diff options
| -rw-r--r-- | chrome/app/generated_resources.grd | 12 | ||||
| -rw-r--r-- | chrome/browser/certificate_manager_model.cc | 18 | ||||
| -rw-r--r-- | chrome/browser/certificate_manager_model.h | 2 | ||||
| -rw-r--r-- | chrome/browser/ui/webui/options/certificate_manager_handler.cc | 4 | ||||
| -rw-r--r-- | net/cert/nss_cert_database.cc | 5 | ||||
| -rw-r--r-- | net/cert/nss_cert_database.h | 3 |
6 files changed, 16 insertions, 28 deletions
diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd index d5459bf..1d07fdb 100644 --- a/chrome/app/generated_resources.grd +++ b/chrome/app/generated_resources.grd @@ -3252,6 +3252,12 @@ Public Exponent (<ph name="PUBLIC_EXPONENT_NUM_BITS">$3<ex>24</ex></ph> bits): <message name="IDS_CERT_MANAGER_SERVER_IMPORT_ERROR_TITLE" desc="The title in the error dialog for Certification Authority file import errors."> Server Certificate Import Error </message> + <message name="IDS_CERT_MANAGER_HARDWARE_BACKED_KEY_FORMAT" desc="A format used to create label for hardware-backed keys."> + <ph name="KEY_NAME">$1<ex>John Doe</ex></ph> (<ph name="DEVICE">$2<ex>hardware-backed</ex></ph>) + </message> + <message name="IDS_CERT_MANAGER_HARDWARE_BACKED" desc="A device name to be used for hardware-backed keys."> + hardware-backed + </message> <if expr="pp_ifdef('chromeos')"> <message name="IDS_CERT_MANAGER_IMPORT_AND_BIND_BUTTON" desc="Label for the button in the certificate manager which allows you to import certificates and bind to your device."> Import and Bind to Device... @@ -3259,15 +3265,9 @@ Public Exponent (<ph name="PUBLIC_EXPONENT_NUM_BITS">$3<ex>24</ex></ph> bits): <message name="IDS_CERT_MANAGER_KEY_FORMAT_LONG" desc="A longer format for keys in the wifi / vpn config dialogs."> <ph name="ISSUED_BY">$1<ex>Google Inc</ex></ph> [<ph name="ISSUED_TO">$2<ex>John Doe</ex></ph>] </message> - <message name="IDS_CERT_MANAGER_HARDWARE_BACKED_KEY_FORMAT" desc="A format used to create label for hardware-backed keys."> - <ph name="KEY_NAME">$1<ex>John Doe</ex></ph> (<ph name="DEVICE">$2<ex>hardware-backed</ex></ph>) - </message> <message name="IDS_CERT_MANAGER_HARDWARE_BACKED_KEY_FORMAT_LONG" desc="A longer format for hardware-backed keys in the wifi / vpn config dialogs."> <ph name="ISSUED_BY">$1<ex>Google Inc</ex></ph> [<ph name="ISSUED_TO">$2<ex>John Doe</ex></ph>] (<ph name="DEVICE">$3<ex>hardware-backed</ex></ph>) </message> - <message name="IDS_CERT_MANAGER_HARDWARE_BACKED" desc="A device name to be used for ChromeOS device backed keys."> - hardware-backed - </message> </if> <!-- Add Client Certificate Dialog --> diff --git a/chrome/browser/certificate_manager_model.cc b/chrome/browser/certificate_manager_model.cc index 57f0b19..1b66dee 100644 --- a/chrome/browser/certificate_manager_model.cc +++ b/chrome/browser/certificate_manager_model.cc @@ -10,17 +10,11 @@ #include "base/strings/utf_string_conversions.h" #include "chrome/browser/ui/crypto_module_password_dialog.h" #include "chrome/common/net/x509_certificate_model.h" +#include "grit/generated_resources.h" #include "net/base/crypto_module.h" #include "net/base/net_errors.h" #include "net/cert/x509_certificate.h" - -#if defined(OS_CHROMEOS) -#include <cert.h> - -#include "crypto/nss_util.h" -#include "grit/generated_resources.h" #include "ui/base/l10n/l10n_util.h" -#endif CertificateManagerModel::CertificateManagerModel(Observer* observer) : cert_db_(net::NSSCertDatabase::GetInstance()), @@ -81,7 +75,6 @@ string16 