| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/cert_loader.h" | 5 #include "chromeos/network/cert_loader.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/chromeos/chromeos_version.h" | 9 #include "base/chromeos/chromeos_version.h" |
| 10 #include "base/observer_list.h" | 10 #include "base/observer_list.h" |
| 11 #include "base/strings/string_number_conversions.h" |
| 11 #include "base/task_runner_util.h" | 12 #include "base/task_runner_util.h" |
| 12 #include "base/threading/worker_pool.h" | 13 #include "base/threading/worker_pool.h" |
| 13 #include "chromeos/dbus/cryptohome_client.h" | 14 #include "chromeos/dbus/cryptohome_client.h" |
| 14 #include "chromeos/dbus/dbus_thread_manager.h" | 15 #include "chromeos/dbus/dbus_thread_manager.h" |
| 15 #include "crypto/encryptor.h" | 16 #include "crypto/encryptor.h" |
| 16 #include "crypto/nss_util.h" | 17 #include "crypto/nss_util.h" |
| 17 #include "crypto/sha2.h" | 18 #include "crypto/sha2.h" |
| 18 #include "crypto/symmetric_key.h" | 19 #include "crypto/symmetric_key.h" |
| 19 #include "net/cert/nss_cert_database.h" | 20 #include "net/cert/nss_cert_database.h" |
| 20 | 21 |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 112 certificates_requested_ = true; | 113 certificates_requested_ = true; |
| 113 | 114 |
| 114 VLOG(1) << "Requesting Certificates."; | 115 VLOG(1) << "Requesting Certificates."; |
| 115 DBusThreadManager::Get()->GetCryptohomeClient()->TpmIsEnabled( | 116 DBusThreadManager::Get()->GetCryptohomeClient()->TpmIsEnabled( |
| 116 base::Bind(&CertLoader::OnTpmIsEnabled, | 117 base::Bind(&CertLoader::OnTpmIsEnabled, |
| 117 weak_ptr_factory_.GetWeakPtr())); | 118 weak_ptr_factory_.GetWeakPtr())); |
| 118 | 119 |
| 119 return; | 120 return; |
| 120 } | 121 } |
| 121 | 122 |
| 123 // For background see this discussion on dev-tech-crypto.lists.mozilla.org: |
| 124 // http://web.archiveorange.com/archive/v/6JJW7E40sypfZGtbkzxX |
| 125 // |
| 126 // NOTE: This function relies on the convention that the same PKCS#11 ID |
| 127 // is shared between a certificate and its associated private and public |
| 128 // keys. I tried to implement this with PK11_GetLowLevelKeyIDForCert(), |
| 129 // but that always returns NULL on Chrome OS for me. |
| 130 std::string CertLoader::GetPkcs11IdForCert( |
| 131 const net::X509Certificate& cert) const { |
| 132 if (!IsHardwareBacked()) |
| 133 return std::string(); |
| 134 |
| 135 CERTCertificateStr* cert_handle = cert.os_cert_handle(); |
| 136 SECKEYPrivateKey *priv_key = |
| 137 PK11_FindKeyByAnyCert(cert_handle, NULL /* wincx */); |
| 138 if (!priv_key) |
| 139 return std::string(); |
| 140 |
| 141 // Get the CKA_ID attribute for a key. |
| 142 SECItem* sec_item = PK11_GetLowLevelKeyIDForPrivateKey(priv_key); |
| 143 std::string pkcs11_id; |
| 144 if (sec_item) { |
| 145 pkcs11_id = base::HexEncode(sec_item->data, sec_item->len); |
| 146 SECITEM_FreeItem(sec_item, PR_TRUE); |
| 147 } |
| 148 SECKEY_DestroyPrivateKey(priv_key); |
| 149 |
| 150 return pkcs11_id; |
| 151 } |
| 152 |
| 122 void CertLoader::OnTpmIsEnabled(DBusMethodCallStatus call_status, | 153 void CertLoader::OnTpmIsEnabled(DBusMethodCallStatus call_status, |
| 123 bool tpm_is_enabled) { | 154 bool tpm_is_enabled) { |
| 124 VLOG(1) << "OnTpmIsEnabled: " << tpm_is_enabled; | 155 VLOG(1) << "OnTpmIsEnabled: " << tpm_is_enabled; |
| 125 if (call_status != DBUS_METHOD_CALL_SUCCESS || !tpm_is_enabled) { | 156 if (call_status != DBUS_METHOD_CALL_SUCCESS || !tpm_is_enabled) { |
| 126 // TPM is not enabled, so proceed with empty tpm token name. | 157 // TPM is not enabled, so proceed with empty tpm token name. |
| 127 VLOG(1) << "TPM not available."; | 158 VLOG(1) << "TPM not available."; |
| 128 StartLoadCertificates(); | 159 StartLoadCertificates(); |
| 129 } else if (tpm_token_ready_) { | 160 } else if (tpm_token_ready_) { |
| 130 // Once the TPM token is ready, initialize it. | 161 // Once the TPM token is ready, initialize it. |
| 131 InitializeTPMToken(); | 162 InitializeTPMToken(); |
| (...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 251 StartLoadCertificates(); | 282 StartLoadCertificates(); |
| 252 } | 283 } |
| 253 | 284 |
| 254 void CertLoader::LoggedInStateChanged(LoginState::LoggedInState state) { | 285 void CertLoader::LoggedInStateChanged(LoginState::LoggedInState state) { |
| 255 VLOG(1) << "LoggedInStateChanged: " << state; | 286 VLOG(1) << "LoggedInStateChanged: " << state; |
| 256 if (LoginState::Get()->IsUserLoggedIn() && !certificates_requested_) | 287 if (LoginState::Get()->IsUserLoggedIn() && !certificates_requested_) |
| 257 RequestCertificates(); | 288 RequestCertificates(); |
| 258 } | 289 } |
| 259 | 290 |
| 260 } // namespace chromeos | 291 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14566009:
Add NetworkConnectionHandler class (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src