Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(99)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chromeos/cert_loader.cc

Issue 421113002: Use correct slot id for client certs in network config. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chromeos/cert_loader.h ('k') | chromeos/cert_loader_unittest.cc » ('j') | chromeos/network/client_cert_resolver.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chromeos/cert_loader.h" 5 #include "chromeos/cert_loader.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/location.h" 10 #include "base/location.h"
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after
77 } 77 }
78 78
79 void CertLoader::AddObserver(CertLoader::Observer* observer) { 79 void CertLoader::AddObserver(CertLoader::Observer* observer) {
80 observers_.AddObserver(observer); 80 observers_.AddObserver(observer);
81 } 81 }
82 82
83 void CertLoader::RemoveObserver(CertLoader::Observer* observer) { 83 void CertLoader::RemoveObserver(CertLoader::Observer* observer) {
84 observers_.RemoveObserver(observer); 84 observers_.RemoveObserver(observer);
85 } 85 }
86 86
87 int CertLoader::TPMTokenSlotID() const {
88 if (!database_)
89 return -1;
90 crypto::ScopedPK11Slot slot(database_->GetPrivateSlot());
91 DCHECK(slot);
92 return static_cast<int>(PK11_GetSlotID(slot.get()));
93 }
94
95 bool CertLoader::IsHardwareBacked() const { 87 bool CertLoader::IsHardwareBacked() const {
96 if (force_hardware_backed_for_test_) 88 if (force_hardware_backed_for_test_)
97 return true; 89 return true;
98 if (!database_) 90 if (!database_)
99 return false; 91 return false;
100 crypto::ScopedPK11Slot slot(database_->GetPrivateSlot()); 92 crypto::ScopedPK11Slot slot(database_->GetPrivateSlot());
101 DCHECK(slot); 93 DCHECK(slot);
102 return PK11_IsHW(slot.get()); 94 return PK11_IsHW(slot.get());
103 } 95 }
104 96
(...skipping 10 matching lines...) Expand all
115 107
116 // static 108 // static
117 // 109 //
118 // For background see this discussion on dev-tech-crypto.lists.mozilla.org: 110 // For background see this discussion on dev-tech-crypto.lists.mozilla.org:
119 // http://web.archiveorange.com/archive/v/6JJW7E40sypfZGtbkzxX 111 // http://web.archiveorange.com/archive/v/6JJW7E40sypfZGtbkzxX
120 // 112 //
121 // NOTE: This function relies on the convention that the same PKCS#11 ID 113 // NOTE: This function relies on the convention that the same PKCS#11 ID
122 // is shared between a certificate and its associated private and public 114 // is shared between a certificate and its associated private and public
123 // keys. I tried to implement this with PK11_GetLowLevelKeyIDForCert(), 115 // keys. I tried to implement this with PK11_GetLowLevelKeyIDForCert(),
124 // but that always returns NULL on Chrome OS for me. 116 // but that always returns NULL on Chrome OS for me.
125 std::string CertLoader::GetPkcs11IdForCert(const net::X509Certificate& cert) { 117 std::string CertLoader::GetPkcs11IdAndSlotForCert(
118 const net::X509Certificate& cert,
119 int* slot_id) {
120 DCHECK(slot_id);
121
126 CERTCertificateStr* cert_handle = cert.os_cert_handle(); 122 CERTCertificateStr* cert_handle = cert.os_cert_handle();
127 SECKEYPrivateKey *priv_key = 123 SECKEYPrivateKey *priv_key =
128 PK11_FindKeyByAnyCert(cert_handle, NULL /* wincx */); 124 PK11_FindKeyByAnyCert(cert_handle, NULL /* wincx */);
129 if (!priv_key) 125 if (!priv_key)
130 return std::string(); 126 return std::string();
131 127
128 *slot_id = static_cast<int>(PK11_GetSlotID(priv_key->pkcs11Slot));
129
132 // Get the CKA_ID attribute for a key. 130 // Get the CKA_ID attribute for a key.
133 SECItem* sec_item = PK11_GetLowLevelKeyIDForPrivateKey(priv_key); 131 SECItem* sec_item = PK11_GetLowLevelKeyIDForPrivateKey(priv_key);
134 std::string pkcs11_id; 132 std::string pkcs11_id;
135 if (sec_item) { 133 if (sec_item) {
136 pkcs11_id = base::HexEncode(sec_item->data, sec_item->len); 134 pkcs11_id = base::HexEncode(sec_item->data, sec_item->len);
137 SECITEM_FreeItem(sec_item, PR_TRUE); 135 SECITEM_FreeItem(sec_item, PR_TRUE);
138 } 136 }
139 SECKEY_DestroyPrivateKey(priv_key); 137 SECKEY_DestroyPrivateKey(priv_key);
140 138
141 return pkcs11_id; 139 return pkcs11_id;
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after
191 VLOG(1) << "OnCertAdded"; 189 VLOG(1) << "OnCertAdded";
192 LoadCertificates(); 190 LoadCertificates();
193 } 191 }
194 192
195 void CertLoader::OnCertRemoved(const net::X509Certificate* cert) { 193 void CertLoader::OnCertRemoved(const net::X509Certificate* cert) {
196 VLOG(1) << "OnCertRemoved"; 194 VLOG(1) << "OnCertRemoved";
197 LoadCertificates(); 195 LoadCertificates();
198 } 196 }
199 197
200 } // namespace chromeos 198 } // namespace chromeos
OLDNEW
« no previous file with comments | « chromeos/cert_loader.h ('k') | chromeos/cert_loader_unittest.cc » ('j') | chromeos/network/client_cert_resolver.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698