Chromium Code Reviews Chromium Code Reviews
Issue 135193007:
Use user specific NSSDatabase in CertLoader. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/client_cert_resolver.h" | 5 #include "chromeos/network/client_cert_resolver.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certt.h> // for (SECCertUsageEnum) certUsageAnyCA | 8 #include <certt.h> // for (SECCertUsageEnum) certUsageAnyCA |
| 9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
| 10 | 10 |
| 11 #include <algorithm> | 11 #include <algorithm> |
| 12 #include <string> | 12 #include <string> |
| 13 | 13 |
| 14 #include "base/bind.h" | 14 #include "base/bind.h" |
| 15 #include "base/location.h" | 15 #include "base/location.h" |
| 16 #include "base/stl_util.h" | 16 #include "base/stl_util.h" |
| 17 #include "base/strings/string_number_conversions.h" | 17 #include "base/strings/string_number_conversions.h" |
| 18 #include "base/task_runner.h" | 18 #include "base/task_runner.h" |
| 19 #include "base/threading/worker_pool.h" | 19 #include "base/threading/worker_pool.h" |
| 20 #include "base/time/time.h" | 20 #include "base/time/time.h" |
| 21 #include "chromeos/cert_loader.h" | 21 #include "chromeos/cert_loader.h" |
| 22 #include "chromeos/dbus/dbus_thread_manager.h" | 22 #include "chromeos/dbus/dbus_thread_manager.h" |
| 23 #include "chromeos/dbus/shill_service_client.h" | 23 #include "chromeos/dbus/shill_service_client.h" |
| 24 #include "chromeos/network/certificate_pattern.h" | 24 #include "chromeos/network/certificate_pattern.h" |
| 25 #include "chromeos/network/client_cert_util.h" | 25 #include "chromeos/network/client_cert_util.h" |
| 26 #include "chromeos/network/favorite_state.h" | 26 #include "chromeos/network/favorite_state.h" |
| 27 #include "chromeos/network/managed_network_configuration_handler.h" | 27 #include "chromeos/network/managed_network_configuration_handler.h" |
| 28 #include "chromeos/network/network_state_handler.h" | 28 #include "chromeos/network/network_state_handler.h" |
| 29 #include "chromeos/network/network_ui_data.h" | 29 #include "chromeos/network/network_ui_data.h" |
| 30 #include "chromeos/tpm_token_loader.h" | |
| 30 #include "components/onc/onc_constants.h" | 31 #include "components/onc/onc_constants.h" |
| 31 #include "dbus/object_path.h" | 32 #include "dbus/object_path.h" |
| 32 #include "net/cert/x509_certificate.h" | 33 #include "net/cert/x509_certificate.h" |
| 33 | 34 |
| 34 namespace chromeos { | 35 namespace chromeos { |
| 35 | 36 |
| 36 // Describes a network |network_path| for which a matching certificate |cert_id| | 37 // Describes a network |network_path| for which a matching certificate |cert_id| |
| 37 // was found. | 38 // was found. |
| 38 struct ClientCertResolver::NetworkAndMatchingCert { | 39 struct ClientCertResolver::NetworkAndMatchingCert { |
| 39 NetworkAndMatchingCert(const std::string& network_path, | 40 NetworkAndMatchingCert(const std::string& network_path, |
| (...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 247 network_handler::ErrorCallback(), | 248 network_handler::ErrorCallback(), |
| 248 dbus_error_name, | 249 dbus_error_name, |
| 249 dbus_error_message); | 250 dbus_error_message); |
| 250 } | 251 } |
| 251 | 252 |
| 252 bool ClientCertificatesLoaded() { | 253 bool ClientCertificatesLoaded() { |
