| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/cros/cert_library.h" | 5 #include "chrome/browser/chromeos/cros/cert_library.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/i18n/string_compare.h" | 10 #include "base/i18n/string_compare.h" |
| 11 #include "base/memory/weak_ptr.h" | 11 #include "base/memory/weak_ptr.h" |
| 12 #include "base/observer_list_threadsafe.h" | 12 #include "base/observer_list_threadsafe.h" |
| 13 #include "base/strings/string_number_conversions.h" | 13 #include "base/strings/string_number_conversions.h" |
| 14 #include "base/strings/string_util.h" | 14 #include "base/strings/string_util.h" |
| 15 #include "base/strings/utf_string_conversions.h" | 15 #include "base/strings/utf_string_conversions.h" |
| 16 #include "chrome/browser/browser_process.h" // g_browser_process | 16 #include "chrome/browser/browser_process.h" // g_browser_process |
| 17 #include "chrome/common/chrome_switches.h" | 17 #include "chrome/common/chrome_switches.h" |
| 18 #include "chrome/common/net/x509_certificate_model.h" | 18 #include "chrome/common/net/x509_certificate_model.h" |
| 19 #include "chromeos/dbus/cryptohome_client.h" | 19 #include "chromeos/dbus/cryptohome_client.h" |
| 20 #include "chromeos/dbus/dbus_thread_manager.h" | 20 #include "chromeos/dbus/dbus_thread_manager.h" |
| 21 #include "chromeos/login/login_state.h" | 21 #include "chromeos/login/login_state.h" |
| 22 #include "chromeos/network/onc/onc_utils.h" |
| 22 #include "content/public/browser/browser_thread.h" | 23 #include "content/public/browser/browser_thread.h" |
| 23 #include "crypto/nss_util.h" | 24 #include "crypto/nss_util.h" |
| 24 #include "grit/generated_resources.h" | 25 #include "grit/generated_resources.h" |
| 25 #include "net/cert/cert_database.h" | 26 #include "net/cert/cert_database.h" |
| 26 #include "net/cert/nss_cert_database.h" | 27 #include "net/cert/nss_cert_database.h" |
| 27 #include "third_party/icu/public/i18n/unicode/coll.h" // icu::Collator | 28 #include "third_party/icu/public/i18n/unicode/coll.h" // icu::Collator |
| 28 #include "ui/base/l10n/l10n_util.h" | 29 #include "ui/base/l10n/l10n_util.h" |
| 29 #include "ui/base/l10n/l10n_util_collator.h" | 30 #include "ui/base/l10n/l10n_util_collator.h" |
| 30 | 31 |
| 31 namespace chromeos { | 32 namespace chromeos { |
| (...skipping 22 matching lines...) Expand all Loading... |
| 54 issued_to, | 55 issued_to, |
| 55 l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED)); | 56 l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED)); |
| 56 } else { | 57 } else { |
| 57 return l10n_util::GetStringFUTF16( | 58 return l10n_util::GetStringFUTF16( |
| 58 IDS_CERT_MANAGER_KEY_FORMAT_LONG, | 59 IDS_CERT_MANAGER_KEY_FORMAT_LONG, |
| 59 issued_by, | 60 issued_by, |
| 60 issued_to); | 61 issued_to); |
| 61 } | 62 } |
| 62 } | 63 } |
| 63 | 64 |
| 65 std::string CertToPEM(const net::X509Certificate& cert) { |
| 66 std::string pem_encoded_cert; |
| 67 if (!net::X509Certificate::GetPEMEncoded(cert.os_cert_handle(), |
| 68 &pem_encoded_cert)) { |
| 69 LOG(ERROR) << "Couldn't PEM-encode certificate"; |
| 70 return std::string(); |
| 71 } |
| 72 return pem_encoded_cert; |
| 73 } |
| 74 |
| 64 } // namespace | 75 } // namespace |
| 65 | 76 |
| 66 class CertNameComparator { | 77 class CertNameComparator { |
| 67 public: | 78 public: |
| 68 explicit CertNameComparator(icu::Collator* collator) | 79 explicit CertNameComparator(icu::Collator* collator) |
| 69 : collator_(collator) { | 80 : collator_(collator) { |
| 70 } | 81 } |
| 71 | 82 |
| 72 bool operator()(const scoped_refptr<net::X509Certificate>& lhs, | 83 bool operator()(const scoped_refptr<net::X509Certificate>& lhs, |
| 73 const scoped_refptr<net::X509Certificate>& rhs) const { | 84 const scoped_refptr<net::X509Certificate>& rhs) const { |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 141 const net::CertificateList& cert_list = GetCertificateListForType(type); | 152 const net::CertificateList& cert_list = GetCertificateListForType(type); |
| 142 return static_cast<int>(cert_list.size()); | 153 return static_cast<int>(cert_list.size()); |
| 143 } | 154 } |
| 144 | 155 |
| 145 string16 CertLibrary::GetCertDisplayStringAt(CertType type, int index) const { | 156 string16 CertLibrary::GetCertDisplayStringAt(CertType type, int index) const { |
| 146 net::X509Certificate* cert = GetCertificateAt(type, index); | 157 net::X509Certificate* cert = GetCertificateAt(type, index); |
| 147 bool hardware_backed = IsCertHardwareBackedAt(type, index); | 158 bool hardware_backed = IsCertHardwareBackedAt(type, index); |
