Pass slot id to Shill for manually configured WiFi with EAP-TLS.

Before, wifi_config_view directly set the shill::kEapCertIdProperty and shill::kEapKeyIdProperty. Since the system token is enabled in ChromeOS, these properties have to be of the format '<slot_id>:<key_id>' and not only '<key_id>'. This change fixes this by reusing the client_cert::SetShillProperties function, which sets the properties in the correct format. R=pastarmovj@chromium.org TBR=stevenjb@chromium.org BUG=358366, 396181 Review URL: https://codereview.chromium.org/415483002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@284914 0039d316-1c4b-4281-b951-d872f2087c98

Pass slot id to Shill for manually configured WiFi with EAP-TLS.
Before, wifi_config_view directly set the shill::kEapCertIdProperty and shill::kEapKeyIdProperty. Since the system token is enabled in ChromeOS, these properties have to be of the format '<slot_id>:<key_id>' and not only '<key_id>'. This change fixes this by reusing the client_cert::SetShillProperties function, which sets the properties in the correct format. R=pastarmovj@chromium.org TBR=stevenjb@chromium.org BUG=358366, 396181 Review URL: https://codereview.chromium.org/415483002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@284914 0039d316-1c4b-4281-b951-d872f2087c98
eecbd73d · pneubeck@chromium.org · 22ce0039 · eecbd73d · eecbd73d · eecbd73d
Commit eecbd73d authored Jul 23, 2014 by pneubeck@chromium.org
4 changed files
--- a/chrome/browser/chromeos/options/cert_library.cc
+++ b/chrome/browser/chromeos/options/cert_library.cc
@@ -149,6 +149,10 @@ bool CertLibrary::IsHardwareBacked() const {
  return CertLoader::Get()->IsHardwareBacked();
 }

+std::string CertLibrary::GetTPMSlotID() const {
+  return base::IntToString(CertLoader::Get()->TPMTokenSlotID());
+}
+
 int CertLibrary::NumCertificates(CertType type) const {
  const net::CertificateList& cert_list = GetCertificateListForType(type);
  return static_cast<int>(cert_list.size());

--- a/chrome/browser/chromeos/options/cert_library.h
+++ b/chrome/browser/chromeos/options/cert_library.h
@@ -63,6 +63,9 @@ class CertLibrary : public CertLoader::Observer {
  // Returns true if the TPM is available for hardware-backed certificates.
  bool IsHardwareBacked() const;

+  // Returns the id of the slot that contains the user certificates.
+  std::string GetTPMSlotID() const;
+
  // Retruns the number of certificates available for |type|.
  int NumCertificates(CertType type) const;


--- a/chrome/browser/chromeos/options/wifi_config_view.cc
+++ b/chrome/browser/chromeos/options/wifi_config_view.cc
@@ -14,6 +14,7 @@
 #include "chrome/browser/chromeos/options/passphrase_textfield.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chromeos/login/login_state.h"
+#include "chromeos/network/client_cert_util.h"
 #include "chromeos/network/network_configuration_handler.h"
 #include "chromeos/network/network_event_log.h"
 #include "chromeos/network/network_handler.h"
@@ -872,12 +873,12 @@ void WifiConfigView::SetEapProperties(base::DictionaryValue* properties) {
  properties->SetStringWithoutPathExpansion(
      shill::kEapSubjectMatchProperty, GetEapSubjectMatch());

-  // shill requires both CertID and KeyID for TLS connections, despite
-  // the fact that by convention they are the same ID.
-  properties->SetStringWithoutPathExpansion(
-      shill::kEapCertIdProperty, GetEapClientCertPkcs11Id());
-  properties->SetStringWithoutPathExpansion(
-      shill::kEapKeyIdProperty, GetEapClientCertPkcs11Id());
+  const std::string pkcs11id = GetEapClientCertPkcs11Id();
+  client_cert::SetShillProperties(client_cert::CONFIG_TYPE_EAP,
+                                  CertLibrary::Get()->GetTPMSlotID(),
+                                  TPMTokenLoader::Get()->tpm_user_pin(),
+                                  &pkcs11id,
+                                  properties);

  properties->SetBooleanWithoutPathExpansion(
      shill::kEapUseSystemCasProperty, GetEapUseSystemCas());

--- a/chromeos/network/client_cert_util.h
+++ b/chromeos/network/client_cert_util.h
@@ -66,11 +66,11 @@ CHROMEOS_EXPORT scoped_refptr<net::X509Certificate> GetCertificateMatch(
 // If not empty, sets the TPM properties in |properties|. If |pkcs11_id| is not
 // NULL, also sets the ClientCertID. |cert_config_type| determines which
 // dictionary entries to set.
-void SetShillProperties(const ConfigType cert_config_type,
-                        const std::string& tpm_slot,
-                        const std::string& tpm_pin,
-                        const std::string* pkcs11_id,
-                        base::DictionaryValue* properties);
+CHROMEOS_EXPORT void SetShillProperties(const ConfigType cert_config_type,
+                                        const std::string& tpm_slot,
+                                        const std::string& tpm_pin,
+                                        const std::string* pkcs11_id,
+                                        base::DictionaryValue* properties);

 // Returns true if all required configuration properties are set and not empty.
 bool IsCertificateConfigured(const client_cert::ConfigType cert_config_type,