Chromium Code Reviews Chromium Code Reviews
Issue 135193007:
Use user specific NSSDatabase in CertLoader. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chromeos/network/network_connection_handler.cc |
| diff --git a/chromeos/network/network_connection_handler.cc b/chromeos/network/network_connection_handler.cc |
| index 5450338022eb83b13781cfb63ef671e28adeac44..8715a02d7c3ce20cc8e096e2cb1513aae3c849b9 100644 |
| --- a/chromeos/network/network_connection_handler.cc |
| +++ b/chromeos/network/network_connection_handler.cc |
| @@ -22,6 +22,7 @@ |
| #include "chromeos/network/network_state_handler.h" |
| #include "chromeos/network/network_ui_data.h" |
| #include "chromeos/network/shill_property_util.h" |
| +#include "chromeos/tpm_token_loader.h" |
| #include "dbus/object_path.h" |
| #include "net/cert/x509_certificate.h" |
| #include "third_party/cros_system_api/dbus/service_constants.h" |
| @@ -191,9 +192,14 @@ void NetworkConnectionHandler::OnCertificatesLoaded( |
| if (queued_connect_) { |
| NET_LOG_EVENT("Connecting to Queued Network", |
| queued_connect_->service_path); |
| - ConnectToNetwork(queued_connect_->service_path, |
| - queued_connect_->success_callback, |
| - queued_connect_->error_callback, |
| + // Make a copy of |queued_connect_| parameters, because |queued_connect_| |
| + // will get reset at the beginning of |ConnectToNetwork|. |
|
stevenjb
2014/01/23 18:17:42
Ugh. Subtle. Good catch, thanks.
|
| + std::string service_path = queued_connect_->service_path; |
| + base::Closure success_callback = queued_connect_->success_callback; |
| + network_handler::ErrorCallback error_callback = |
| + queued_connect_->error_callback; |
| + |
| + ConnectToNetwork(service_path, success_callback, error_callback, |
| false /* check_error_state */); |
| } else if (initial_load) { |
| // Once certificates have loaded, connect to the "best" available network. |
| @@ -424,9 +430,10 @@ void NetworkConnectionHandler::VerifyConfiguredAndConnect( |
| return; |
| } |
| - pkcs11_id = CertificateIsConfigured(ui_data.get()); |
| + pkcs11_id = CertificateIsConfigured(ui_data.get(), |
| + cert_loader_->cert_list()); |
| // Ensure the certificate is available and configured. |
| - if (!cert_loader_->IsHardwareBacked() || pkcs11_id.empty()) { |
| + if (!cert_loader_->is_hardware_backed() || pkcs11_id.empty()) { |
| ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired); |
| return; |
| } |
| @@ -440,13 +447,16 @@ void NetworkConnectionHandler::VerifyConfiguredAndConnect( |
| // The network may not be 'Connectable' because the TPM properties are not |
| // set up, so configure tpm slot/pin before connecting. |
| - if (cert_loader_ && cert_loader_->IsHardwareBacked()) { |
| + if (cert_loader_ && cert_loader_->is_hardware_backed()) { |
| + std::string tpm_user_pin; |
| + if (TPMTokenLoader::IsInitialized()) |
|
stevenjb
2014/01/23 18:17:42
Again, can a cert be hardware backed and TPMTokenL
tbarzic
2014/01/23 19:18:37
Done.
|
| + tpm_user_pin = TPMTokenLoader::Get()->tpm_user_pin(); |
| // Pass NULL if pkcs11_id is empty, so that it doesn't clear any |
| // previously configured client cert. |
| client_cert::SetShillProperties( |
| client_cert_type, |
| base::IntToString(cert_loader_->tpm_token_slot_id()), |
| - cert_loader_->tpm_user_pin(), |
| + tpm_user_pin, |
| pkcs11_id.empty() ? NULL : &pkcs11_id, |
| &config_properties); |
| } |
| @@ -621,12 +631,14 @@ void NetworkConnectionHandler::CheckAllPendingRequests() { |
| } |
| std::string NetworkConnectionHandler::CertificateIsConfigured( |
| - NetworkUIData* ui_data) { |
| + NetworkUIData* ui_data, |
| + const net::CertificateList& cert_list) { |
| if (ui_data->certificate_pattern().Empty()) |
| return std::string(); |
| // Find the matching certificate. |
| scoped_refptr<net::X509Certificate> matching_cert = |
| - client_cert::GetCertificateMatch(ui_data->certificate_pattern()); |
| + client_cert::GetCertificateMatch(ui_data->certificate_pattern(), |
| + cert_list); |
| if (!matching_cert.get()) |
| return std::string(); |
| return CertLoader::GetPkcs11IdForCert(*matching_cert.get()); |
