Index: chromeos/cert_loader.cc |
diff --git a/chromeos/cert_loader.cc b/chromeos/cert_loader.cc |
index b72d43aa17b0b9bf34248ae273531b4f05e42635..e85d597d969e1fb2dec454d9ec3821bfa37e6906 100644 |
--- a/chromeos/cert_loader.cc |
+++ b/chromeos/cert_loader.cc |
@@ -135,7 +135,14 @@ std::string CertLoader::GetPkcs11IdForCert(const net::X509Certificate& cert) { |
SECItem* sec_item = PK11_GetLowLevelKeyIDForPrivateKey(priv_key); |
std::string pkcs11_id; |
if (sec_item) { |
- pkcs11_id = base::HexEncode(sec_item->data, sec_item->len); |
+ PK11SlotInfo* slot = PK11_GetSlotFromPrivateKey(priv_key); |
+ // If the key is on the TPM, include the TPM slot id. |
pneubeck (no reviews)
2014/06/13 12:40:42
Does that mean, that in tests and in fake non-Chro
|
+ if (PK11_IsHW(slot)) { |
+ pkcs11_id = base::IntToString(PK11_GetSlotID(slot)); |
+ pkcs11_id += ':'; |
+ } |
+ PK11_FreeSlot(slot); |
+ pkcs11_id += base::HexEncode(sec_item->data, sec_item->len); |
SECITEM_FreeItem(sec_item, PR_TRUE); |
} |
SECKEY_DestroyPrivateKey(priv_key); |