diff options
| -rw-r--r-- | chrome/browser/chromeos/options/cert_library.cc | 4 | ||||
| -rw-r--r-- | chrome/browser/chromeos/options/cert_library.h | 3 | ||||
| -rw-r--r-- | chrome/browser/chromeos/options/wifi_config_view.cc | 13 | ||||
| -rw-r--r-- | chromeos/network/client_cert_util.h | 10 |
4 files changed, 19 insertions, 11 deletions
diff --git a/chrome/browser/chromeos/options/cert_library.cc b/chrome/browser/chromeos/options/cert_library.cc index 7eeea75..8c2c805 100644 --- a/chrome/browser/chromeos/options/cert_library.cc +++ b/chrome/browser/chromeos/options/cert_library.cc @@ -149,6 +149,10 @@ bool CertLibrary::IsHardwareBacked() const { return CertLoader::Get()->IsHardwareBacked(); } +std::string CertLibrary::GetTPMSlotID() const { + return base::IntToString(CertLoader::Get()->TPMTokenSlotID()); +} + int CertLibrary::NumCertificates(CertType type) const { const net::CertificateList& cert_list = GetCertificateListForType(type); return static_cast<int>(cert_list.size()); diff --git a/chrome/browser/chromeos/options/cert_library.h b/chrome/browser/chromeos/options/cert_library.h index eb9b7e5..e5d1cb0 100644 --- a/chrome/browser/chromeos/options/cert_library.h +++ b/chrome/browser/chromeos/options/cert_library.h @@ -63,6 +63,9 @@ class CertLibrary : public CertLoader::Observer { // Returns true if the TPM is available for hardware-backed certificates. bool IsHardwareBacked() const; + // Returns the id of the slot that contains the user certificates. + std::string GetTPMSlotID() const; + // Retruns the number of certificates available for |type|. int NumCertificates(CertType type) const; diff --git a/chrome/browser/chromeos/options/wifi_config_view.cc b/chrome/browser/chromeos/options/wifi_config_view.cc index c328ca1..a0119a7 100644 --- a/chrome/browser/chromeos/options/wifi_config_view.cc +++ b/chrome/browser/chromeos/options/wifi_config_view.cc @@ -14,6 +14,7 @@ #include "chrome/browser/chromeos/options/passphrase_textfield.h" #include "chrome/browser/profiles/profile_manager.h" #include "chromeos/login/login_state.h" +#include "chromeos/network/client_cert_util.h" #include "chromeos/network/network_configuration_handler.h" #include "chromeos/network/network_event_log.h" #include "chromeos/network/network_handler.h" @@ -872,12 +873,12 @@ void WifiConfigView::SetEapProperties(base::DictionaryValue* properties) { properties->SetStringWithoutPathExpansion( shill::kEapSubjectMatchProperty, GetEapSubjectMatch()); - // shill requires both CertID and KeyID for TLS connections, despite - // the fact that by convention they are the same ID. - properties->SetStringWithoutPathExpansion( - shill::kEapCertIdProperty, GetEapClientCertPkcs11Id()); - properties->SetStringWithoutPathExpansion( - shill::kEapKeyIdProperty, GetEapClientCertPkcs11Id()); + const std::string pkcs11id = GetEapClientCertPkcs11Id(); + client_cert::SetShillProperties(client_cert::CONFIG_TYPE_EAP, + CertLibrary::Get()->GetTPMSlotID(), + TPMTokenLoader::Get()->tpm_user_pin(), + &pkcs11id, + properties); properties->SetBooleanWithoutPathExpansion( shill::kEapUseSystemCasProperty, GetEapUseSystemCas()); diff --git a/chromeos/network/client_cert_util.h b/chromeos/network/client_cert_util.h index 3a1a392..7046ef7 100644 --- a/chromeos/network/client_cert_util.h +++ b/chromeos/network/client_cert_util.h @@ -66,11 +66,11 @@ CHROMEOS_EXPORT scoped_refptr<net::X509Certificate> GetCertificateMatch( // If not empty, sets the TPM properties in |properties|. If |pkcs11_id| is not // NULL, also sets the ClientCertID. |cert_config_type| determines which // dictionary entries to set. -void SetShillProperties(const ConfigType cert_config_type, - const std::string& tpm_slot, - const std::string& tpm_pin, - const std::string* pkcs11_id, - base::DictionaryValue* properties); +CHROMEOS_EXPORT void SetShillProperties(const ConfigType cert_config_type, + const std::string& tpm_slot, + const std::string& tpm_pin, + const std::string* pkcs11_id, + base::DictionaryValue* properties); // Returns true if all required configuration properties are set and not empty. bool IsCertificateConfigured(const client_cert::ConfigType cert_config_type, |