Chromium Code Reviews Chromium Code Reviews
Issue 135193007:
Use user specific NSSDatabase in CertLoader. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/options/cert_library.h" | 5 #include "chrome/browser/chromeos/options/cert_library.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/i18n/string_compare.h" | 10 #include "base/i18n/string_compare.h" |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 29 #include "ui/base/l10n/l10n_util.h" | 29 #include "ui/base/l10n/l10n_util.h" |
| 30 #include "ui/base/l10n/l10n_util_collator.h" | 30 #include "ui/base/l10n/l10n_util_collator.h" |
| 31 | 31 |
| 32 namespace chromeos { | 32 namespace chromeos { |
| 33 | 33 |
| 34 namespace { | 34 namespace { |
| 35 | 35 |
| 36 // Root CA certificates that are built into Chrome use this token name. | 36 // Root CA certificates that are built into Chrome use this token name. |
| 37 const char kRootCertificateTokenName[] = "Builtin Object Token"; | 37 const char kRootCertificateTokenName[] = "Builtin Object Token"; |
| 38 | 38 |
| 39 base::string16 GetDisplayString(net::X509Certificate* cert, bool hardware_backed ) { | 39 base::string16 GetDisplayString(net::X509Certificate* cert, |
| 40 bool hardware_backed) { | |
| 40 std::string org; | 41 std::string org; |
| 41 if (!cert->subject().organization_names.empty()) | 42 if (!cert->subject().organization_names.empty()) |
| 42 org = cert->subject().organization_names[0]; | 43 org = cert->subject().organization_names[0]; |
| 43 if (org.empty()) | 44 if (org.empty()) |
| 44 org = cert->subject().GetDisplayName(); | 45 org = cert->subject().GetDisplayName(); |
| 45 base::string16 issued_by = base::UTF8ToUTF16( | 46 base::string16 issued_by = base::UTF8ToUTF16( |
| 46 x509_certificate_model::GetIssuerCommonName(cert->os_cert_handle(), | 47 x509_certificate_model::GetIssuerCommonName(cert->os_cert_handle(), |
| 47 org)); // alternative text | 48 org)); // alternative text |
| 48 base::string16 issued_to = base::UTF8ToUTF16( | 49 base::string16 issued_to = base::UTF8ToUTF16( |
| 49 x509_certificate_model::GetCertNameOrNickname(cert->os_cert_handle())); | 50 x509_certificate_model::GetCertNameOrNickname(cert->os_cert_handle())); |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 138 | 139 |
| 139 bool CertLibrary::CertificatesLoading() const { | 140 bool CertLibrary::CertificatesLoading() const { |
| 140 return CertLoader::Get()->CertificatesLoading(); | 141 return CertLoader::Get()->CertificatesLoading(); |
| 141 } | 142 } |
| 142 | 143 |
| 143 bool CertLibrary::CertificatesLoaded() const { | 144 bool CertLibrary::CertificatesLoaded() const { |
| 144 return CertLoader::Get()->certificates_loaded(); | 145 return CertLoader::Get()->certificates_loaded(); |
| 145 } | 146 } |
| 146 | 147 |
| 147 bool CertLibrary::IsHardwareBacked() const { | 148 bool CertLibrary::IsHardwareBacked() const { |
| 148 return CertLoader::Get()->IsHardwareBacked(); | 149 return CertLoader::Get()->is_hardware_backed(); |
| 149 } | 150 } |
| 150 | 151 |
| 151 int CertLibrary::NumCertificates(CertType type) const { | 152 int CertLibrary::NumCertificates(CertType type) const { |
| 152 const net::CertificateList& cert_list = GetCertificateListForType(type); | 153 const net::CertificateList& cert_list = GetCertificateListForType(type); |
| 153 return static_cast<int>(cert_list.size()); | 154 return static_cast<int>(cert_list.size()); |
| 154 } | 155 } |
| 155 | 156 |
