12/21 18:50:55, Greg Spencer (Chromium) wrote: > > Should probably have "NOTIMPLEMENTED()" > +1 Done. pneubeck (no reviews) 2013/01/08 13:39:44 Done. Show quoted text On 2012/12/21 18:50:55, Greg Spencer (Chromium) wrote: > Should probably have "NOTIMPLEMENTED()" Done.
	173 return "";

	174 }

	175 #endif // USE_NSS

	176

	177 } // namespace

	178

	179 // static

	180 std::string CertificateImporter::GetPkcs11IdFromCertGuid(

	181 const std::string& guid) {

	182 // We have to look up the GUID to find the PKCS#11 ID that is needed.

	183 net::CertificateList cert_list;

	184 onc::CertificateImporter::ListCertsWithNickname(guid, &cert_list);

	185 DCHECK_EQ(1ul, cert_list.size());

	186 if (cert_list.size() == 1)

	187 return GetPkcs11Id(cert_list[0]->os_cert_handle());

	188 return std::string();
	Greg Spencer (Chromium) 2012/12/21 18:50:55 Might want to log an error here if we find more th Might want to log an error here if we find more than one cert with that GUID. pneubeck (no reviews) 2013/01/08 13:39:44 Done. Show quoted text On 2012/12/21 18:50:55, Greg Spencer (Chromium) wrote: > Might want to log an error here if we find more than one cert with that GUID. Done.
	189 }

	190

143 // static	191 // static

144 bool CertificateImporter::DeleteCertAndKeyByNickname(const std::string& label) {	192 bool CertificateImporter::DeleteCertAndKeyByNickname(const std::string& label) {

145 net::CertificateList cert_list;	193 net::CertificateList cert_list;

146 ListCertsWithNickname(label, &cert_list);	194 ListCertsWithNickname(label, &cert_list);

147 bool result = true;	195 bool result = true;

148 for (net::CertificateList::iterator iter = cert_list.begin();	196 for (net::CertificateList::iterator iter = cert_list.begin();

149 iter != cert_list.end(); ++iter) {	197 iter != cert_list.end(); ++iter) {

150 // If we fail, we try and delete the rest still.	198 // If we fail, we try and delete the rest still.

151 // TODO(gspencer): this isn't very "transactional". If we fail on some, but	199 // TODO(gspencer): this isn't very "transactional". If we fail on some, but

152 // not all, then it's possible to leave things in a weird state.	200 // not all, then it's possible to leave things in a weird state.

(...skipping 212 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
365 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str()));	413 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str()));

366 SECKEY_DestroyPrivateKey(private_key);	414 SECKEY_DestroyPrivateKey(private_key);

367 } else {	415 } else {

368 ONC_LOG_WARNING("Unable to find private key for certificate.");	416 ONC_LOG_WARNING("Unable to find private key for certificate.");

369 }	417 }

370 return true;	418 return true;

371 }	419 }

372	420

373 } // chromeos	421 } // chromeos

374 } // onc	422 } // onc

OLD	NEW

« chrome/browser/chromeos/net/onc_utils.cc ('K') | « chromeos/network/onc/onc_certificate_importer.h ('k') | chromeos/network/onc/onc_signature.h » ('j') | no next file with comments »