OLD | NEW |
1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 /** | 5 /** |
6 * Check the validity of the policy extension manifest. | 6 * Check the validity of the policy extension manifest. |
7 * | 7 * |
8 * This function is invoked by entd before the policy is loaded in order to | 8 * This function is invoked by entd before the policy is loaded in order to |
9 * check the validity of the extension manifest. If this function returns | 9 * check the validity of the extension manifest. If this function returns |
10 * false, entd exits and does not restart until the next user logs in. | 10 * false, entd exits and does not restart until the next user logs in. |
(...skipping 476 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
487 } | 487 } |
488 return true; | 488 return true; |
489 } | 489 } |
490 | 490 |
491 try { | 491 try { |
492 session = this.loginToken(token, userType, oldPin); | 492 session = this.loginToken(token, userType, oldPin); |
493 if (!session) | 493 if (!session) |
494 this.stop(token, 'error', 'Failed to login to token'); | 494 this.stop(token, 'error', 'Failed to login to token'); |
495 } catch (ex) { | 495 } catch (ex) { |
496 this.stop(token, 'error', 'Exception initializing PIN: ' + ex); | 496 this.stop(token, 'error', 'Exception initializing PIN: ' + ex); |
497 session.close(); | 497 session.logoutAndClose(); |
498 return false; | 498 return false; |
499 } | 499 } |
500 | 500 |
501 this.info('PIN Reset for: ' + pinType); | 501 this.info('PIN Reset for: ' + pinType); |
502 | 502 |
503 try { | 503 try { |
504 session.setPin(oldPin, newPin); | 504 session.setPin(oldPin, newPin); |
505 this.info('PIN Reset complete.'); | 505 this.info('PIN Reset complete.'); |
506 } catch (ex) { | 506 } catch (ex) { |
507 this.stop(token, 'error', 'Exception changing PIN: ' + ex); | 507 this.stop(token, 'error', 'Exception changing PIN: ' + ex); |
508 session.close(); | 508 session.logoutAndClose(); |
509 return false; | 509 return false; |
510 } | 510 } |
511 | 511 |
512 if (this.checkToken(token)) { | 512 if (this.checkToken(token)) { |
513 this.stop(token, 'ready'); | 513 this.stop(token, 'ready'); |
514 } else { | 514 } else { |
515 this.stop(token, pinType); | 515 this.stop(token, pinType); |
516 } | 516 } |
517 | 517 |
518 session.close(); | 518 session.logoutAndClose(); |
519 return true; | 519 return true; |
520 } | 520 } |
521 | 521 |
522 /** | 522 /** |
523 * Generate a RSA key pair on the PKCS#11 token. | 523 * Generate a RSA key pair on the PKCS#11 token. |
524 * | 524 * |
525 * 'label' and 'id' parameters are user-friendly values that will be applied | 525 * 'label' and 'id' parameters are user-friendly values that will be applied |
526 * to the generated keys. They can be used later for documentation and/or | 526 * to the generated keys. They can be used later for documentation and/or |
527 * key search/match. | 527 * key search/match. |
528 * | 528 * |
(...skipping 277 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
806 pin = Policy.PKCS11_SO_PIN; | 806 pin = Policy.PKCS11_SO_PIN; |
807 break; | 807 break; |
808 default: | 808 default: |
809 this.error('Unknown user type'); | 809 this.error('Unknown user type'); |
810 return null; | 810 return null; |
811 } | 811 } |
812 } | 812 } |
813 | 813 |
814 var session = null; | 814 var session = null; |
815 | 815 |
| 816 this.info('Opening session and logging into token.'); |
| 817 |
816 try { | 818 try { |
817 token.closeAllSessions(); | 819 token.closeAllSessions(); |
818 session = token.openSession(Token.CKF_RW_SESSION); | 820 session = token.openSession(Token.CKF_RW_SESSION); |
819 } catch (ex) { | 821 } catch (ex) { |
820 this.error('Unable to open session: ' + ex); | 822 this.error('Unable to open session: ' + ex); |
821 return null; | 823 return null; |
822 } | 824 } |
823 | 825 |
824 try { | 826 try { |
825 if (!session.login(sessionType, pin)) { | 827 if (!session.login(sessionType, pin)) { |
826 this.error('Unable to log in user into token.'); | 828 this.error('Unable to log in user into token.'); |
827 session.close(); | 829 session.logoutAndClose(); |
828 return null; | 830 return null; |
829 } | 831 } |
830 } catch (ex) { | 832 } catch (ex) { |
831 this.error('Failed to login user into token: ' + ex); | 833 this.error('Failed to login user into token: ' + ex); |
832 session.close(); | 834 session.logoutAndClose(); |
833 return null; | 835 return null; |
834 } | 836 } |
835 | 837 |
836 return session; | 838 return session; |
837 } | 839 } |
838 | 840 |
839 /** | 841 /** |
840 * Determine if this certificate definition has been successfully installed. | 842 * Determine if this certificate definition has been successfully installed. |
841 * | 843 * |
842 * @return {boolean} A boolean indicating whether or not this certificate | 844 * @return {boolean} A boolean indicating whether or not this certificate |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
945 | 947 |
946 var session = null; | 948 var session = null; |
947 try { | 949 try { |
948 session = this.policy.loginToken(token, Session.CKU_USER); | 950 session = this.policy.loginToken(token, Session.CKU_USER); |
949 if (!session) | 951 if (!session) |
