summaryrefslogtreecommitdiffstats
path: root/base
diff options
context:
space:
mode:
authorgspencer@chromium.org <gspencer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-04-12 20:40:12 +0000
committergspencer@chromium.org <gspencer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-04-12 20:40:12 +0000
commit74beead006b5c2eaf57dda4a2f7087085962df25 (patch)
tree18fe48dda89ed0255c722672a0aa45d00438ef5d /base
parent82b6e5142f45e0172ba15cb30b87f5e31456c55c (diff)
downloadchromium_src-74beead006b5c2eaf57dda4a2f7087085962df25.zip
chromium_src-74beead006b5c2eaf57dda4a2f7087085962df25.tar.gz
chromium_src-74beead006b5c2eaf57dda4a2f7087085962df25.tar.bz2
This enables hardware-backed .p12 file import on ChromeOS
The "Import and Bind" button in the certificate manager is now enabled, and will import .p12 certificate files into the TPM-backed PKCS#11 store. BUG=chromium-os:11896 TEST=Imported .p12 certificate file in both hardware-backed and non-hardware backed modes, and verified with command line tool that the certs showed up in the right stores. Also verified that both appeared in certificate manager UI. Review URL: http://codereview.chromium.org/6826016 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81300 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base')
-rw-r--r--base/nss_util.cc18
-rw-r--r--base/nss_util.h3
2 files changed, 17 insertions, 4 deletions
diff --git a/base/nss_util.cc b/base/nss_util.cc
index ad30ea1..a074ab5 100644
--- a/base/nss_util.cc
+++ b/base/nss_util.cc
@@ -6,11 +6,11 @@
#include "base/nss_util_internal.h"
#include <nss.h>
+#include <pk11pub.h>
#include <plarena.h>
#include <prerror.h>
#include <prinit.h>
#include <prtime.h>
-#include <pk11pub.h>
#include <secmod.h>
#if defined(OS_LINUX)
@@ -111,7 +111,7 @@ char* PKCS11PasswordFunc(PK11SlotInfo* slot, PRBool retry, void* arg) {
// If we get asked for a password for the TPM, then return the
// static password we use.
if (PK11_GetTokenName(slot) == base::GetTPMTokenName())
- return PORT_Strdup(kTPMUserPIN);
+ return PORT_Strdup(GetTPMUserPIN().c_str());
#endif
base::CryptoModuleBlockingPasswordDelegate* delegate =
reinterpret_cast<base::CryptoModuleBlockingPasswordDelegate*>(arg);
@@ -232,7 +232,7 @@ class NSSInitSingleton {
// provider, which are still read-only (because we initialized
// NSS before we had a cryptohome mounted).
software_slot_ = OpenUserDB(GetDefaultConfigDirectory(),
- kNSSDatabaseName);
+ kNSSDatabaseName);
}
}
@@ -245,7 +245,7 @@ class NSSInitSingleton {
kOpencryptokiPath,
// trustOrder=100 -- means it'll select this as the most
// trusted slot for the mechanisms it provides.
- // slotParams=... -- selects RSA as only mechanism, and only
+ // slotParams=... -- selects RSA as the only mechanism, and only
// asks for the password when necessary (instead of every
// time, or after a timeout).
"trustOrder=100 slotParams=(1={slotFlags=[RSA] askpw=only})");
@@ -273,6 +273,12 @@ class NSSInitSingleton {
return std::string(kTPMTokenName);
}
+ std::string GetTPMUserPIN() {
+ // TODO(gspencer): This should come from the dbus interchange with
+ // cryptohomed instead of being hard-coded.
+ return std::string(kTPMUserPIN);
+ }
+
PK11SlotInfo* GetTPMSlot() {
return FindSlotWithTokenName(GetTPMTokenName());
}
@@ -662,6 +668,10 @@ bool EnableTPMForNSS() {
std::string GetTPMTokenName() {
return g_nss_singleton.Get().GetTPMTokenName();
}
+
+std::string GetTPMUserPIN() {
+ return g_nss_singleton.Get().GetTPMUserPIN();
+}
#endif // defined(OS_CHROMEOS)
// TODO(port): Implement this more simply. We can convert by subtracting an
diff --git a/base/nss_util.h b/base/nss_util.h
index a92bfb25..adc514a 100644
--- a/base/nss_util.h
+++ b/base/nss_util.h
@@ -93,6 +93,9 @@ bool EnableTPMForNSS();
// Get name for the built-in TPM token on ChromeOS.
std::string GetTPMTokenName();
+
+// Get the user PIN for the built-in TPM token on ChromeOS.
+std::string GetTPMUserPIN();
#endif
// Convert a NSS PRTime value into a base::Time object.