Chromium Code Reviews Chromium Code Reviews
Issue 16946002:
Resolve certificate references in ONC by PEM. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/cros/cert_library.h" | 5 #include "chrome/browser/chromeos/cros/cert_library.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/chromeos/chromeos_version.h" | 9 #include "base/chromeos/chromeos_version.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| 11 #include "base/i18n/string_compare.h" | 11 #include "base/i18n/string_compare.h" |
| 12 #include "base/memory/weak_ptr.h" | 12 #include "base/memory/weak_ptr.h" |
| 13 #include "base/observer_list_threadsafe.h" | 13 #include "base/observer_list_threadsafe.h" |
| 14 #include "base/strings/string_number_conversions.h" | 14 #include "base/strings/string_number_conversions.h" |
| 15 #include "base/strings/string_util.h" | 15 #include "base/strings/string_util.h" |
| 16 #include "base/strings/utf_string_conversions.h" | 16 #include "base/strings/utf_string_conversions.h" |
| 17 #include "chrome/browser/browser_process.h" // g_browser_process | 17 #include "chrome/browser/browser_process.h" // g_browser_process |
| 18 #include "chrome/common/chrome_switches.h" | 18 #include "chrome/common/chrome_switches.h" |
| 19 #include "chrome/common/net/x509_certificate_model.h" | 19 #include "chrome/common/net/x509_certificate_model.h" |
| 20 #include "chromeos/dbus/cryptohome_client.h" | 20 #include "chromeos/dbus/cryptohome_client.h" |
| 21 #include "chromeos/dbus/dbus_thread_manager.h" | 21 #include "chromeos/dbus/dbus_thread_manager.h" |
| 22 #include "chromeos/login/login_state.h" | 22 #include "chromeos/login/login_state.h" |
| 23 #include "chromeos/network/onc/onc_utils.h" | |
| 23 #include "content/public/browser/browser_thread.h" | 24 #include "content/public/browser/browser_thread.h" |
| 24 #include "crypto/nss_util.h" | 25 #include "crypto/nss_util.h" |
| 25 #include "grit/generated_resources.h" | 26 #include "grit/generated_resources.h" |
| 26 #include "net/cert/cert_database.h" | 27 #include "net/cert/cert_database.h" |
| 27 #include "net/cert/nss_cert_database.h" | 28 #include "net/cert/nss_cert_database.h" |
| 28 #include "third_party/icu/public/i18n/unicode/coll.h" // icu::Collator | 29 #include "third_party/icu/public/i18n/unicode/coll.h" // icu::Collator |
| 29 #include "ui/base/l10n/l10n_util.h" | 30 #include "ui/base/l10n/l10n_util.h" |
| 30 #include "ui/base/l10n/l10n_util_collator.h" | 31 #include "ui/base/l10n/l10n_util_collator.h" |
| 31 | 32 |
| 32 namespace chromeos { | 33 namespace chromeos { |
| (...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 142 const net::CertificateList& cert_list = GetCertificateListForType(type); | 143 const net::CertificateList& cert_list = GetCertificateListForType(type); |
| 143 return static_cast<int>(cert_list.size()); | 144 return static_cast<int>(cert_list.size()); |
| 144 } | 145 } |
| 145 | 146 |
| 146 string16 CertLibrary::GetCertDisplayStringAt(CertType type, int index) const { | 147 string16 CertLibrary::GetCertDisplayStringAt(CertType type, int index) const { |
| 147 net::X509Certificate* cert = GetCertificateAt(type, index); | 148 net::X509Certificate* cert = GetCertificateAt(type, index); |
| 148 bool hardware_backed = IsCertHardwareBackedAt(type, index); | 149 bool hardware_backed = IsCertHardwareBackedAt(type, index); |
| 149 return GetDisplayString(cert, hardware_backed); | 150 return GetDisplayString(cert, hardware_backed); |
| 150 } | 151 } |
| 151 | 152 |
| 152 std::string CertLibrary::GetCertNicknameAt(CertType type, int index) const { | 153 std::string CertLibrary::GetCertFingerprintAt(CertType type, int index) const { |
| 153 net::X509Certificate* cert = GetCertificateAt(type, index); | 154 net::X509Certificate* cert = GetCertificateAt(type, index); |
| 154 return x509_certificate_model::GetNickname(cert->os_cert_handle()); | 155 return onc::GetHexFingerprintOfCert(*cert); |
| 155 } | 156 } |
| 156 | 157 |
| 157 std::string CertLibrary::GetCertPkcs11IdAt(CertType type, int index) const { | 158 std::string CertLibrary::GetCertPkcs11IdAt(CertType type, int index) const { |
