| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 /** | 5 /** |
| 6 * Check the validity of the policy extension manifest. | 6 * Check the validity of the policy extension manifest. |
| 7 * | 7 * |
| 8 * This function is invoked by entd before the policy is loaded in order to | 8 * This function is invoked by entd before the policy is loaded in order to |
| 9 * check the validity of the extension manifest. If this function returns | 9 * check the validity of the extension manifest. If this function returns |
| 10 * false, entd exits and does not restart until the next user logs in. | 10 * false, entd exits and does not restart until the next user logs in. |
| (...skipping 476 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 487 } | 487 } |
| 488 return true; | 488 return true; |
| 489 } | 489 } |
| 490 | 490 |
| 491 try { | 491 try { |
| 492 session = this.loginToken(token, userType, oldPin); | 492 session = this.loginToken(token, userType, oldPin); |
| 493 if (!session) | 493 if (!session) |
| 494 this.stop(token, 'error', 'Failed to login to token'); | 494 this.stop(token, 'error', 'Failed to login to token'); |
| 495 } catch (ex) { | 495 } catch (ex) { |
| 496 this.stop(token, 'error', 'Exception initializing PIN: ' + ex); | 496 this.stop(token, 'error', 'Exception initializing PIN: ' + ex); |
| 497 session.close(); | 497 session.logoutAndClose(); |
| 498 return false; | 498 return false; |
| 499 } | 499 } |
| 500 | 500 |
| 501 this.info('PIN Reset for: ' + pinType); | 501 this.info('PIN Reset for: ' + pinType); |
| 502 | 502 |
| 503 try { | 503 try { |
| 504 session.setPin(oldPin, newPin); | 504 session.setPin(oldPin, newPin); |
| 505 this.info('PIN Reset complete.'); | 505 this.info('PIN Reset complete.'); |
| 506 } catch (ex) { | 506 } catch (ex) { |
| 507 this.stop(token, 'error', 'Exception changing PIN: ' + ex); | 507 this.stop(token, 'error', 'Exception changing PIN: ' + ex); |
| 508 session.close(); | 508 session.logoutAndClose(); |
| 509 return false; | 509 return false; |
| 510 } | 510 } |
| 511 | 511 |
| 512 if (this.checkToken(token)) { | 512 if (this.checkToken(token)) { |
| 513 this.stop(token, 'ready'); | 513 this.stop(token, 'ready'); |
| 514 } else { | 514 } else { |
| 515 this.stop(token, pinType); | 515 this.stop(token, pinType); |
| 516 } | 516 } |
| 517 | 517 |
| 518 session.close(); | 518 session.logoutAndClose(); |
| 519 return true; | 519 return true; |
| 520 } | 520 } |
| 521 | 521 |
| 522 /** | 522 /** |
| 523 * Generate a RSA key pair on the PKCS#11 token. | 523 * Generate a RSA key pair on the PKCS#11 token. |
| 524 * | 524 * |
| 525 * 'label' and 'id' parameters are user-friendly values that will be applied | 525 * 'label' and 'id' parameters are user-friendly values that will be applied |
| 526 * to the generated keys. They can be used later for documentation and/or | 526 * to the generated keys. They can be used later for documentation and/or |
| 527 * key search/match. | 527 * key search/match. |
| 528 * | 528 * |
| (...skipping 277 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 806 pin = Policy.PKCS11_SO_PIN; | 806 pin = Policy.PKCS11_SO_PIN; |
| 807 break; | 807 break; |
| 808 default: | 808 default: |
| 809 this.error('Unknown user type'); | 809 this.error('Unknown user type'); |
| 810 return null; | 810 return null; |
| 811 } | 811 } |
| 812 } | 812 } |
| 813 | 813 |
| 814 var session = null; | 814 var session = null; |
| 815 | 815 |
| 816 this.info('Opening session and logging into token.'); |
| 817 |
| 816 try { | 818 try { |
| 817 token.closeAllSessions(); | 819 token.closeAllSessions(); |
