Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(79)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/cros/cert_library.cc

Issue 16946002: Resolve certificate references in ONC by PEM. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Added a unit test for the resolve function. Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/chromeos/cros/cert_library.h ('k') | chrome/browser/chromeos/cros/native_network_parser.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/cros/cert_library.h" 5 #include "chrome/browser/chromeos/cros/cert_library.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 8
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/i18n/string_compare.h" 10 #include "base/i18n/string_compare.h"
11 #include "base/memory/weak_ptr.h" 11 #include "base/memory/weak_ptr.h"
12 #include "base/observer_list_threadsafe.h" 12 #include "base/observer_list_threadsafe.h"
13 #include "base/strings/string_number_conversions.h" 13 #include "base/strings/string_number_conversions.h"
14 #include "base/strings/string_util.h" 14 #include "base/strings/string_util.h"
15 #include "base/strings/utf_string_conversions.h" 15 #include "base/strings/utf_string_conversions.h"
16 #include "chrome/browser/browser_process.h" // g_browser_process 16 #include "chrome/browser/browser_process.h" // g_browser_process
17 #include "chrome/common/chrome_switches.h" 17 #include "chrome/common/chrome_switches.h"
18 #include "chrome/common/net/x509_certificate_model.h" 18 #include "chrome/common/net/x509_certificate_model.h"
19 #include "chromeos/dbus/cryptohome_client.h" 19 #include "chromeos/dbus/cryptohome_client.h"
20 #include "chromeos/dbus/dbus_thread_manager.h" 20 #include "chromeos/dbus/dbus_thread_manager.h"
21 #include "chromeos/login/login_state.h" 21 #include "chromeos/login/login_state.h"
22 #include "chromeos/network/onc/onc_utils.h"
22 #include "content/public/browser/browser_thread.h" 23 #include "content/public/browser/browser_thread.h"
23 #include "crypto/nss_util.h" 24 #include "crypto/nss_util.h"
24 #include "grit/generated_resources.h" 25 #include "grit/generated_resources.h"
25 #include "net/cert/cert_database.h" 26 #include "net/cert/cert_database.h"
26 #include "net/cert/nss_cert_database.h" 27 #include "net/cert/nss_cert_database.h"
27 #include "third_party/icu/public/i18n/unicode/coll.h" // icu::Collator 28 #include "third_party/icu/public/i18n/unicode/coll.h" // icu::Collator
28 #include "ui/base/l10n/l10n_util.h" 29 #include "ui/base/l10n/l10n_util.h"
29 #include "ui/base/l10n/l10n_util_collator.h" 30 #include "ui/base/l10n/l10n_util_collator.h"
30 31
31 namespace chromeos { 32 namespace chromeos {
(...skipping 22 matching lines...) Expand all
54 issued_to, 55 issued_to,
55 l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED)); 56 l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED));
56 } else { 57 } else {
57 return l10n_util::GetStringFUTF16( 58 return l10n_util::GetStringFUTF16(
58 IDS_CERT_MANAGER_KEY_FORMAT_LONG, 59 IDS_CERT_MANAGER_KEY_FORMAT_LONG,
59 issued_by, 60 issued_by,
60 issued_to); 61 issued_to);
61 } 62 }
62 } 63 }
63 64
65 std::string CertToPEM(const net::X509Certificate& cert) {
66 std::string pem_encoded_cert;
67 if (!net::X509Certificate::GetPEMEncoded(cert.os_cert_handle(),
68 &pem_encoded_cert)) {
69 LOG(ERROR) << "Couldn't PEM-encode certificate";
70 return std::string();
71 }
72 return pem_encoded_cert;
73 }
74
64 } // namespace 75 } // namespace
65 76
66 class CertNameComparator { 77 class CertNameComparator {
67 public: 78 public:
68 explicit CertNameComparator(icu::Collator* collator) 79 explicit CertNameComparator(icu::Collator* collator)
69 : collator_(collator) { 80 : collator_(collator) {
70 } 81 }
71 82
72 bool operator()(const scoped_refptr<net::X509Certificate>& lhs, 83 bool operator()(const scoped_refptr<net::X509Certificate>& lhs,
73 const scoped_refptr<net::X509Certificate>& rhs) const { 84 const scoped_refptr<net::X509Certificate>& rhs) const {
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after
141 const net::CertificateList& cert_list = GetCertificateListForType(type); 152 const net::CertificateList& cert_list = GetCertificateListForType(type);
142 return static_cast<int>(cert_list.size()); 153 return static_cast<int>(cert_list.size());
143 } 154 }
144 155
145 string16 CertLibrary::GetCertDisplayStringAt(CertType type, int index) const { 156 string16 CertLibrary::GetCertDisplayStringAt(CertType type, int index) const {
