diff options
author | gspencer@chromium.org <gspencer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-12 20:40:12 +0000 |
---|---|---|
committer | gspencer@chromium.org <gspencer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-12 20:40:12 +0000 |
commit | 74beead006b5c2eaf57dda4a2f7087085962df25 (patch) | |
tree | 18fe48dda89ed0255c722672a0aa45d00438ef5d /base | |
parent | 82b6e5142f45e0172ba15cb30b87f5e31456c55c (diff) | |
download | chromium_src-74beead006b5c2eaf57dda4a2f7087085962df25.zip chromium_src-74beead006b5c2eaf57dda4a2f7087085962df25.tar.gz chromium_src-74beead006b5c2eaf57dda4a2f7087085962df25.tar.bz2 |
This enables hardware-backed .p12 file import on ChromeOS
The "Import and Bind" button in the certificate manager is now
enabled, and will import .p12 certificate files into the TPM-backed
PKCS#11 store.
BUG=chromium-os:11896
TEST=Imported .p12 certificate file in both hardware-backed and
non-hardware backed modes, and verified with command line tool that
the certs showed up in the right stores. Also verified that both
appeared in certificate manager UI.
Review URL: http://codereview.chromium.org/6826016
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81300 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base')
-rw-r--r-- | base/nss_util.cc | 18 | ||||
-rw-r--r-- | base/nss_util.h | 3 |
2 files changed, 17 insertions, 4 deletions
diff --git a/base/nss_util.cc b/base/nss_util.cc index ad30ea1..a074ab5 100644 --- a/base/nss_util.cc +++ b/base/nss_util.cc @@ -6,11 +6,11 @@ #include "base/nss_util_internal.h" #include <nss.h> +#include <pk11pub.h> #include <plarena.h> #include <prerror.h> #include <prinit.h> #include <prtime.h> -#include <pk11pub.h> #include <secmod.h> #if defined(OS_LINUX) @@ -111,7 +111,7 @@ char* PKCS11PasswordFunc(PK11SlotInfo* slot, PRBool retry, void* arg) { // If we get asked for a password for the TPM, then return the // static password we use. if (PK11_GetTokenName(slot) == base::GetTPMTokenName()) - return PORT_Strdup(kTPMUserPIN); + return PORT_Strdup(GetTPMUserPIN().c_str()); #endif base::CryptoModuleBlockingPasswordDelegate* delegate = reinterpret_cast<base::CryptoModuleBlockingPasswordDelegate*>(arg); @@ -232,7 +232,7 @@ class NSSInitSingleton { // provider, which are still read-only (because we initialized // NSS before we had a cryptohome mounted). software_slot_ = OpenUserDB(GetDefaultConfigDirectory(), - kNSSDatabaseName); + kNSSDatabaseName); } } @@ -245,7 +245,7 @@ class NSSInitSingleton { kOpencryptokiPath, // trustOrder=100 -- means it'll select this as the most // trusted slot for the mechanisms it provides. - // slotParams=... -- selects RSA as only mechanism, and only + // slotParams=... -- selects RSA as the only mechanism, and only // asks for the password when necessary (instead of every // time, or after a timeout). "trustOrder=100 slotParams=(1={slotFlags=[RSA] askpw=only})"); @@ -273,6 +273,12 @@ class NSSInitSingleton { return std::string(kTPMTokenName); } + std::string GetTPMUserPIN() { + // TODO(gspencer): This should come from the dbus interchange with + // cryptohomed instead of being hard-coded. + return std::string(kTPMUserPIN); + } + PK11SlotInfo* GetTPMSlot() { return FindSlotWithTokenName(GetTPMTokenName()); } @@ -662,6 +668,10 @@ bool EnableTPMForNSS() { std::string GetTPMTokenName() { return g_nss_singleton.Get().GetTPMTokenName(); } + +std::string GetTPMUserPIN() { + return g_nss_singleton.Get().GetTPMUserPIN(); +} #endif // defined(OS_CHROMEOS) // TODO(port): Implement this more simply. We can convert by subtracting an diff --git a/base/nss_util.h b/base/nss_util.h index a92bfb25..adc514a 100644 --- a/base/nss_util.h +++ b/base/nss_util.h @@ -93,6 +93,9 @@ bool EnableTPMForNSS(); // Get name for the built-in TPM token on ChromeOS. std::string GetTPMTokenName(); + +// Get the user PIN for the built-in TPM token on ChromeOS. +std::string GetTPMUserPIN(); #endif // Convert a NSS PRTime value into a base::Time object. |