diff options
| author | pneubeck <pneubeck@chromium.org> | 2014-11-06 02:56:19 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2014-11-06 10:57:18 +0000 |
| commit | ad2f21668af6195ca662136305a029e0331c3d20 (patch) | |
| tree | 37f9951085e9c8dfb813a435423bbc13815d046f /chromeos/network | |
| parent | 758abebc6360e6c4bad50acd851a0c41c85695ac (diff) | |
| download | chromium_src-ad2f21668af6195ca662136305a029e0331c3d20.zip chromium_src-ad2f21668af6195ca662136305a029e0331c3d20.tar.gz chromium_src-ad2f21668af6195ca662136305a029e0331c3d20.tar.bz2 | |
ClientCertResolver: Remove IsHardwareBacked check.
There were two methods: one to check whether the hardware backed crypto token is loaded at all and one to check whether an individual certificate is hardware backed.
These were not consistently used by ClientCertResolver and the network configuration UI.
Now always individual certificates are checked to be hardware backed and the IsHardwareBacked method is removed from CertLoader.
For upcoming changes, it's also required that ClientCertResolver notifies observers even if no certificate patterns were resolved or no hardware token is present. Therefore, the check for IsHardwareBacked is removed.
BUG=424036
Review URL: https://codereview.chromium.org/699073003
Cr-Commit-Position: refs/heads/master@{#303005}
Diffstat (limited to 'chromeos/network')
| -rw-r--r-- | chromeos/network/client_cert_resolver.cc | 7 | ||||
| -rw-r--r-- | chromeos/network/client_cert_resolver_unittest.cc | 2 | ||||
| -rw-r--r-- | chromeos/network/network_connection_handler_unittest.cc | 3 |
3 files changed, 4 insertions, 8 deletions
diff --git a/chromeos/network/client_cert_resolver.cc b/chromeos/network/client_cert_resolver.cc index 8b8b8ba..ed1de01 100644 --- a/chromeos/network/client_cert_resolver.cc +++ b/chromeos/network/client_cert_resolver.cc @@ -138,7 +138,8 @@ std::vector<CertAndIssuer> CreateSortedCertAndIssuerList( it != certs.end(); ++it) { const net::X509Certificate& cert = **it; if (cert.valid_expiry().is_null() || cert.HasExpired() || - !HasPrivateKey(cert)) { + !HasPrivateKey(cert) || + !CertLoader::IsCertificateHardwareBacked(&cert)) { continue; } net::ScopedCERTCertificate issuer_handle( @@ -221,10 +222,6 @@ bool ClientCertificatesLoaded() { VLOG(1) << "Certificates not loaded yet."; return false; } - if (!CertLoader::Get()->IsHardwareBacked()) { - VLOG(1) << "TPM is not available."; - return false; - } return true; } diff --git a/chromeos/network/client_cert_resolver_unittest.cc b/chromeos/network/client_cert_resolver_unittest.cc index a63e67f..bbffab4 100644 --- a/chromeos/network/client_cert_resolver_unittest.cc +++ b/chromeos/network/client_cert_resolver_unittest.cc @@ -78,7 +78,7 @@ class ClientCertResolverTest : public testing::Test, CertLoader::Initialize(); cert_loader_ = CertLoader::Get(); - cert_loader_->force_hardware_backed_for_test(); + CertLoader::ForceHardwareBackedForTesting(); } void TearDown() override { diff --git a/chromeos/network/network_connection_handler_unittest.cc b/chromeos/network/network_connection_handler_unittest.cc index e665650..b2c61ac 100644 --- a/chromeos/network/network_connection_handler_unittest.cc +++ b/chromeos/network/network_connection_handler_unittest.cc @@ -74,8 +74,7 @@ class NetworkConnectionHandlerTest : public testing::Test { test_nssdb_->SetSlowTaskRunnerForTest(message_loop_.message_loop_proxy()); CertLoader::Initialize(); - CertLoader* cert_loader = CertLoader::Get(); - cert_loader->force_hardware_backed_for_test(); + CertLoader::ForceHardwareBackedForTesting(); DBusThreadManager::Initialize(); DBusThreadManager* dbus_manager = DBusThreadManager::Get(); |