| 158 net::X509Certificate* cert = GetCertificateAt(type, index); | 159 net::X509Certificate* cert = GetCertificateAt(type, index); |
| 159 return x509_certificate_model::GetPkcs11Id(cert->os_cert_handle()); | 160 return x509_certificate_model::GetPkcs11Id(cert->os_cert_handle()); |
| 160 } | 161 } |
| 161 | 162 |
| 162 bool CertLibrary::IsCertHardwareBackedAt(CertType type, int index) const { | 163 bool CertLibrary::IsCertHardwareBackedAt(CertType type, int index) const { |
| 163 if (!NetworkHandler::Get()->cert_loader()->IsHardwareBacked()) | 164 if (!NetworkHandler::Get()->cert_loader()->IsHardwareBacked()) |
| 164 return false; | 165 return false; |
| 165 net::X509Certificate* cert = GetCertificateAt(type, index); | 166 net::X509Certificate* cert = GetCertificateAt(type, index); |
| 166 std::string cert_token_name = | 167 std::string cert_token_name = |
| 167 x509_certificate_model::GetTokenName(cert->os_cert_handle()); | 168 x509_certificate_model::GetTokenName(cert->os_cert_handle()); |
| 168 return cert_token_name == | 169 return cert_token_name == |
| 169 NetworkHandler::Get()->cert_loader()->tpm_token_name(); | 170 NetworkHandler::Get()->cert_loader()->tpm_token_name(); |
| 170 } | 171 } |
| 171 | 172 |
| 172 int CertLibrary::GetCertIndexByNickname(CertType type, | 173 int CertLibrary::GetCertIndexByFingerprint( |
| 173 const std::string& nickname) const { | 174 CertType type, const std::string& fingerprint) const { |
|
Mattias Nissler (ping if slow)
2013/06/14 12:56:44
nit: one parameter per line
pneubeck (no reviews)
2013/06/21 12:53:56
Done.
| |
| 174 int num_certs = NumCertificates(type); | 175 int num_certs = NumCertificates(type); |
| 176 int found_index = -1; | |
| 175 for (int index = 0; index < num_certs; ++index) { | 177 for (int index = 0; index < num_certs; ++index) { |
| 176 net::X509Certificate* cert = GetCertificateAt(type, index); | 178 net::X509Certificate* cert = GetCertificateAt(type, index); |
| 177 net::X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle(); | 179 if (onc::GetHexFingerprintOfCert(*cert) != fingerprint) |
| 178 std::string nick = x509_certificate_model::GetNickname(cert_handle); | 180 continue; |
| 179 if (nick == nickname) | 181 if (found_index != -1) { |
| 180 return index; | 182 LOG(ERROR) << "Certificate fingerprints collided."; |
|
Mattias Nissler (ping if slow)
2013/06/14 12:56:44
I guess it's more likely that the cert is present
pneubeck (no reviews)
2013/06/21 12:53:56
Done.
| |
| 183 return -1; | |
| 184 } | |
| 185 found_index = index; | |
| 181 } | 186 } |
| 182 return -1; // Not found. | 187 return found_index; |
| 183 } | 188 } |
| 184 | 189 |
| 185 int CertLibrary::GetCertIndexByPkcs11Id(CertType type, | 190 int CertLibrary::GetCertIndexByPkcs11Id(CertType type, |
| 186 const std::string& pkcs11_id) const { | 191 const std::string& pkcs11_id) const { |
| 187 int num_certs = NumCertificates(type); | 192 int num_certs = NumCertificates(type); |
| 188 for (int index = 0; index < num_certs; ++index) { | 193 for (int index = 0; index < num_certs; ++index) { |
| 189 net::X509Certificate* cert = GetCertificateAt(type, index); | 194 net::X509Certificate* cert = GetCertificateAt(type, index); |
| 190 net::X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle(); | 195 net::X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle(); |
| 191 std::string id = x509_certificate_model::GetPkcs11Id(cert_handle); | 196 std::string id = x509_certificate_model::GetPkcs11Id(cert_handle); |
| 192 if (id == pkcs11_id) | 197 if (id == pkcs11_id) |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 266 if (type == CERT_TYPE_USER) | 271 if (type == CERT_TYPE_USER) |
| 267 return user_certs_; | 272 return user_certs_; |
| 268 if (type == CERT_TYPE_SERVER) | 273 if (type == CERT_TYPE_SERVER) |
| 269 return server_certs_; | 274 return server_certs_; |
| 270 if (type == CERT_TYPE_SERVER_CA) | 275 if (type == CERT_TYPE_SERVER_CA) |
| 271 return server_ca_certs_; | 276 return server_ca_certs_; |
| 272 DCHECK(type == CERT_TYPE_DEFAULT); | 277 DCHECK(type == CERT_TYPE_DEFAULT); |
| 273 return certs_; | 278 return certs_; |
| 274 } | 279 } |
| 275 | 280 |
| 276 } // chromeos | 281 } // namespace chromeos |
| OLD | NEW |
