OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chromeos/network/network_certificate_handler.h" | |
6 | |
7 #include "base/observer_list_threadsafe.h" | |
8 #include "base/strings/stringprintf.h" | |
9 #include "chromeos/network/certificate_helper.h" | |
10 #include "net/base/hash_value.h" | |
11 | |
12 namespace chromeos { | |
13 | |
14 namespace { | |
15 | |
16 // Root CA certificates that are built into Chrome use this token name. | |
17 const char kRootCertificateTokenName[] = "Builtin Object Token"; | |
18 | |
19 NetworkCertificateHandler::Certificate GetCertificate( | |
20 const net::X509Certificate& cert, | |
21 net::CertType type) { | |
22 NetworkCertificateHandler::Certificate result; | |
23 | |
24 result.hash = net::HashValue(net::X509Certificate::CalculateFingerprint256( | |
25 cert.os_cert_handle())) | |
26 .ToString(); | |
27 | |
28 std::string alt_text; | |
29 if (!cert.subject().organization_names.empty()) | |
30 alt_text = cert.subject().organization_names[0]; | |
31 if (alt_text.empty()) | |
32 alt_text = cert.subject().GetDisplayName(); | |
33 result.issued_by = | |
34 certificate::GetIssuerCommonName(cert.os_cert_handle(), alt_text); | |
35 | |
36 result.issued_to = certificate::GetCertNameOrNickname(cert.os_cert_handle()); | |
37 result.issued_to_ascii = | |
38 certificate::GetCertAsciiNameOrNickname(cert.os_cert_handle()); | |
39 | |
40 if (type == net::USER_CERT) { | |
41 int slot_id; | |
42 std::string pkcs11_id = | |
43 CertLoader::GetPkcs11IdAndSlotForCert(cert, &slot_id); | |
tbarzic
2017/05/17 22:35:57
is this fine to be called from the UI thread?
stevenjb
2017/05/18 16:30:57
It should be fine (we already do so in WifiConfigV
tbarzic
2017/05/23 18:01:58
Acknowledged.
| |
44 result.pkcs11_id = base::StringPrintf("%i:%s", slot_id, pkcs11_id.c_str()); | |
45 } else if (type == net::CA_CERT) { | |
46 if (!net::X509Certificate::GetPEMEncoded(cert.os_cert_handle(), | |
47 &result.pem)) { | |
48 LOG(ERROR) << "Unable to PEM-encode CA"; | |
49 } | |
50 } else { | |
51 NOTREACHED(); | |
52 } | |
53 | |
54 result.hardware_backed = CertLoader::IsCertificateHardwareBacked(&cert); | |
55 | |
56 return result; | |
57 } | |
58 | |
59 } // namespace | |
60 | |
61 NetworkCertificateHandler::Certificate::Certificate() {} | |
62 | |
63 NetworkCertificateHandler::Certificate::~Certificate() {} | |
64 | |
65 NetworkCertificateHandler::Certificate::Certificate(const Certificate& other) = | |
66 default; | |
67 | |
68 NetworkCertificateHandler::NetworkCertificateHandler() { | |
69 CertLoader::Get()->AddObserver(this); | |
70 if (CertLoader::Get()->initial_load_finished()) | |
71 OnCertificatesLoaded(CertLoader::Get()->all_certs(), true); | |
72 } | |
73 | |
74 NetworkCertificateHandler::~NetworkCertificateHandler() { | |
75 CertLoader::Get()->RemoveObserver(this); | |
76 } | |
77 | |
78 void NetworkCertificateHandler::AddObserver( | |
79 NetworkCertificateHandler::Observer* observer) { | |
80 observer_list_.AddObserver(observer); | |
81 } | |
82 | |
83 void NetworkCertificateHandler::RemoveObserver( | |
84 NetworkCertificateHandler::Observer* observer) { | |
85 observer_list_.RemoveObserver(observer); | |
86 } | |
87 | |
88 void NetworkCertificateHandler::OnCertificatesLoaded( | |
89 const net::CertificateList& cert_list, | |
90 bool /* initial_load */) { | |
91 ProcessCertificates(cert_list); | |
92 } | |
93 | |
94 void NetworkCertificateHandler::ProcessCertificates( | |
95 const net::CertificateList& cert_list) { | |
96 user_certificates_.clear(); | |
97 server_ca_certificates_.clear(); | |
98 | |
99 // Add certificates to the appropriate list. | |
100 for (const auto& cert_ref : cert_list) { | |
101 const net::X509Certificate& cert = *cert_ref.get(); | |
102 net::X509Certificate::OSCertHandle cert_handle = cert.os_cert_handle(); | |
103 net::CertType type = certificate::GetCertType(cert_handle); | |
104 switch (type) { | |
105 case net::USER_CERT: | |
106 user_certificates_.push_back(GetCertificate(cert, type)); | |
107 break; | |
108 case net::CA_CERT: { | |
109 // Exclude root CA certificates that are built into Chrome. | |
110 std::string token_name = certificate::GetCertTokenName(cert_handle); | |
111 if (token_name != kRootCertificateTokenName) { | |
112 VLOG(2) << "Ignoring root cert"; | |
113 server_ca_certificates_.push_back(GetCertificate(cert, type)); | |
114 } | |
115 break; | |
116 } | |
117 default: | |
118 // Ignore other certificates. | |
119 VLOG(2) << "Ignoring cert type: " << type; | |
120 break; | |
121 } | |
122 } | |
123 | |
124 for (auto& observer : observer_list_) | |
125 observer.OnCertificatesChanged(); | |
126 } | |
127 | |
128 void NetworkCertificateHandler::SetCertificatesForTest( | |
129 const net::CertificateList& cert_list) { | |
130 ProcessCertificates(cert_list); | |
131 } | |
132 | |
133 void NetworkCertificateHandler::NotifyCertificatsChangedForTest() { | |
134 for (auto& observer : observer_list_) | |
135 observer.OnCertificatesChanged(); | |
136 } | |
137 | |
138 } // namespace chromeos | |
OLD | NEW |