Chromium Code Reviews Chromium Code Reviews
Issue 11664005:
Extending the translation from ONC to Shill. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| Index: chromeos/network/onc/onc_certificate_importer.cc |
| diff --git a/chromeos/network/onc/onc_certificate_importer.cc b/chromeos/network/onc/onc_certificate_importer.cc |
| index e1ae94bbbabdbad3433edd3d27160c78eeef98fc..bc63b517c272c11bde0bacfafbf7df8c76b22854 100644 |
| --- a/chromeos/network/onc/onc_certificate_importer.cc |
| +++ b/chromeos/network/onc/onc_certificate_importer.cc |
| @@ -10,6 +10,7 @@ |
| #include "base/base64.h" |
| #include "base/logging.h" |
| +#include "base/string_number_conversions.h" |
| #include "base/values.h" |
| #include "chromeos/network/network_event_log.h" |
| #include "chromeos/network/onc/onc_constants.h" |
| @@ -140,6 +141,53 @@ void CertificateImporter::ListCertsWithNickname(const std::string& label, |
| } |
| } |
| +namespace { |
| + |
| +// Copied from chrome/common/net/x509_certificate_model_nss.cc |
| +#if defined(USE_NSS) |
| +// For background see this discussion on dev-tech-crypto.lists.mozilla.org: |
| +// http://web.archiveorange.com/archive/v/6JJW7E40sypfZGtbkzxX |
| +// |
| +// NOTE: This function relies on the convention that the same PKCS#11 ID |
| +// is shared between a certificate and its associated private and public |
| +// keys. I tried to implement this with PK11_GetLowLevelKeyIDForCert(), |
| +// but that always returns NULL on Chrome OS for me. |
| +std::string GetPkcs11Id(net::X509Certificate::OSCertHandle cert_handle) { |
| + std::string pkcs11_id; |
| + SECKEYPrivateKey *priv_key = PK11_FindKeyByAnyCert(cert_handle, |
| + NULL /* wincx */); |
| + if (priv_key) { |
| + // Get the CKA_ID attribute for a key. |
| + SECItem* sec_item = PK11_GetLowLevelKeyIDForPrivateKey(priv_key); |
| + if (sec_item) { |
| + pkcs11_id = base::HexEncode(sec_item->data, sec_item->len); |
| + SECITEM_FreeItem(sec_item, PR_TRUE); |
| + } |
| + SECKEY_DestroyPrivateKey(priv_key); |
| + } |
| + return pkcs11_id; |
| +} |
| +#else |
| +std::string GetPkcs11Id(net::X509Certificate::OSCertHandle cert_handle) { |
| + // TODO(jamescook): implement me. |
|
Greg Spencer (Chromium)
2012/12/21 18:50:55
Should probably have "NOTIMPLEMENTED()"
stevenjb
2012/12/26 21:37:00
+1
pneubeck (no reviews)
2013/01/08 13:39:44
Done.
pneubeck (no reviews)
2013/01/08 13:39:44
Done.
|
| + return ""; |
| +} |
| +#endif // USE_NSS |
| + |
| +} // namespace |
| + |
| +// static |
| +std::string CertificateImporter::GetPkcs11IdFromCertGuid( |
| + const std::string& guid) { |
| + // We have to look up the GUID to find the PKCS#11 ID that is needed. |
| + net::CertificateList cert_list; |
| + onc::CertificateImporter::ListCertsWithNickname(guid, &cert_list); |
| + DCHECK_EQ(1ul, cert_list.size()); |
| + if (cert_list.size() == 1) |
| + return GetPkcs11Id(cert_list[0]->os_cert_handle()); |
| + return std::string(); |
|
Greg Spencer (Chromium)
2012/12/21 18:50:55
Might want to log an error here if we find more th
pneubeck (no reviews)
2013/01/08 13:39:44
Done.
|
| +} |
| + |
| // static |
| bool CertificateImporter::DeleteCertAndKeyByNickname(const std::string& label) { |
| net::CertificateList cert_list; |
