chrome/browser/chromeos/cros/cert_library.cc - Issue 16946002: Resolve certificate references in ONC by PEM.

Unified Diff: chrome/browser/chromeos/cros/cert_library.cc

Issue 16946002: Resolve certificate references in ONC by PEM. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: removed automation part. Created 7 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « chrome/browser/chromeos/cros/cert_library.h ('k') | chrome/browser/chromeos/cros/cros_mock.cc » ('j') | chromeos/network/onc/onc_certificate_importer.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/chromeos/cros/cert_library.cc

diff --git a/chrome/browser/chromeos/cros/cert_library.cc b/chrome/browser/chromeos/cros/cert_library.cc

index fcf61c2be7c6bb0c33c8701a55bde7ce8e520de2..98d1bb9d03baa4ad7270111fe9413ea13414b2e9 100644

--- a/chrome/browser/chromeos/cros/cert_library.cc

+++ b/chrome/browser/chromeos/cros/cert_library.cc

@@ -20,6 +20,7 @@

#include "chromeos/dbus/cryptohome_client.h"

#include "chromeos/dbus/dbus_thread_manager.h"

#include "chromeos/login/login_state.h"

+#include "chromeos/network/onc/onc_utils.h"

#include "content/public/browser/browser_thread.h"

#include "crypto/nss_util.h"

#include "grit/generated_resources.h"

@@ -149,9 +150,9 @@ string16 CertLibrary::GetCertDisplayStringAt(CertType type, int index) const {

return GetDisplayString(cert, hardware_backed);

}

-std::string CertLibrary::GetCertNicknameAt(CertType type, int index) const {

+std::string CertLibrary::GetCertFingerprintAt(CertType type, int index) const {

net::X509Certificate* cert = GetCertificateAt(type, index);

- return x509_certificate_model::GetNickname(cert->os_cert_handle());

+ return onc::GetHexFingerprintOfCert(*cert);

}

std::string CertLibrary::GetCertPkcs11IdAt(CertType type, int index) const {

@@ -169,17 +170,21 @@ bool CertLibrary::IsCertHardwareBackedAt(CertType type, int index) const {

NetworkHandler::Get()->cert_loader()->tpm_token_name();

}

-int CertLibrary::GetCertIndexByNickname(CertType type,

- const std::string& nickname) const {

+int CertLibrary::GetCertIndexByFingerprint(

+ CertType type, const std::string& fingerprint) const {

Mattias Nissler (ping if slow) 2013/06/14 12:56:44 nit: one parameter per line

pneubeck (no reviews) 2013/06/21 12:53:56 Done.

int num_certs = NumCertificates(type);

+ int found_index = -1;

for (int index = 0; index < num_certs; ++index) {

net::X509Certificate* cert = GetCertificateAt(type, index);

- net::X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle();

- std::string nick = x509_certificate_model::GetNickname(cert_handle);

- if (nick == nickname)

- return index;

+ if (onc::GetHexFingerprintOfCert(*cert) != fingerprint)

+ continue;

+ if (found_index != -1) {

+ LOG(ERROR) << "Certificate fingerprints collided.";

Mattias Nissler (ping if slow) 2013/06/14 12:56:44 I guess it's more likely that the cert is present

pneubeck (no reviews) 2013/06/21 12:53:56 Done.

+ return -1;

+ }

+ found_index = index;

}

- return -1; // Not found.

+ return found_index;

}

int CertLibrary::GetCertIndexByPkcs11Id(CertType type,

@@ -273,4 +278,4 @@ const net::CertificateList& CertLibrary::GetCertificateListForType(

return certs_;

}

-} // chromeos

+} // namespace chromeos