Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(267)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chromeos/network/network_certificate_handler.cc

Issue 2891453002: Introduce networkingPrivate.getCertificateLists (Closed)
Patch Set: . Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/test/data/extensions/api_test/networking_private/chromeos/test.js ('K') | « chromeos/network/network_certificate_handler.h ('k') | chromeos/network/network_handler.h » ('j') | components/onc/docs/onc_spec.md » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chromeos/network/network_certificate_handler.h"
6
7 #include "base/observer_list_threadsafe.h"
8 #include "base/strings/stringprintf.h"
9 #include "chromeos/network/certificate_helper.h"
10 #include "net/base/hash_value.h"
11
12 namespace chromeos {
13
14 namespace {
15
16 // Root CA certificates that are built into Chrome use this token name.
17 const char kRootCertificateTokenName[] = "Builtin Object Token";
18
19 NetworkCertificateHandler::Certificate GetCertificate(
20 const net::X509Certificate& cert,
21 net::CertType type) {
22 NetworkCertificateHandler::Certificate result;
23
24 result.hash = net::HashValue(net::X509Certificate::CalculateFingerprint256(
25 cert.os_cert_handle()))
26 .ToString();
27
28 std::string alt_text;
29 if (!cert.subject().organization_names.empty())
30 alt_text = cert.subject().organization_names[0];
31 if (alt_text.empty())
32 alt_text = cert.subject().GetDisplayName();
33 result.issued_by =
34 certificate::GetIssuerCommonName(cert.os_cert_handle(), alt_text);
35
36 result.issued_to = certificate::GetCertNameOrNickname(cert.os_cert_handle());
37 result.issued_to_ascii =
38 certificate::GetCertAsciiNameOrNickname(cert.os_cert_handle());
39
40 if (type == net::USER_CERT) {
41 int slot_id;
42 std::string pkcs11_id =
43 CertLoader::GetPkcs11IdAndSlotForCert(cert, &slot_id);
tbarzic 2017/05/17 22:35:57 is this fine to be called from the UI thread?
stevenjb 2017/05/18 16:30:57 It should be fine (we already do so in WifiConfigV
tbarzic 2017/05/23 18:01:58 Acknowledged.
44 result.pkcs11_id = base::StringPrintf("%i:%s", slot_id, pkcs11_id.c_str());
45 } else if (type == net::CA_CERT) {
46 if (!net::X509Certificate::GetPEMEncoded(cert.os_cert_handle(),
47 &result.pem)) {
48 LOG(ERROR) << "Unable to PEM-encode CA";
49 }
50 } else {
51 NOTREACHED();
52 }
53
54 result.hardware_backed = CertLoader::IsCertificateHardwareBacked(&cert);
55
56 return result;
57 }
58
59 } // namespace
60
61 NetworkCertificateHandler::Certificate::Certificate() {}
62
63 NetworkCertificateHandler::Certificate::~Certificate() {}
64
65 NetworkCertificateHandler::Certificate::Certificate(const Certificate& other) =
66 default;
67
68 NetworkCertificateHandler::NetworkCertificateHandler() {
69 CertLoader::Get()->AddObserver(this);
70 if (CertLoader::Get()->initial_load_finished())
71 OnCertificatesLoaded(CertLoader::Get()->all_certs(), true);
72 }
73
74 NetworkCertificateHandler::~NetworkCertificateHandler() {
75 CertLoader::Get()->RemoveObserver(this);
76 }
77
78 void NetworkCertificateHandler::AddObserver(
79 NetworkCertificateHandler::Observer* observer) {
80 observer_list_.AddObserver(observer);
81 }
82
83 void NetworkCertificateHandler::RemoveObserver(
84 NetworkCertificateHandler::Observer* observer) {
85 observer_list_.RemoveObserver(observer);
86 }
87
88 void NetworkCertificateHandler::OnCertificatesLoaded(
89 const net::CertificateList& cert_list,
90 bool /* initial_load */) {
91 ProcessCertificates(cert_list);
92 }
93
94 void NetworkCertificateHandler::ProcessCertificates(
95 const net::CertificateList& cert_list) {
96 user_certificates_.clear();
97 server_ca_certificates_.clear();
98
99 // Add certificates to the appropriate list.
100 for (const auto& cert_ref : cert_list) {
101 const net::X509Certificate& cert = *cert_ref.get();
102 net::X509Certificate::OSCertHandle cert_handle = cert.os_cert_handle();
103 net::CertType type = certificate::GetCertType(cert_handle);
104 switch (type) {
105 case net::USER_CERT:
106 user_certificates_.push_back(GetCertificate(cert, type));
107 break;
108 case net::CA_CERT: {
109 // Exclude root CA certificates that are built into Chrome.
110 std::string token_name = certificate::GetCertTokenName(cert_handle);
111 if (token_name != kRootCertificateTokenName) {
112 VLOG(2) << "Ignoring root cert";
113 server_ca_certificates_.push_back(GetCertificate(cert, type));
114 }
115 break;
116 }
117 default:
118 // Ignore other certificates.
119 VLOG(2) << "Ignoring cert type: " << type;
120 break;
121 }
122 }
123
124 for (auto& observer : observer_list_)
125 observer.OnCertificatesChanged();
126 }
127
128 void NetworkCertificateHandler::SetCertificatesForTest(
129 const net::CertificateList& cert_list) {
130 ProcessCertificates(cert_list);
131 }
132
133 void NetworkCertificateHandler::NotifyCertificatsChangedForTest() {
134 for (auto& observer : observer_list_)
135 observer.OnCertificatesChanged();
136 }
137
138 } // namespace chromeos
OLDNEW
« chrome/test/data/extensions/api_test/networking_private/chromeos/test.js ('K') | « chromeos/network/network_certificate_handler.h ('k') | chromeos/network/network_handler.h » ('j') | components/onc/docs/onc_spec.md » ('J')

Powered by Google App Engine
This is Rietveld 408576698