CertificateManagerModel::GetColumnText( rv = UTF8ToUTF16( x509_certificate_model::GetCertNameOrNickname(cert.os_cert_handle())); -#if defined(OS_CHROMEOS) // TODO(xiyuan): Put this into a column when we have js tree-table. if (IsHardwareBacked(&cert)) { rv = l10n_util::GetStringFUTF16( @@ -89,7 +82,6 @@ string16 CertificateManagerModel::GetColumnText( rv, l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED)); } -#endif break; case COL_CERTIFICATE_STORE: rv = UTF8ToUTF16( @@ -157,11 +149,5 @@ bool CertificateManagerModel::Delete(net::X509Certificate* cert) { bool CertificateManagerModel::IsHardwareBacked( const net::X509Certificate* cert) const { -#if defined(OS_CHROMEOS) - return crypto::IsTPMTokenReady() && - cert->os_cert_handle()->slot == - cert_db_->GetPrivateModule()->os_module_handle(); -#else - return false; -#endif + return cert_db_->IsHardwareBacked(cert); } diff --git a/chrome/browser/certificate_manager_model.h b/chrome/browser/certificate_manager_model.h index c0ffb76b..b0fc264 100644 --- a/chrome/browser/certificate_manager_model.h +++ b/chrome/browser/certificate_manager_model.h @@ -102,8 +102,6 @@ class CertificateManagerModel { bool Delete(net::X509Certificate* cert); // IsHardwareBacked returns true if |cert| is hardware backed. - // This function is only implemented for Chrome OS and always returns false - // for other platforms. bool IsHardwareBacked(const net::X509Certificate* cert) const; private: diff --git a/chrome/browser/ui/webui/options/certificate_manager_handler.cc b/chrome/browser/ui/webui/options/certificate_manager_handler.cc index 1bf5b20..df9b3f4 100644 --- a/chrome/browser/ui/webui/options/certificate_manager_handler.cc +++ b/chrome/browser/ui/webui/options/certificate_manager_handler.cc @@ -396,10 +396,6 @@ void CertificateManagerHandler::GetLocalizedValues( #if defined(OS_CHROMEOS) localized_strings->SetString("importAndBindCertificate", l10n_util::GetStringUTF16(IDS_CERT_MANAGER_IMPORT_AND_BIND_BUTTON)); - localized_strings->SetString("hardwareBackedKeyFormat", - l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED_KEY_FORMAT)); - localized_strings->SetString("chromeOSDeviceName", - l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED)); #endif // defined(OS_CHROMEOS) } diff --git a/net/cert/nss_cert_database.cc b/net/cert/nss_cert_database.cc index 0ba139b..9c2a3f1 100644 --- a/net/cert/nss_cert_database.cc +++ b/net/cert/nss_cert_database.cc @@ -318,6 +318,11 @@ bool NSSCertDatabase::IsReadOnly(const X509Certificate* cert) const { return slot && PK11_IsReadOnly(slot); } +bool NSSCertDatabase::IsHardwareBacked(const X509Certificate* cert) const { + PK11SlotInfo* slot = cert->os_cert_handle()->slot; + return slot && PK11_IsHW(slot); +} + void NSSCertDatabase::AddObserver(Observer* observer) { observer_list_->AddObserver(observer); } diff --git a/net/cert/nss_cert_database.h b/net/cert/nss_cert_database.h index a5d7eb8..4986e51 100644 --- a/net/cert/nss_cert_database.h +++ b/net/cert/nss_cert_database.h @@ -178,6 +178,9 @@ class NET_EXPORT NSSCertDatabase { // Check whether cert is stored in a readonly slot. bool IsReadOnly(const X509Certificate* cert) const; + // Check whether cert is stored in a hardware slot. + bool IsHardwareBacked(const X509Certificate* cert) const; + // Registers |observer| to receive notifications of certificate changes. The // thread on which this is called is the thread on which |observer| will be // called back with notifications. |