OLD | NEW |
(Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chromeos/network/network_certificate_handler.h" |
| 6 |
| 7 #include "base/observer_list_threadsafe.h" |
| 8 #include "base/strings/stringprintf.h" |
| 9 #include "chromeos/network/certificate_helper.h" |
| 10 #include "net/base/hash_value.h" |
| 11 |
| 12 namespace chromeos { |
| 13 |
| 14 namespace { |
| 15 |
| 16 // Root CA certificates that are built into Chrome use this token name. |
| 17 const char kRootCertificateTokenName[] = "Builtin Object Token"; |
| 18 |
| 19 NetworkCertificateHandler::Certificate GetCertificate( |
| 20 const net::X509Certificate& cert, |
| 21 net::CertType type) { |
| 22 NetworkCertificateHandler::Certificate result; |
| 23 |
| 24 result.hash = net::HashValue(net::X509Certificate::CalculateFingerprint256( |
| 25 cert.os_cert_handle())) |
| 26 .ToString(); |
| 27 |
| 28 std::string alt_text; |
| 29 if (!cert.subject().organization_names.empty()) |
| 30 alt_text = cert.subject().organization_names[0]; |
| 31 if (alt_text.empty()) |
| 32 alt_text = cert.subject().GetDisplayName(); |
| 33 result.issued_by = |
| 34 certificate::GetIssuerCommonName(cert.os_cert_handle(), alt_text); |
| 35 |
| 36 result.issued_to = certificate::GetCertNameOrNickname(cert.os_cert_handle()); |
| 37 result.issued_to_ascii = |
| 38 certificate::GetCertAsciiNameOrNickname(cert.os_cert_handle()); |
| 39 |
| 40 if (type == net::USER_CERT) { |
| 41 int slot_id; |
| 42 std::string pkcs11_id = |
| 43 CertLoader::GetPkcs11IdAndSlotForCert(cert, &slot_id); |
| 44 result.pkcs11_id = base::StringPrintf("%i:%s", slot_id, pkcs11_id.c_str()); |
| 45 } else if (type == net::CA_CERT) { |
| 46 if (!net::X509Certificate::GetPEMEncoded(cert.os_cert_handle(), |
| 47 &result.pem)) { |
| 48 LOG(ERROR) << "Unable to PEM-encode CA"; |
| 49 } |
| 50 } else { |
| 51 NOTREACHED(); |
| 52 } |
| 53 |
| 54 result.hardware_backed = CertLoader::IsCertificateHardwareBacked(&cert); |
| 55 |
| 56 return result; |
| 57 } |
| 58 |
| 59 } // namespace |
| 60 |
| 61 NetworkCertificateHandler::Certificate::Certificate() {} |
| 62 |
| 63 NetworkCertificateHandler::Certificate::~Certificate() {} |
| 64 |
| 65 NetworkCertificateHandler::Certificate::Certificate(const Certificate& other) = |
| 66 default; |
| 67 |
| 68 NetworkCertificateHandler::NetworkCertificateHandler() { |
| 69 CertLoader::Get()->AddObserver(this); |
| 70 if (CertLoader::Get()->initial_load_finished()) |
| 71 OnCertificatesLoaded(CertLoader::Get()->all_certs(), true); |
| 72 } |
| 73 |
| 74 NetworkCertificateHandler::~NetworkCertificateHandler() { |
| 75 CertLoader::Get()->RemoveObserver(this); |
| 76 } |
| 77 |
| 78 void NetworkCertificateHandler::AddObserver( |
| 79 NetworkCertificateHandler::Observer* observer) { |
| 80 observer_list_.AddObserver(observer); |
| 81 } |
| 82 |
| 83 void NetworkCertificateHandler::RemoveObserver( |
| 84 NetworkCertificateHandler::Observer* observer) { |
| 85 observer_list_.RemoveObserver(observer); |
| 86 } |
| 87 |
| 88 void NetworkCertificateHandler::OnCertificatesLoaded( |
| 89 const net::CertificateList& cert_list, |
| 90 bool /* initial_load */) { |
| 91 ProcessCertificates(cert_list); |
| 92 } |
| 93 |
| 94 void NetworkCertificateHandler::ProcessCertificates( |
| 95 const net::CertificateList& cert_list) { |
| 96 user_certificates_.clear(); |
| 97 server_ca_certificates_.clear(); |
| 98 |
| 99 // Add certificates to the appropriate list. |
| 100 for (const auto& cert_ref : cert_list) { |
| 101 const net::X509Certificate& cert = *cert_ref.get(); |
| 102 net::X509Certificate::OSCertHandle cert_handle = cert.os_cert_handle(); |
| 103 net::CertType type = certificate::GetCertType(cert_handle); |
| 104 switch (type) { |
| 105 case net::USER_CERT: |
| 106 user_certificates_.push_back(GetCertificate(cert, type)); |
| 107 break; |
| 108 case net::CA_CERT: { |
| 109 // Exclude root CA certificates that are built into Chrome. |
| 110 std::string token_name = certificate::GetCertTokenName(cert_handle); |
| 111 if (token_name != kRootCertificateTokenName) |
| 112 server_ca_certificates_.push_back(GetCertificate(cert, type)); |
| 113 else |
| 114 VLOG(2) << "Ignoring root cert"; |
| 115 break; |
| 116 } |
| 117 default: |
| 118 // Ignore other certificates. |
| 119 VLOG(2) << "Ignoring cert type: " << type; |
| 120 break; |
| 121 } |
| 122 } |
| 123 |
| 124 for (auto& observer : observer_list_) |
| 125 observer.OnCertificatesChanged(); |
| 126 } |
| 127 |
| 128 void NetworkCertificateHandler::SetCertificatesForTest( |
| 129 const net::CertificateList& cert_list) { |
| 130 ProcessCertificates(cert_list); |
| 131 } |
| 132 |
| 133 void NetworkCertificateHandler::NotifyCertificatsChangedForTest() { |
| 134 for (auto& observer : observer_list_) |
| 135 observer.OnCertificatesChanged(); |
| 136 } |
| 137 |
| 138 } // namespace chromeos |
OLD | NEW |