| 156 base::string16 CertLibrary::GetCertDisplayStringAt(CertType type, | 157 base::string16 CertLibrary::GetCertDisplayStringAt(CertType type, |
| 157 int index) const { | 158 int index) const { |
| 158 net::X509Certificate* cert = GetCertificateAt(type, index); | 159 net::X509Certificate* cert = GetCertificateAt(type, index); |
| 159 bool hardware_backed = IsCertHardwareBackedAt(type, index); | 160 bool hardware_backed = IsCertHardwareBackedAt(type, index); |
| 160 return GetDisplayString(cert, hardware_backed); | 161 return GetDisplayString(cert, hardware_backed); |
| 161 } | 162 } |
| 162 | 163 |
| 163 std::string CertLibrary::GetCertPEMAt(CertType type, int index) const { | 164 std::string CertLibrary::GetCertPEMAt(CertType type, int index) const { |
| 164 return CertToPEM(*GetCertificateAt(type, index)); | 165 return CertToPEM(*GetCertificateAt(type, index)); |
| 165 } | 166 } |
| 166 | 167 |
| 167 std::string CertLibrary::GetCertPkcs11IdAt(CertType type, int index) const { | 168 std::string CertLibrary::GetCertPkcs11IdAt(CertType type, int index) const { |
| 168 net::X509Certificate* cert = GetCertificateAt(type, index); | 169 net::X509Certificate* cert = GetCertificateAt(type, index); |
| 169 return x509_certificate_model::GetPkcs11Id(cert->os_cert_handle()); | 170 return x509_certificate_model::GetPkcs11Id(cert->os_cert_handle()); |
| 170 } | 171 } |
| 171 | 172 |
| 172 bool CertLibrary::IsCertHardwareBackedAt(CertType type, int index) const { | 173 bool CertLibrary::IsCertHardwareBackedAt(CertType type, int index) const { |
| 173 if (!CertLoader::Get()->IsHardwareBacked()) | 174 if (!CertLoader::Get()->is_hardware_backed()) |
| 174 return false; | 175 return false; |
| 175 net::X509Certificate* cert = GetCertificateAt(type, index); | 176 net::X509Certificate* cert = GetCertificateAt(type, index); |
| 176 std::string cert_token_name = | 177 return CertLoader::Get()->IsCertificateInPrivateSlot(*cert); |
|
mattm
2014/01/23 01:45:55
You could replace both is_hardware_backed and IsCe
tbarzic
2014/01/23 04:45:28
Done.
| |
| 177 x509_certificate_model::GetTokenName(cert->os_cert_handle()); | |
| 178 return cert_token_name == | |
| 179 CertLoader::Get()->tpm_token_name(); | |
| 180 } | 178 } |
| 181 | 179 |
| 182 int CertLibrary::GetCertIndexByPEM(CertType type, | 180 int CertLibrary::GetCertIndexByPEM(CertType type, |
| 183 const std::string& pem_encoded) const { | 181 const std::string& pem_encoded) const { |
| 184 int num_certs = NumCertificates(type); | 182 int num_certs = NumCertificates(type); |
| 185 for (int index = 0; index < num_certs; ++index) { | 183 for (int index = 0; index < num_certs; ++index) { |
| 186 net::X509Certificate* cert = GetCertificateAt(type, index); | 184 net::X509Certificate* cert = GetCertificateAt(type, index); |
| 187 if (CertToPEM(*cert) != pem_encoded) | 185 if (CertToPEM(*cert) != pem_encoded) |
| 188 continue; | 186 continue; |
| 189 return index; | 187 return index; |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 276 return user_certs_; | 274 return user_certs_; |
| 277 if (type == CERT_TYPE_SERVER) | 275 if (type == CERT_TYPE_SERVER) |
| 278 return server_certs_; | 276 return server_certs_; |
| 279 if (type == CERT_TYPE_SERVER_CA) | 277 if (type == CERT_TYPE_SERVER_CA) |
| 280 return server_ca_certs_; | 278 return server_ca_certs_; |
| 281 DCHECK(type == CERT_TYPE_DEFAULT); | 279 DCHECK(type == CERT_TYPE_DEFAULT); |
| 282 return certs_; | 280 return certs_; |
| 283 } | 281 } |
| 284 | 282 |
| 285 } // namespace chromeos | 283 } // namespace chromeos |
| OLD | NEW |
