diff options
| author | jamescook@chromium.org <jamescook@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-13 22:31:51 +0000 |
|---|---|---|
| committer | jamescook@chromium.org <jamescook@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-13 22:31:51 +0000 |
| commit | 388e4d376be45063c5ba65b4d089f245665b7917 (patch) | |
| tree | 70b32b48a0f7b4a9a9dd20d44f79bfa3b72732c0 /chrome/common/net/x509_certificate_model_nss.cc | |
| parent | ccc66057ce11a5217c730cee82900bc21644a6fd (diff) | |
| download | chromium_src-388e4d376be45063c5ba65b4d089f245665b7917.zip chromium_src-388e4d376be45063c5ba65b4d089f245665b7917.tar.gz chromium_src-388e4d376be45063c5ba65b4d089f245665b7917.tar.bz2 | |
Join Wi-Fi network dialog lists user and server-CA certificates.
- Fixed width of server CA combobox, as it can be very wide.
- Introduced WifiConfigModel to hold cert info for WifiConfigView.
- Send user cert to flimflam by PKCS#11 ID
- Send server CA cert to flimflam by nickname
BUG=chromium-os:11412
TEST=Make successful connection to 802.1x network.
Review URL: http://codereview.chromium.org/6693083
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81498 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/common/net/x509_certificate_model_nss.cc')
| -rw-r--r-- | chrome/common/net/x509_certificate_model_nss.cc | 39 |
1 files changed, 35 insertions, 4 deletions
diff --git a/chrome/common/net/x509_certificate_model_nss.cc b/chrome/common/net/x509_certificate_model_nss.cc index 7fa298d..42fa7a4 100644 --- a/chrome/common/net/x509_certificate_model_nss.cc +++ b/chrome/common/net/x509_certificate_model_nss.cc @@ -7,11 +7,12 @@ #include <cert.h> #include <cms.h> #include <hasht.h> -#include <pk11pub.h> +#include <keyhi.h> // SECKEY_DestroyPrivateKey +#include <keythi.h> // SECKEYPrivateKey +#include <pk11pub.h> // PK11_FindKeyByAnyCert +#include <seccomon.h> // SECItem #include <sechash.h> -#include <pk11pub.h> - #include "base/logging.h" #include "base/nss_util.h" #include "base/string_number_conversions.h" @@ -100,7 +101,14 @@ using std::string; string GetCertNameOrNickname(X509Certificate::OSCertHandle cert_handle) { string name = ProcessIDN(Stringize(CERT_GetCommonName(&cert_handle->subject), "")); - if (name.empty() && cert_handle->nickname) { + if (!name.empty()) + return name; + return GetNickname(cert_handle); +} + +string GetNickname(X509Certificate::OSCertHandle cert_handle) { + string name; + if (cert_handle->nickname) { name = cert_handle->nickname; // Hack copied from mozilla: Cut off text before first :, which seems to // just be the token name. @@ -249,6 +257,29 @@ void GetNicknameStringsFromCertList( CERT_DestroyCertList(cert_list); } +// For background see this discussion on dev-tech-crypto.lists.mozilla.org: +// http://web.archiveorange.com/archive/v/6JJW7E40sypfZGtbkzxX +// +// NOTE: This function relies on the convention that the same PKCS#11 ID +// is shared between a certificate and its associated private and public +// keys. I tried to implement this with PK11_GetLowLevelKeyIDForCert(), +// but that always returns NULL on Chrome OS for me. +std::string GetPkcs11Id(net::X509Certificate::OSCertHandle cert_handle) { + std::string pkcs11_id; + SECKEYPrivateKey *priv_key = PK11_FindKeyByAnyCert(cert_handle, + NULL /* wincx */); + if (priv_key) { + // Get the CKA_ID attribute for a key. + SECItem* sec_item = PK11_GetLowLevelKeyIDForPrivateKey(priv_key); + if (sec_item) { + pkcs11_id = base::HexEncode(sec_item->data, sec_item->len); + SECITEM_FreeItem(sec_item, PR_TRUE); + } + SECKEY_DestroyPrivateKey(priv_key); + } + return pkcs11_id; +} + void GetExtensions( const string& critical_label, const string& non_critical_label, |