diff options
| author | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-07-23 14:11:49 +0000 |
|---|---|---|
| committer | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-07-23 14:11:49 +0000 |
| commit | eecbd73d6fc73a32e5a5ccd7ad948fd36ac6fc88 (patch) | |
| tree | d02de1e2b54a7005ea44d85075a2e07ee740e94b | |
| parent | 22ce003923fa921868bb66ef8e96adb3b80af362 (diff) | |
| download | chromium_src-eecbd73d6fc73a32e5a5ccd7ad948fd36ac6fc88.zip chromium_src-eecbd73d6fc73a32e5a5ccd7ad948fd36ac6fc88.tar.gz chromium_src-eecbd73d6fc73a32e5a5ccd7ad948fd36ac6fc88.tar.bz2 | |
Pass slot id to Shill for manually configured WiFi with EAP-TLS.
Before, wifi_config_view directly set the shill::kEapCertIdProperty and shill::kEapKeyIdProperty. Since the system token is enabled in ChromeOS, these properties have to be of the format '<slot_id>:<key_id>' and not only '<key_id>'.
This change fixes this by reusing the client_cert::SetShillProperties function, which sets the properties in the correct format.
R=pastarmovj@chromium.org
TBR=stevenjb@chromium.org
BUG=358366, 396181
Review URL: https://codereview.chromium.org/415483002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@284914 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/browser/chromeos/options/cert_library.cc | 4 | ||||
| -rw-r--r-- | chrome/browser/chromeos/options/cert_library.h | 3 | ||||
| -rw-r--r-- | chrome/browser/chromeos/options/wifi_config_view.cc | 13 | ||||
| -rw-r--r-- | chromeos/network/client_cert_util.h | 10 |
4 files changed, 19 insertions, 11 deletions
diff --git a/chrome/browser/chromeos/options/cert_library.cc b/chrome/browser/chromeos/options/cert_library.cc index 7eeea75..8c2c805 100644 --- a/chrome/browser/chromeos/options/cert_library.cc +++ b/chrome/browser/chromeos/options/cert_library.cc @@ -149,6 +149,10 @@ bool CertLibrary::IsHardwareBacked() const { return CertLoader::Get()->IsHardwareBacked(); } +std::string CertLibrary::GetTPMSlotID() const { + return base::IntToString(CertLoader::Get()->TPMTokenSlotID()); +} + int CertLibrary::NumCertificates(CertType type) const { const net::CertificateList& cert_list = GetCertificateListForType(type); return static_cast<int>(cert_list.size()); diff --git a/chrome/browser/chromeos/options/cert_library.h b/chrome/browser/chromeos/options/cert_library.h index eb9b7e5..e5d1cb0 100644 --- a/chrome/browser/chromeos/options/cert_library.h +++ b/chrome/browser/chromeos/options/cert_library.h @@ -63,6 +63,9 @@ class CertLibrary : public CertLoader::Observer { // Returns true if the TPM is available for hardware-backed certificates. bool IsHardwareBacked() const; + // Returns the id of the slot that contains the user certificates. + std::string GetTPMSlotID() const; + // Retruns the number of certificates available for |type|. int NumCertificates(CertType type) const; diff --git a/chrome/browser/chromeos/options/wifi_config_view.cc b/chrome/browser/chromeos/options/wifi_config_view.cc index c328ca1..a0119a7 100644 --- a/chrome/browser/chromeos/options/wifi_config_view.cc +++ b/chrome/browser/chromeos/options/wifi_config_view.cc @@ -14,6 +14,7 @@ #include "chrome/browser/chromeos/options/passphrase_textfield.h" #include "chrome/browser/profiles/profile_manager.h" #include "chromeos/login/login_state.h" +#include "chromeos/network/client_cert_util.h" #include "chromeos/network/network_configuration_handler.h" #include "chromeos/network/network_event_log.h" #include "chromeos/network/network_handler.h" @@ -872,12 +873,12 @@ void WifiConfigView::SetEapProperties(base::DictionaryValue* properties) { properties->SetStringWithoutPathExpansion( shill::kEapSubjectMatchProperty, GetEapSubjectMatch()); - // shill requires both CertID and KeyID for TLS connections, despite - // the fact that by convention they are the same ID. - properties->SetStringWithoutPathExpansion( - shill::kEapCertIdProperty, GetEapClientCertPkcs11Id()); - properties->SetStringWithoutPathExpansion( - shill::kEapKeyIdProperty, GetEapClientCertPkcs11Id()); + const std::string pkcs11id = GetEapClientCertPkcs11Id(); + client_cert::SetShillProperties(client_cert::CONFIG_TYPE_EAP, + CertLibrary::Get()->GetTPMSlotID(), + TPMTokenLoader::Get()->tpm_user_pin(), + &pkcs11id, + properties); properties->SetBooleanWithoutPathExpansion( shill::kEapUseSystemCasProperty, GetEapUseSystemCas()); diff --git a/chromeos/network/client_cert_util.h b/chromeos/network/client_cert_util.h index 3a1a392..7046ef7 100644 --- a/chromeos/network/client_cert_util.h +++ b/chromeos/network/client_cert_util.h @@ -66,11 +66,11 @@ CHROMEOS_EXPORT scoped_refptr<net::X509Certificate> GetCertificateMatch( // If not empty, sets the TPM properties in |properties|. If |pkcs11_id| is not // NULL, also sets the ClientCertID. |cert_config_type| determines which // dictionary entries to set. -void SetShillProperties(const ConfigType cert_config_type, - const std::string& tpm_slot, - const std::string& tpm_pin, - const std::string* pkcs11_id, - base::DictionaryValue* properties); +CHROMEOS_EXPORT void SetShillProperties(const ConfigType cert_config_type, + const std::string& tpm_slot, + const std::string& tpm_pin, + const std::string* pkcs11_id, + base::DictionaryValue* properties); // Returns true if all required configuration properties are set and not empty. bool IsCertificateConfigured(const client_cert::ConfigType cert_config_type, |