| 818 session = token.openSession(Token.CKF_RW_SESSION); | 820 session = token.openSession(Token.CKF_RW_SESSION); |
| 819 } catch (ex) { | 821 } catch (ex) { |
| 820 this.error('Unable to open session: ' + ex); | 822 this.error('Unable to open session: ' + ex); |
| 821 return null; | 823 return null; |
| 822 } | 824 } |
| 823 | 825 |
| 824 try { | 826 try { |
| 825 if (!session.login(sessionType, pin)) { | 827 if (!session.login(sessionType, pin)) { |
| 826 this.error('Unable to log in user into token.'); | 828 this.error('Unable to log in user into token.'); |
| 827 session.close(); | 829 session.logoutAndClose(); |
| 828 return null; | 830 return null; |
| 829 } | 831 } |
| 830 } catch (ex) { | 832 } catch (ex) { |
| 831 this.error('Failed to login user into token: ' + ex); | 833 this.error('Failed to login user into token: ' + ex); |
| 832 session.close(); | 834 session.logoutAndClose(); |
| 833 return null; | 835 return null; |
| 834 } | 836 } |
| 835 | 837 |
| 836 return session; | 838 return session; |
| 837 } | 839 } |
| 838 | 840 |
| 839 /** | 841 /** |
| 840 * Determine if this certificate definition has been successfully installed. | 842 * Determine if this certificate definition has been successfully installed. |
| 841 * | 843 * |
| 842 * @return {boolean} A boolean indicating whether or not this certificate | 844 * @return {boolean} A boolean indicating whether or not this certificate |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 945 | 947 |
| 946 var session = null; | 948 var session = null; |
| 947 try { | 949 try { |
| 948 session = this.policy.loginToken(token, Session.CKU_USER); | 950 session = this.policy.loginToken(token, Session.CKU_USER); |
| 949 if (!session) | 951 if (!session) |
| 950 return this.error('Cannot login to token.'); | 952 return this.error('Cannot login to token.'); |
| 951 | 953 |
| 952 var cert = policy.findCertificateById(session, this.id); | 954 var cert = policy.findCertificateById(session, this.id); |
| 953 var key = policy.findPrivateKeyById(session, this.id); | 955 var key = policy.findPrivateKeyById(session, this.id); |
| 954 | 956 |
| 955 session.close(); | 957 session.logoutAndClose(); |
| 956 | 958 |
| 957 return (cert != null && key != null); | 959 return (cert != null && key != null); |
| 958 } catch(ex) { | 960 } catch(ex) { |
| 959 session.close(); | 961 session.logoutAndClose(); |
| 960 this.error('Error checking certificate is installed: ', ex); | 962 this.error('Error checking certificate is installed: ', ex); |
| 961 } | 963 } |
| 962 | 964 |
| 963 return false; | 965 return false; |
| 964 }; | 966 }; |
| 965 | 967 |
| 966 /** | 968 /** |
| 967 * Initiate the CSR process for this certificate definition. | 969 * Initiate the CSR process for this certificate definition. |
| 968 */ | 970 */ |
| 969 Policy.Certificate.prototype.initiateCSR = | 971 Policy.Certificate.prototype.initiateCSR = |
| (...skipping 25 matching lines...) Expand all Loading... |
| 995 if (!session) | 997 if (!session) |
| 996 return this.stop('error', 'Cannot login to token.'); | 998 return this.stop('error', 'Cannot login to token.'); |
| 997 | 999 |
| 998 // Remove any existing entries matching this.id. | 1000 // Remove any existing entries matching this.id. |
| 999 this.policy.removeObjectsById(session, this.id); | 1001 this.policy.removeObjectsById(session, this.id); |
| 1000 | 1002 |
| 1001 try { | 1003 try { |
| 1002 // Generate a key pair. | 1004 // Generate a key pair. |
| 1003 this.policy.generateKeyPair(session, this.id, this.label); | 1005 this.policy.generateKeyPair(session, this.id, this.label); |
| 1004 } catch(e) { | 1006 } catch(e) { |
| 1005 session.close(); | 1007 session.logoutAndClose(); |