146 net::X509Certificate* cert = GetCertificateAt(type, index); 157 net::X509Certificate* cert = GetCertificateAt(type, index);
147 bool hardware_backed = IsCertHardwareBackedAt(type, index); 158 bool hardware_backed = IsCertHardwareBackedAt(type, index);
148 return GetDisplayString(cert, hardware_backed); 159 return GetDisplayString(cert, hardware_backed);
149 } 160 }
150 161
151 std::string CertLibrary::GetCertNicknameAt(CertType type, int index) const { 162 std::string CertLibrary::GetCertPEMAt(CertType type, int index) const {
152 net::X509Certificate* cert = GetCertificateAt(type, index); 163 return CertToPEM(*GetCertificateAt(type, index));
153 return x509_certificate_model::GetNickname(cert->os_cert_handle());
154 } 164 }
155 165
156 std::string CertLibrary::GetCertPkcs11IdAt(CertType type, int index) const { 166 std::string CertLibrary::GetCertPkcs11IdAt(CertType type, int index) const {
157 net::X509Certificate* cert = GetCertificateAt(type, index); 167 net::X509Certificate* cert = GetCertificateAt(type, index);
158 return x509_certificate_model::GetPkcs11Id(cert->os_cert_handle()); 168 return x509_certificate_model::GetPkcs11Id(cert->os_cert_handle());
159 } 169 }
160 170
161 bool CertLibrary::IsCertHardwareBackedAt(CertType type, int index) const { 171 bool CertLibrary::IsCertHardwareBackedAt(CertType type, int index) const {
162 if (!NetworkHandler::Get()->cert_loader()->IsHardwareBacked()) 172 if (!NetworkHandler::Get()->cert_loader()->IsHardwareBacked())
163 return false; 173 return false;
164 net::X509Certificate* cert = GetCertificateAt(type, index); 174 net::X509Certificate* cert = GetCertificateAt(type, index);
165 std::string cert_token_name = 175 std::string cert_token_name =
166 x509_certificate_model::GetTokenName(cert->os_cert_handle()); 176 x509_certificate_model::GetTokenName(cert->os_cert_handle());
167 return cert_token_name == 177 return cert_token_name ==
168 NetworkHandler::Get()->cert_loader()->tpm_token_name(); 178 NetworkHandler::Get()->cert_loader()->tpm_token_name();
169 } 179 }
170 180
171 int CertLibrary::GetCertIndexByNickname(CertType type, 181 int CertLibrary::GetCertIndexByPEM(CertType type,
172 const std::string& nickname) const { 182 const std::string& pem_encoded) const {
173 int num_certs = NumCertificates(type); 183 int num_certs = NumCertificates(type);
174 for (int index = 0; index < num_certs; ++index) { 184 for (int index = 0; index < num_certs; ++index) {
175 net::X509Certificate* cert = GetCertificateAt(type, index); 185 net::X509Certificate* cert = GetCertificateAt(type, index);
176 net::X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle(); 186 if (CertToPEM(*cert) != pem_encoded)
177 std::string nick = x509_certificate_model::GetNickname(cert_handle); 187 continue;
178 if (nick == nickname) 188 return index;
179 return index;
180 } 189 }
181 return -1; // Not found. 190 return -1;
182 } 191 }
183 192
184 int CertLibrary::GetCertIndexByPkcs11Id(CertType type, 193 int CertLibrary::GetCertIndexByPkcs11Id(CertType type,
185 const std::string& pkcs11_id) const { 194 const std::string& pkcs11_id) const {
186 int num_certs = NumCertificates(type); 195 int num_certs = NumCertificates(type);
187 for (int index = 0; index < num_certs; ++index) { 196 for (int index = 0; index < num_certs; ++index) {
188 net::X509Certificate* cert = GetCertificateAt(type, index); 197 net::X509Certificate* cert = GetCertificateAt(type, index);
189 net::X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle(); 198 net::X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle();
190 std::string id = x509_certificate_model::GetPkcs11Id(cert_handle); 199 std::string id = x509_certificate_model::GetPkcs11Id(cert_handle);
191 if (id == pkcs11_id) 200 if (id == pkcs11_id)
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after
265 if (type == CERT_TYPE_USER) 274 if (type == CERT_TYPE_USER)
266 return user_certs_; 275 return user_certs_;
267 if (type == CERT_TYPE_SERVER) 276 if (type == CERT_TYPE_SERVER)
268 return server_certs_; 277 return server_certs_;
269 if (type == CERT_TYPE_SERVER_CA) 278 if (type == CERT_TYPE_SERVER_CA)
270 return server_ca_certs_; 279 return server_ca_certs_;
271 DCHECK(type == CERT_TYPE_DEFAULT); 280 DCHECK(type == CERT_TYPE_DEFAULT);
272 return certs_; 281 return certs_;
273 } 282 }
274 283
275 } // chromeos 284 } // namespace chromeos
OLDNEW
« no previous file with comments | « chrome/browser/chromeos/cros/cert_library.h ('k') | chrome/browser/chromeos/cros/native_network_parser.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698