| 148 return GetDisplayString(cert, hardware_backed); | 159 return GetDisplayString(cert, hardware_backed); |
| 149 } | 160 } |
| 150 | 161 |
| 151 std::string CertLibrary::GetCertNicknameAt(CertType type, int index) const { | 162 std::string CertLibrary::GetCertPEMAt(CertType type, int index) const { |
| 152 net::X509Certificate* cert = GetCertificateAt(type, index); | 163 return CertToPEM(*GetCertificateAt(type, index)); |
| 153 return x509_certificate_model::GetNickname(cert->os_cert_handle()); | |
| 154 } | 164 } |
| 155 | 165 |
| 156 std::string CertLibrary::GetCertPkcs11IdAt(CertType type, int index) const { | 166 std::string CertLibrary::GetCertPkcs11IdAt(CertType type, int index) const { |
| 157 net::X509Certificate* cert = GetCertificateAt(type, index); | 167 net::X509Certificate* cert = GetCertificateAt(type, index); |
| 158 return x509_certificate_model::GetPkcs11Id(cert->os_cert_handle()); | 168 return x509_certificate_model::GetPkcs11Id(cert->os_cert_handle()); |
| 159 } | 169 } |
| 160 | 170 |
| 161 bool CertLibrary::IsCertHardwareBackedAt(CertType type, int index) const { | 171 bool CertLibrary::IsCertHardwareBackedAt(CertType type, int index) const { |
| 162 if (!NetworkHandler::Get()->cert_loader()->IsHardwareBacked()) | 172 if (!NetworkHandler::Get()->cert_loader()->IsHardwareBacked()) |
| 163 return false; | 173 return false; |
| 164 net::X509Certificate* cert = GetCertificateAt(type, index); | 174 net::X509Certificate* cert = GetCertificateAt(type, index); |
| 165 std::string cert_token_name = | 175 std::string cert_token_name = |
| 166 x509_certificate_model::GetTokenName(cert->os_cert_handle()); | 176 x509_certificate_model::GetTokenName(cert->os_cert_handle()); |
| 167 return cert_token_name == | 177 return cert_token_name == |
| 168 NetworkHandler::Get()->cert_loader()->tpm_token_name(); | 178 NetworkHandler::Get()->cert_loader()->tpm_token_name(); |
| 169 } | 179 } |
| 170 | 180 |
| 171 int CertLibrary::GetCertIndexByNickname(CertType type, | 181 int CertLibrary::GetCertIndexByPEM(CertType type, |
| 172 const std::string& nickname) const { | 182 const std::string& pem_encoded) const { |
| 173 int num_certs = NumCertificates(type); | 183 int num_certs = NumCertificates(type); |
| 174 for (int index = 0; index < num_certs; ++index) { | 184 for (int index = 0; index < num_certs; ++index) { |
| 175 net::X509Certificate* cert = GetCertificateAt(type, index); | 185 net::X509Certificate* cert = GetCertificateAt(type, index); |
| 176 net::X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle(); | 186 if (CertToPEM(*cert) != pem_encoded) |
| 177 std::string nick = x509_certificate_model::GetNickname(cert_handle); | 187 continue; |
| 178 if (nick == nickname) | 188 return index; |
| 179 return index; | |
| 180 } | 189 } |
| 181 return -1; // Not found. | 190 return -1; |
| 182 } | 191 } |
| 183 | 192 |
| 184 int CertLibrary::GetCertIndexByPkcs11Id(CertType type, | 193 int CertLibrary::GetCertIndexByPkcs11Id(CertType type, |
| 185 const std::string& pkcs11_id) const { | 194 const std::string& pkcs11_id) const { |
| 186 int num_certs = NumCertificates(type); | 195 int num_certs = NumCertificates(type); |
| 187 for (int index = 0; index < num_certs; ++index) { | 196 for (int index = 0; index < num_certs; ++index) { |
| 188 net::X509Certificate* cert = GetCertificateAt(type, index); | 197 net::X509Certificate* cert = GetCertificateAt(type, index); |
| 189 net::X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle(); | 198 net::X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle(); |
| 190 std::string id = x509_certificate_model::GetPkcs11Id(cert_handle); | 199 std::string id = x509_certificate_model::GetPkcs11Id(cert_handle); |
| 191 if (id == pkcs11_id) | 200 if (id == pkcs11_id) |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 265 if (type == CERT_TYPE_USER) | 274 if (type == CERT_TYPE_USER) |
| 266 return user_certs_; | 275 return user_certs_; |
| 267 if (type == CERT_TYPE_SERVER) | 276 if (type == CERT_TYPE_SERVER) |
| 268 return server_certs_; | 277 return server_certs_; |
| 269 if (type == CERT_TYPE_SERVER_CA) | 278 if (type == CERT_TYPE_SERVER_CA) |
| 270 return server_ca_certs_; | 279 return server_ca_certs_; |
| 271 DCHECK(type == CERT_TYPE_DEFAULT); | 280 DCHECK(type == CERT_TYPE_DEFAULT); |
| 272 return certs_; | 281 return certs_; |
| 273 } | 282 } |
| 274 | 283 |
| 275 } // chromeos | 284 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 16946002:
Resolve certificate references in ONC by PEM. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src