Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(337)

Side by Side Diff: chrome/browser/chromeos/options/cert_library.cc

Issue 2485813002: Allow ECDSA certs to be used for VPN and wifi (Closed)
Patch Set: rebase on ToT Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/options/cert_library.h" 5 #include "chrome/browser/chromeos/options/cert_library.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <memory>
8 9
9 #include "base/command_line.h" 10 #include "base/command_line.h"
10 #include "base/i18n/string_compare.h" 11 #include "base/i18n/string_compare.h"
11 #include "base/memory/weak_ptr.h" 12 #include "base/memory/weak_ptr.h"
12 #include "base/observer_list_threadsafe.h" 13 #include "base/observer_list_threadsafe.h"
13 #include "base/strings/string_number_conversions.h" 14 #include "base/strings/string_number_conversions.h"
14 #include "base/strings/string_util.h" 15 #include "base/strings/string_util.h"
15 #include "base/strings/utf_string_conversions.h" 16 #include "base/strings/utf_string_conversions.h"
16 #include "chrome/browser/browser_process.h" // g_browser_process 17 #include "chrome/browser/browser_process.h" // g_browser_process
17 #include "chrome/common/chrome_switches.h" 18 #include "chrome/common/chrome_switches.h"
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after
146 } 147 }
147 148
148 int CertLibrary::NumCertificates(CertType type) const { 149 int CertLibrary::NumCertificates(CertType type) const {
149 const net::CertificateList& cert_list = GetCertificateListForType(type); 150 const net::CertificateList& cert_list = GetCertificateListForType(type);
150 return static_cast<int>(cert_list.size()); 151 return static_cast<int>(cert_list.size());
151 } 152 }
152 153
153 base::string16 CertLibrary::GetCertDisplayStringAt(CertType type, 154 base::string16 CertLibrary::GetCertDisplayStringAt(CertType type,
154 int index) const { 155 int index) const {
155 net::X509Certificate* cert = GetCertificateAt(type, index); 156 net::X509Certificate* cert = GetCertificateAt(type, index);
156 bool hardware_backed = IsCertHardwareBackedAt(type, index); 157 bool hardware_backed = CertLoader::IsCertificateHardwareBacked(cert);
157 return GetDisplayString(cert, hardware_backed); 158 return GetDisplayString(cert, hardware_backed);
158 } 159 }
159 160
160 std::string CertLibrary::GetServerCACertPEMAt(int index) const { 161 std::string CertLibrary::GetServerCACertPEMAt(int index) const {
161 return CertToPEM(*GetCertificateAt(CERT_TYPE_SERVER_CA, index)); 162 return CertToPEM(*GetCertificateAt(CERT_TYPE_SERVER_CA, index));
162 } 163 }
163 164
164 std::string CertLibrary::GetUserCertPkcs11IdAt(int index, int* slot_id) const { 165 std::string CertLibrary::GetUserCertPkcs11IdAt(int index, int* slot_id) const {
165 net::X509Certificate* cert = GetCertificateAt(CERT_TYPE_USER, index); 166 net::X509Certificate* cert = GetCertificateAt(CERT_TYPE_USER, index);
166 return CertLoader::GetPkcs11IdAndSlotForCert(*cert, slot_id); 167 return CertLoader::GetPkcs11IdAndSlotForCert(*cert, slot_id);
167 } 168 }
168 169
169 bool CertLibrary::IsCertHardwareBackedAt(CertType type, int index) const { 170 bool CertLibrary::IsCertSecureAt(CertType type, int index) const {
170 net::X509Certificate* cert = GetCertificateAt(type, index); 171 net::X509Certificate* cert = GetCertificateAt(type, index);
171 return CertLoader::IsCertificateHardwareBacked(cert); 172 bool hardware_backed = CertLoader::IsCertificateHardwareBacked(cert);
173 if (hardware_backed)
174 return true;
175
176 // An RSA private key is considered secure only if it is bound to the TPM,
177 // because all Chromebooks support this.
178 // Other key types such as ECSDA are not supported by all TPM hardware, so
179 // it doesn't make sense to force users to bind them to the device in
180 // order to use them for WiFi or VPN.
181 net::X509Certificate::PublicKeyType actual_key_type =
182 net::X509Certificate::kPublicKeyTypeUnknown;
183 size_t unused_key_size = 0;
184 net::X509Certificate::GetPublicKeyInfo(cert->os_cert_handle(),
185 &unused_key_size, &actual_key_type);
186 return actual_key_type != net::X509Certificate::kPublicKeyTypeRSA;
172 } 187 }
173 188
174 int CertLibrary::GetServerCACertIndexByPEM( 189 int CertLibrary::GetServerCACertIndexByPEM(
175 const std::string& pem_encoded) const { 190 const std::string& pem_encoded) const {
176 int num_certs = NumCertificates(CERT_TYPE_SERVER_CA); 191 int num_certs = NumCertificates(CERT_TYPE_SERVER_CA);
177 for (int index = 0; index < num_certs; ++index) { 192 for (int index = 0; index < num_certs; ++index) {
178 net::X509Certificate* cert = GetCertificateAt(CERT_TYPE_SERVER_CA, index); 193 net::X509Certificate* cert = GetCertificateAt(CERT_TYPE_SERVER_CA, index);
179 if (CertToPEM(*cert) != pem_encoded) 194 if (CertToPEM(*cert) != pem_encoded)
180 continue; 195 continue;
181 return index; 196 return index;
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after
268 return user_certs_; 283 return user_certs_;
269 if (type == CERT_TYPE_SERVER) 284 if (type == CERT_TYPE_SERVER)
270 return server_certs_; 285 return server_certs_;
271 if (type == CERT_TYPE_SERVER_CA) 286 if (type == CERT_TYPE_SERVER_CA)
272 return server_ca_certs_; 287 return server_ca_certs_;
273 DCHECK(type == CERT_TYPE_DEFAULT); 288 DCHECK(type == CERT_TYPE_DEFAULT);
274 return certs_; 289 return certs_;
275 } 290 }
276 291
277 } // namespace chromeos 292 } // namespace chromeos
OLDNEW
« no previous file with comments | « chrome/browser/chromeos/options/cert_library.h ('k') | chrome/browser/chromeos/options/vpn_config_view.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698