| 1006 return this.stop('error', 'Failed to create key on PKCS#11 device: ' + e); | 1008 return this.stop('error', 'Failed to create key on PKCS#11 device: ' + e); |
| 1007 } | 1009 } |
| 1008 | 1010 |
| 1009 this.stop('key', 'Key generation complete'); | 1011 this.stop('key', 'Key generation complete'); |
| 1010 | 1012 |
| 1011 session.close(); | 1013 session.logoutAndClose(); |
| 1012 | 1014 |
| 1013 this.start('csr', 'Initiating Certificate Signing Request'); | 1015 this.start('csr', 'Initiating Certificate Signing Request'); |
| 1014 | 1016 |
| 1015 // create a CSR using the generated key pair. | 1017 // create a CSR using the generated key pair. |
| 1016 var engine = this.policy.engine; | 1018 var engine = this.policy.engine; |
| 1017 this.info('Generating CSR for id: ' + this.id + ' subject: ' + subject); | 1019 this.info('Generating CSR for id: ' + this.id + ' subject: ' + subject); |
| 1018 var csr = engine.createCSR(this.id, subject); | 1020 var csr = engine.createCSR(this.id, subject); |
| 1019 | 1021 |
| 1020 // Copy the CSR as a string to the environment. | 1022 // Copy the CSR as a string to the environment. |
| 1021 this.setVariable('csr', csr.toFormat(CSR.CSR_FORMAT_PEM_TEXT)); | 1023 this.setVariable('csr', csr.toFormat(CSR.CSR_FORMAT_PEM_TEXT)); |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1150 | 1152 |
| 1151 // Convert response to DER. | 1153 // Convert response to DER. |
| 1152 var x509 = new entd.crypto.OpenSSL.X509(cert, X509.X509_FORMAT_PEM_TEXT); | 1154 var x509 = new entd.crypto.OpenSSL.X509(cert, X509.X509_FORMAT_PEM_TEXT); |
| 1153 var x509_der = x509.toFormat(X509.X509_FORMAT_DER); | 1155 var x509_der = x509.toFormat(X509.X509_FORMAT_DER); |
| 1154 | 1156 |
| 1155 // Store certificate in the PKCS#11 token. | 1157 // Store certificate in the PKCS#11 token. |
| 1156 this.storeCertificate(session, this.id, this.label, this.subject, x509_der); | 1158 this.storeCertificate(session, this.id, this.label, this.subject, x509_der); |
| 1157 | 1159 |
| 1158 this.stop('cert'); | 1160 this.stop('cert'); |
| 1159 | 1161 |
| 1160 session.close(); | 1162 session.logoutAndClose(); |
| 1161 }; | 1163 }; |
| 1162 | 1164 |
| 1163 Policy.prototype.setBrowserPolicy = | 1165 Policy.prototype.setBrowserPolicy = |
| 1164 function setBrowserPolicy(type, sourcePolicy) { | 1166 function setBrowserPolicy(type, sourcePolicy) { |
| 1165 var targetPolicy; | 1167 var targetPolicy; |
| 1166 if (type == "managed") { | 1168 if (type == "managed") { |
| 1167 targetPolicy = entd.browser.managedPolicy; | 1169 targetPolicy = entd.browser.managedPolicy; |
| 1168 } else if (type == "recommended") { | 1170 } else if (type == "recommended") { |
| 1169 targetPolicy = entd.browser.recommendedPolicy; | 1171 targetPolicy = entd.browser.recommendedPolicy; |
| 1170 } else { | 1172 } else { |
| (...skipping 800 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1971 var result = []; | 1973 var result = []; |
| 1972 for (i = 0; i < str.length; i++) { | 1974 for (i = 0; i < str.length; i++) { |
| 1973 var d = str.charCodeAt(i); | 1975 var d = str.charCodeAt(i); |
| 1974 var h = d.toString(16); | 1976 var h = d.toString(16); |
| 1975 if (h.length == 1) | 1977 if (h.length == 1) |
| 1976 result.push('0'); | 1978 result.push('0'); |
| 1977 result.push(h); | 1979 result.push(h); |
| 1978 } | 1980 } |
| 1979 return result.join(''); | 1981 return result.join(''); |
| 1980 } | 1982 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6338003:
Explicitly logging out the token to avoid leaving it in a non-stable state. (Closed)
Base URL: http://git.chromium.org/git/entd.git@master