Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/onc/onc_certificate_importer.h" | 5 #include "chromeos/network/onc/onc_certificate_importer.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <keyhi.h> | 8 #include <keyhi.h> |
| 9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
| 10 | 10 |
| 11 #include "base/base64.h" | 11 #include "base/base64.h" |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/string_number_conversions.h" | |
| 13 #include "base/values.h" | 14 #include "base/values.h" |
| 14 #include "chromeos/network/network_event_log.h" | 15 #include "chromeos/network/network_event_log.h" |
| 15 #include "chromeos/network/onc/onc_constants.h" | 16 #include "chromeos/network/onc/onc_constants.h" |
| 16 #include "net/base/crypto_module.h" | 17 #include "net/base/crypto_module.h" |
| 17 #include "net/base/net_errors.h" | 18 #include "net/base/net_errors.h" |
| 18 #include "net/base/nss_cert_database.h" | 19 #include "net/base/nss_cert_database.h" |
| 19 #include "net/base/pem_tokenizer.h" | 20 #include "net/base/pem_tokenizer.h" |
| 20 #include "net/base/x509_certificate.h" | 21 #include "net/base/x509_certificate.h" |
| 21 | 22 |
| 22 #define ONC_LOG_WARNING(message) NET_LOG_WARNING("ONC", message) | 23 #define ONC_LOG_WARNING(message) NET_LOG_WARNING("ONC", message) |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 133 if (private_key) { | 134 if (private_key) { |
| 134 char* private_key_nickname = PK11_GetPrivateKeyNickname(private_key); | 135 char* private_key_nickname = PK11_GetPrivateKeyNickname(private_key); |
| 135 if (private_key_nickname && std::string(label) == private_key_nickname) | 136 if (private_key_nickname && std::string(label) == private_key_nickname) |
| 136 result->push_back(*iter); | 137 result->push_back(*iter); |
| 137 PORT_Free(private_key_nickname); | 138 PORT_Free(private_key_nickname); |
| 138 SECKEY_DestroyPrivateKey(private_key); | 139 SECKEY_DestroyPrivateKey(private_key); |
| 139 } | 140 } |
| 140 } | 141 } |
| 141 } | 142 } |
| 142 | 143 |
| 144 namespace { | |
| 145 | |
| 146 // Copied from chrome/common/net/x509_certificate_model_nss.cc | |
| 147 #if defined(USE_NSS) | |
| 148 // For background see this discussion on dev-tech-crypto.lists.mozilla.org: | |
| 149 // http://web.archiveorange.com/archive/v/6JJW7E40sypfZGtbkzxX | |
| 150 // | |
| 151 // NOTE: This function relies on the convention that the same PKCS#11 ID | |
| 152 // is shared between a certificate and its associated private and public | |
| 153 // keys. I tried to implement this with PK11_GetLowLevelKeyIDForCert(), | |
| 154 // but that always returns NULL on Chrome OS for me. | |
| 155 std::string GetPkcs11Id(net::X509Certificate::OSCertHandle cert_handle) { | |
| 156 std::string pkcs11_id; | |
| 157 SECKEYPrivateKey *priv_key = PK11_FindKeyByAnyCert(cert_handle, | |
| 158 NULL /* wincx */); | |
| 159 if (priv_key) { | |
| 160 // Get the CKA_ID attribute for a key. | |
| 161 SECItem* sec_item = PK11_GetLowLevelKeyIDForPrivateKey(priv_key); | |
| 162 if (sec_item) { | |
| 163 pkcs11_id = base::HexEncode(sec_item->data, sec_item->len); | |
| 164 SECITEM_FreeItem(sec_item, PR_TRUE); | |
| 165 } | |
| 166 SECKEY_DestroyPrivateKey(priv_key); | |
| 167 } | |
| 168 return pkcs11_id; | |
| 169 } | |
| 170 #else | |
| 171 std::string GetPkcs11Id(net::X509Certificate::OSCertHandle cert_handle) { | |
| 172 // TODO(jamescook): implement me. | |
|
Greg Spencer (Chromium)
2012/12/21 18:50:55
Should probably have "NOTIMPLEMENTED()"
stevenjb
2012/12/26 21:37:00
+1
pneubeck (no reviews)
2013/01/08 13:39:44
Done.
pneubeck (no reviews)
2013/01/08 13:39:44
Done.
| |
| 173 return ""; | |
| 174 } | |
| 175 #endif // USE_NSS | |
| 176 | |
| 177 } // namespace | |
| 178 | |
| 179 // static | |
| 180 std::string CertificateImporter::GetPkcs11IdFromCertGuid( | |
| 181 const std::string& guid) { | |
| 182 // We have to look up the GUID to find the PKCS#11 ID that is needed. | |
| 183 net::CertificateList cert_list; | |
| 184 onc::CertificateImporter::ListCertsWithNickname(guid, &cert_list); | |
| 185 DCHECK_EQ(1ul, cert_list.size()); | |
| 186 if (cert_list.size() == 1) | |
| 187 return GetPkcs11Id(cert_list[0]->os_cert_handle()); | |
| 188 return std::string(); | |
|
Greg Spencer (Chromium)
2012/12/21 18:50:55
Might want to log an error here if we find more th
pneubeck (no reviews)
2013/01/08 13:39:44
Done.
| |
| 189 } | |
| 190 | |
| 143 // static | 191 // static |
| 144 bool CertificateImporter::DeleteCertAndKeyByNickname(const std::string& label) { | 192 bool CertificateImporter::DeleteCertAndKeyByNickname(const std::string& label) { |
| 145 net::CertificateList cert_list; | 193 net::CertificateList cert_list; |
| 146 ListCertsWithNickname(label, &cert_list); | 194 ListCertsWithNickname(label, &cert_list); |
| 147 bool result = true; | 195 bool result = true; |
| 148 for (net::CertificateList::iterator iter = cert_list.begin(); | 196 for (net::CertificateList::iterator iter = cert_list.begin(); |
| 149 iter != cert_list.end(); ++iter) { | 197 iter != cert_list.end(); ++iter) { |
| 150 // If we fail, we try and delete the rest still. | 198 // If we fail, we try and delete the rest still. |
| 151 // TODO(gspencer): this isn't very "transactional". If we fail on some, but | 199 // TODO(gspencer): this isn't very "transactional". If we fail on some, but |
| 152 // not all, then it's possible to leave things in a weird state. | 200 // not all, then it's possible to leave things in a weird state. |
| (...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 365 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); | 413 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); |
| 366 SECKEY_DestroyPrivateKey(private_key); | 414 SECKEY_DestroyPrivateKey(private_key); |
| 367 } else { | 415 } else { |
| 368 ONC_LOG_WARNING("Unable to find private key for certificate."); | 416 ONC_LOG_WARNING("Unable to find private key for certificate."); |
| 369 } | 417 } |
| 370 return true; | 418 return true; |
| 371 } | 419 } |
| 372 | 420 |
| 373 } // chromeos | 421 } // chromeos |
| 374 } // onc | 422 } // onc |
| OLD | NEW |