diff options
| author | pneubeck <pneubeck@chromium.org> | 2014-11-06 02:56:19 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2014-11-06 10:57:18 +0000 |
| commit | ad2f21668af6195ca662136305a029e0331c3d20 (patch) | |
| tree | 37f9951085e9c8dfb813a435423bbc13815d046f /chromeos/cert_loader.cc | |
| parent | 758abebc6360e6c4bad50acd851a0c41c85695ac (diff) | |
| download | chromium_src-ad2f21668af6195ca662136305a029e0331c3d20.zip chromium_src-ad2f21668af6195ca662136305a029e0331c3d20.tar.gz chromium_src-ad2f21668af6195ca662136305a029e0331c3d20.tar.bz2 | |
ClientCertResolver: Remove IsHardwareBacked check.
There were two methods: one to check whether the hardware backed crypto token is loaded at all and one to check whether an individual certificate is hardware backed.
These were not consistently used by ClientCertResolver and the network configuration UI.
Now always individual certificates are checked to be hardware backed and the IsHardwareBacked method is removed from CertLoader.
For upcoming changes, it's also required that ClientCertResolver notifies observers even if no certificate patterns were resolved or no hardware token is present. Therefore, the check for IsHardwareBacked is removed.
BUG=424036
Review URL: https://codereview.chromium.org/699073003
Cr-Commit-Position: refs/heads/master@{#303005}
Diffstat (limited to 'chromeos/cert_loader.cc')
| -rw-r--r-- | chromeos/cert_loader.cc | 27 |
1 files changed, 11 insertions, 16 deletions
diff --git a/chromeos/cert_loader.cc b/chromeos/cert_loader.cc index dc8715b..747f625 100644 --- a/chromeos/cert_loader.cc +++ b/chromeos/cert_loader.cc @@ -21,6 +21,7 @@ namespace chromeos { static CertLoader* g_cert_loader = NULL; +static bool g_force_hardware_backed_for_test = false; // static void CertLoader::Initialize() { @@ -51,7 +52,6 @@ CertLoader::CertLoader() certificates_update_required_(false), certificates_update_running_(false), database_(NULL), - force_hardware_backed_for_test_(false), cert_list_(new net::CertificateList), weak_factory_(this) { } @@ -84,22 +84,12 @@ void CertLoader::RemoveObserver(CertLoader::Observer* observer) { observers_.RemoveObserver(observer); } -bool CertLoader::IsHardwareBacked() const { - if (force_hardware_backed_for_test_) +// static +bool CertLoader::IsCertificateHardwareBacked(const net::X509Certificate* cert) { + if (g_force_hardware_backed_for_test) return true; - if (!database_) - return false; - crypto::ScopedPK11Slot slot(database_->GetPrivateSlot()); - if (!slot) - return false; - return PK11_IsHW(slot.get()); -} - -bool CertLoader::IsCertificateHardwareBacked( - const net::X509Certificate* cert) const { - if (!database_) - return false; - return database_->IsHardwareBacked(cert); + PK11SlotInfo* slot = cert->os_cert_handle()->slot; + return slot && PK11_IsHW(slot); } bool CertLoader::CertificatesLoading() const { @@ -107,6 +97,11 @@ bool CertLoader::CertificatesLoading() const { } // static +void CertLoader::ForceHardwareBackedForTesting() { + g_force_hardware_backed_for_test = true; +} + +// static // // For background see this discussion on dev-tech-crypto.lists.mozilla.org: // http://web.archiveorange.com/archive/v/6JJW7E40sypfZGtbkzxX |