diff options
| author | satorux@chromium.org <satorux@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-22 19:16:59 +0000 |
|---|---|---|
| committer | satorux@chromium.org <satorux@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-22 19:16:59 +0000 |
| commit | e0ad08965570e57bdf1ad781c3dab31c470c4244 (patch) | |
| tree | 417ebf2377b2db35d068acf33ea2f2542834e73f /chrome/browser | |
| parent | ae77f32010cd2c0344279d7dca8388e86ab93f98 (diff) | |
| download | chromium_src-e0ad08965570e57bdf1ad781c3dab31c470c4244.zip chromium_src-e0ad08965570e57bdf1ad781c3dab31c470c4244.tar.gz chromium_src-e0ad08965570e57bdf1ad781c3dab31c470c4244.tar.bz2 | |
certificate manager: Disable export option for TPM-backed certs.
Add a separate boolean property to indicate that a client certificate
is hardware (TPM) backed. Certificate manager should disable the export
button for such certificates because there is no way to extract the
private key from the TPM.
BUG=126886
TEST=lumpy
Review URL: https://chromiumcodereview.appspot.com/10407072
Patch from Haixia Shi <hshi@chromium.org>.
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@138314 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser')
4 files changed, 23 insertions, 6 deletions
diff --git a/chrome/browser/certificate_manager_model.cc b/chrome/browser/certificate_manager_model.cc index 6989f72..22af7e8 100644 --- a/chrome/browser/certificate_manager_model.cc +++ b/chrome/browser/certificate_manager_model.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -81,9 +81,7 @@ string16 CertificateManagerModel::GetColumnText( #if defined(OS_CHROMEOS) // TODO(xiyuan): Put this into a column when we have js tree-table. - if (crypto::IsTPMTokenReady() && - cert.os_cert_handle()->slot == - cert_db().GetPrivateModule()->os_module_handle()) { + if (IsHardwareBacked(&cert)) { rv = l10n_util::GetStringFUTF16( IDS_CERT_MANAGER_HARDWARE_BACKED_KEY_FORMAT, rv, @@ -153,3 +151,14 @@ bool CertificateManagerModel::Delete(net::X509Certificate* cert) { Refresh(); return result; } + +bool CertificateManagerModel::IsHardwareBacked( + const net::X509Certificate* cert) const { +#if defined(OS_CHROMEOS) + return crypto::IsTPMTokenReady() && + cert->os_cert_handle()->slot == + cert_db().GetPrivateModule()->os_module_handle(); +#else + return false; +#endif +} diff --git a/chrome/browser/certificate_manager_model.h b/chrome/browser/certificate_manager_model.h index a824094..5196e36 100644 --- a/chrome/browser/certificate_manager_model.h +++ b/chrome/browser/certificate_manager_model.h @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -100,6 +100,9 @@ class CertificateManagerModel { // function returns. bool Delete(net::X509Certificate* cert); + // IsHardwareBacked returns true if |cert| is hardware backed. + bool IsHardwareBacked(const net::X509Certificate* cert) const; + private: // Callback used by Refresh() for when the cert slots have been unlocked. // This method does the actual refreshing. diff --git a/chrome/browser/resources/options2/certificate_manager.js b/chrome/browser/resources/options2/certificate_manager.js index e2e6425..5f09312 100644 --- a/chrome/browser/resources/options2/certificate_manager.js +++ b/chrome/browser/resources/options2/certificate_manager.js @@ -116,12 +116,13 @@ cr.define('options', function() { updateButtonState: function(data) { var isCert = !!data && data.id.substr(0, 5) == 'cert-'; var readOnly = !!data && data.readonly; + var extractable = !!data && data.extractable; var hasChildren = this.tree.items.length > 0; this.viewButton.disabled = !isCert; if (this.editButton !== null) this.editButton.disabled = !isCert; if (this.backupButton !== null) - this.backupButton.disabled = !isCert; + this.backupButton.disabled = !isCert || !extractable; if (this.backupAllButton !== null) this.backupAllButton.disabled = !hasChildren; if (this.exportButton !== null) diff --git a/chrome/browser/ui/webui/options2/certificate_manager_handler2.cc b/chrome/browser/ui/webui/options2/certificate_manager_handler2.cc index af91ea5..ea1c9c5 100644 --- a/chrome/browser/ui/webui/options2/certificate_manager_handler2.cc +++ b/chrome/browser/ui/webui/options2/certificate_manager_handler2.cc @@ -39,6 +39,7 @@ static const char kSubNodesId[] = "subnodes"; static const char kNameId[] = "name"; static const char kReadOnlyId[] = "readonly"; static const char kUntrustedId[] = "untrusted"; +static const char kExtractableId[] = "extractable"; static const char kSecurityDeviceId[] = "device"; static const char kErrorId[] = "error"; @@ -975,6 +976,9 @@ void CertificateManagerHandler::PopulateTree(const std::string& tab_name, cert_dict->SetBoolean( kUntrustedId, certificate_manager_model_->cert_db().IsUntrusted(cert)); + cert_dict->SetBoolean( + kExtractableId, + !certificate_manager_model_->IsHardwareBacked(cert)); // TODO(mattm): Other columns. subnodes->Append(cert_dict); } |