950 return this.error('Cannot login to token.'); | 952 return this.error('Cannot login to token.'); |
951 | 953 |
952 var cert = policy.findCertificateById(session, this.id); | 954 var cert = policy.findCertificateById(session, this.id); |
953 var key = policy.findPrivateKeyById(session, this.id); | 955 var key = policy.findPrivateKeyById(session, this.id); |
954 | 956 |
955 session.close(); | 957 session.logoutAndClose(); |
956 | 958 |
957 return (cert != null && key != null); | 959 return (cert != null && key != null); |
958 } catch(ex) { | 960 } catch(ex) { |
959 session.close(); | 961 session.logoutAndClose(); |
960 this.error('Error checking certificate is installed: ', ex); | 962 this.error('Error checking certificate is installed: ', ex); |
961 } | 963 } |
962 | 964 |
963 return false; | 965 return false; |
964 }; | 966 }; |
965 | 967 |
966 /** | 968 /** |
967 * Initiate the CSR process for this certificate definition. | 969 * Initiate the CSR process for this certificate definition. |
968 */ | 970 */ |
969 Policy.Certificate.prototype.initiateCSR = | 971 Policy.Certificate.prototype.initiateCSR = |
(...skipping 25 matching lines...) Expand all Loading... |
995 if (!session) | 997 if (!session) |
996 return this.stop('error', 'Cannot login to token.'); | 998 return this.stop('error', 'Cannot login to token.'); |
997 | 999 |
998 // Remove any existing entries matching this.id. | 1000 // Remove any existing entries matching this.id. |
999 this.policy.removeObjectsById(session, this.id); | 1001 this.policy.removeObjectsById(session, this.id); |
1000 | 1002 |
1001 try { | 1003 try { |
1002 // Generate a key pair. | 1004 // Generate a key pair. |
1003 this.policy.generateKeyPair(session, this.id, this.label); | 1005 this.policy.generateKeyPair(session, this.id, this.label); |
1004 } catch(e) { | 1006 } catch(e) { |
1005 session.close(); | 1007 session.logoutAndClose(); |
1006 return this.stop('error', 'Failed to create key on PKCS#11 device: ' + e); | 1008 return this.stop('error', 'Failed to create key on PKCS#11 device: ' + e); |
1007 } | 1009 } |
1008 | 1010 |
1009 this.stop('key', 'Key generation complete'); | 1011 this.stop('key', 'Key generation complete'); |
1010 | 1012 |
1011 session.close(); | 1013 session.logoutAndClose(); |
1012 | 1014 |
1013 this.start('csr', 'Initiating Certificate Signing Request'); | 1015 this.start('csr', 'Initiating Certificate Signing Request'); |
1014 | 1016 |
1015 // create a CSR using the generated key pair. | 1017 // create a CSR using the generated key pair. |
1016 var engine = this.policy.engine; | 1018 var engine = this.policy.engine; |
1017 this.info('Generating CSR for id: ' + this.id + ' subject: ' + subject); | 1019 this.info('Generating CSR for id: ' + this.id + ' subject: ' + subject); |
1018 var csr = engine.createCSR(this.id, subject); | 1020 var csr = engine.createCSR(this.id, subject); |
1019 | 1021 |
1020 // Copy the CSR as a string to the environment. | 1022 // Copy the CSR as a string to the environment. |
1021 this.setVariable('csr', csr.toFormat(CSR.CSR_FORMAT_PEM_TEXT)); | 1023 this.setVariable('csr', csr.toFormat(CSR.CSR_FORMAT_PEM_TEXT)); |
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1150 | 1152 |
1151 // Convert response to DER. | 1153 // Convert response to DER. |
1152 var x509 = new entd.crypto.OpenSSL.X509(cert, X509.X509_FORMAT_PEM_TEXT); | 1154 var x509 = new entd.crypto.OpenSSL.X509(cert, X509.X509_FORMAT_PEM_TEXT); |
1153 var x509_der = x509.toFormat(X509.X509_FORMAT_DER); | 1155 var x509_der = x509.toFormat(X509.X509_FORMAT_DER); |
1154 | 1156 |
1155 // Store certificate in the PKCS#11 token. | 1157 // Store certificate in the PKCS#11 token. |
1156 this.storeCertificate(session, this.id, this.label, this.subject, x509_der); | 1158 this.storeCertificate(session, this.id, this.label, this.subject, x509_der); |
1157 | 1159 |
1158 this.stop('cert'); | 1160 this.stop('cert'); |
1159 | 1161 |
1160 session.close(); | 1162 session.logoutAndClose(); |
1161 }; | 1163 }; |
1162 | 1164 |
1163 Policy.prototype.setBrowserPolicy = | 1165 Policy.prototype.setBrowserPolicy = |
1164 function setBrowserPolicy(type, sourcePolicy) { | 1166 function setBrowserPolicy(type, sourcePolicy) { |
1165 var targetPolicy; | 1167 var targetPolicy; |
1166 if (type == "managed") { | 1168 if (type == "managed") { |
1167 targetPolicy = entd.browser.managedPolicy; | 1169 targetPolicy = entd.browser.managedPolicy; |
1168 } else if (type == "recommended") { | 1170 } else if (type == "recommended") { |
1169 targetPolicy = entd.browser.recommendedPolicy; | 1171 targetPolicy = entd.browser.recommendedPolicy; |
1170 } else { | 1172 } else { |
(...skipping 800 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1971 var result = []; | 1973 var result = []; |
1972 for (i = 0; i < str.length; i++) { | 1974 for (i = 0; i < str.length; i++) { |
1973 var d = str.charCodeAt(i); | 1975 var d = str.charCodeAt(i); |
1974 var h = d.toString(16); | 1976 var h = d.toString(16); |
1975 if (h.length == 1) | 1977 if (h.length == 1) |
1976 result.push('0'); | 1978 result.push('0'); |
1977 result.push(h); | 1979 result.push(h); |
1978 } | 1980 } |
1979 return result.join(''); | 1981 return result.join(''); |
1980 } | 1982 } |
OLD | NEW |