| 253 if (!CertLoader::Get()->certificates_loaded()) { | 254 if (!CertLoader::Get()->certificates_loaded()) { |
| 254 VLOG(1) << "Certificates not loaded yet."; | 255 VLOG(1) << "Certificates not loaded yet."; |
| 255 return false; | 256 return false; |
| 256 } | 257 } |
| 257 if (!CertLoader::Get()->IsHardwareBacked()) { | 258 if (!CertLoader::Get()->is_hardware_backed()) { |
| 258 VLOG(1) << "TPM is not available."; | 259 VLOG(1) << "TPM is not available."; |
| 259 return false; | 260 return false; |
| 260 } | 261 } |
| 261 return true; | 262 return true; |
| 262 } | 263 } |
| 263 | 264 |
| 264 } // namespace | 265 } // namespace |
| 265 | 266 |
| 266 ClientCertResolver::ClientCertResolver() | 267 ClientCertResolver::ClientCertResolver() |
| 267 : network_state_handler_(NULL), | 268 : network_state_handler_(NULL), |
| (...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 426 base::Bind(&ClientCertResolver::ConfigureCertificates, | 427 base::Bind(&ClientCertResolver::ConfigureCertificates, |
| 427 weak_ptr_factory_.GetWeakPtr(), | 428 weak_ptr_factory_.GetWeakPtr(), |
| 428 base::Owned(matches))); | 429 base::Owned(matches))); |
| 429 } | 430 } |
| 430 | 431 |
| 431 void ClientCertResolver::ConfigureCertificates(NetworkCertMatches* matches) { | 432 void ClientCertResolver::ConfigureCertificates(NetworkCertMatches* matches) { |
| 432 for (NetworkCertMatches::const_iterator it = matches->begin(); | 433 for (NetworkCertMatches::const_iterator it = matches->begin(); |
| 433 it != matches->end(); ++it) { | 434 it != matches->end(); ++it) { |
| 434 VLOG(1) << "Configuring certificate of network " << it->service_path; | 435 VLOG(1) << "Configuring certificate of network " << it->service_path; |
| 435 CertLoader* cert_loader = CertLoader::Get(); | 436 CertLoader* cert_loader = CertLoader::Get(); |
| 437 std::string tpm_user_pin; | |
| 438 if (TPMTokenLoader::IsInitialized()) | |
|
stevenjb
2014/01/23 18:17:42
This should always be true, shouldn't it? CertLoad
tbarzic
2014/01/23 19:18:37
It could have happened in tests (but started using
| |
| 439 tpm_user_pin = TPMTokenLoader::Get()->tpm_user_pin(); | |
| 440 | |
| 436 base::DictionaryValue shill_properties; | 441 base::DictionaryValue shill_properties; |
| 437 client_cert::SetShillProperties( | 442 client_cert::SetShillProperties( |
| 438 it->cert_config_type, | 443 it->cert_config_type, |
| 439 base::IntToString(cert_loader->tpm_token_slot_id()), | 444 base::IntToString(cert_loader->tpm_token_slot_id()), |
| 440 cert_loader->tpm_user_pin(), | 445 tpm_user_pin, |
| 441 &it->pkcs11_id, | 446 &it->pkcs11_id, |
| 442 &shill_properties); | 447 &shill_properties); |
| 443 DBusThreadManager::Get()->GetShillServiceClient()-> | 448 DBusThreadManager::Get()->GetShillServiceClient()-> |
| 444 SetProperties(dbus::ObjectPath(it->service_path), | 449 SetProperties(dbus::ObjectPath(it->service_path), |
| 445 shill_properties, | 450 shill_properties, |
| 446 base::Bind(&base::DoNothing), | 451 base::Bind(&base::DoNothing), |
| 447 base::Bind(&LogError, it->service_path)); | 452 base::Bind(&LogError, it->service_path)); |
| 448 network_state_handler_->RequestUpdateForNetwork(it->service_path); | 453 network_state_handler_->RequestUpdateForNetwork(it->service_path); |
| 449 } | 454 } |
| 450 } | 455 } |
| 451 | 456 |
| 452 } // namespace chromeos | 457 } // namespace chromeos |
| OLD | NEW |
