Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(91)

Side by Side Diff: chrome/browser/chromeos/platform_keys/platform_keys_nss.cc

Issue 1306183007: Switch to id-based affiliation determination (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" 5 #include "chrome/browser/chromeos/platform_keys/platform_keys.h"
6 6
7 #include <cert.h> 7 #include <cert.h>
8 #include <cryptohi.h> 8 #include <cryptohi.h>
9 #include <keyhi.h> 9 #include <keyhi.h>
10 #include <secder.h> 10 #include <secder.h>
11 11
12 #include "base/bind.h" 12 #include "base/bind.h"
13 #include "base/bind_helpers.h" 13 #include "base/bind_helpers.h"
14 #include "base/callback.h" 14 #include "base/callback.h"
15 #include "base/compiler_specific.h" 15 #include "base/compiler_specific.h"
16 #include "base/location.h" 16 #include "base/location.h"
17 #include "base/logging.h" 17 #include "base/logging.h"
18 #include "base/macros.h" 18 #include "base/macros.h"
19 #include "base/single_thread_task_runner.h" 19 #include "base/single_thread_task_runner.h"
20 #include "base/stl_util.h" 20 #include "base/stl_util.h"
21 #include "base/thread_task_runner_handle.h" 21 #include "base/thread_task_runner_handle.h"
22 #include "base/threading/worker_pool.h" 22 #include "base/threading/worker_pool.h"
23 #include "chrome/browser/browser_process.h" 23 #include "chrome/browser/browser_process.h"
24 #include "chrome/browser/browser_process_platform_part_chromeos.h" 24 #include "chrome/browser/browser_process_platform_part_chromeos.h"
25 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" 25 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h"
26 #include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h" 26 #include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h"
27 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" 27 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h"
28 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
29 #include "chrome/browser/chromeos/profiles/profile_helper.h" 28 #include "chrome/browser/chromeos/profiles/profile_helper.h"
30 #include "chrome/browser/extensions/api/enterprise_platform_keys/enterprise_plat form_keys_api.h" 29 #include "chrome/browser/extensions/api/enterprise_platform_keys/enterprise_plat form_keys_api.h"
31 #include "chrome/browser/net/nss_context.h" 30 #include "chrome/browser/net/nss_context.h"
32 #include "chrome/browser/profiles/profile.h" 31 #include "chrome/browser/profiles/profile.h"
33 #include "components/policy/core/common/cloud/cloud_policy_constants.h" 32 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
34 #include "content/public/browser/browser_context.h" 33 #include "content/public/browser/browser_context.h"
35 #include "content/public/browser/browser_thread.h" 34 #include "content/public/browser/browser_thread.h"
36 #include "crypto/nss_key_util.h" 35 #include "crypto/nss_key_util.h"
37 #include "crypto/scoped_nss_types.h" 36 #include "crypto/scoped_nss_types.h"
38 #include "net/base/crypto_module.h" 37 #include "net/base/crypto_module.h"
(...skipping 732 matching lines...) Expand 10 before | Expand all | Expand 10 after
771 // Currently we do not pass down the requested certificate type to the net 770 // Currently we do not pass down the requested certificate type to the net
772 // layer, as it does not support filtering certificates by type. Rather, we 771 // layer, as it does not support filtering certificates by type. Rather, we
773 // do not constrain the certificate type here, instead the caller has to apply 772 // do not constrain the certificate type here, instead the caller has to apply
774 // filtering afterwards. 773 // filtering afterwards.
775 cert_request_info->cert_authorities = certificate_authorities; 774 cert_request_info->cert_authorities = certificate_authorities;
776 775
777 const user_manager::User* user = 776 const user_manager::User* user =
778 chromeos::ProfileHelper::Get()->GetUserByProfile( 777 chromeos::ProfileHelper::Get()->GetUserByProfile(
779 Profile::FromBrowserContext(browser_context)); 778 Profile::FromBrowserContext(browser_context));
780 779
781 // Use the device-wide system key slot only if the user is of the same 780 // Use the device-wide system key slot only if the user is affiliated on the
782 // domain as the device is registered to. 781 // device.
783 policy::BrowserPolicyConnectorChromeOS* connector = 782 bool use_system_key_slot = user->is_affiliated();
784 g_browser_process->platform_part()->browser_policy_connector_chromeos();
785 bool use_system_key_slot = connector->GetUserAffiliation(user->email()) ==
786 policy::USER_AFFILIATION_MANAGED;
787 783
788 scoped_ptr<SelectCertificatesState> state(new SelectCertificatesState( 784 scoped_ptr<SelectCertificatesState> state(new SelectCertificatesState(
789 user->username_hash(), use_system_key_slot, cert_request_info, callback)); 785 user->username_hash(), use_system_key_slot, cert_request_info, callback));
790 786
791 BrowserThread::PostTask( 787 BrowserThread::PostTask(
792 BrowserThread::IO, FROM_HERE, 788 BrowserThread::IO, FROM_HERE,
793 base::Bind(&SelectCertificatesOnIOThread, base::Passed(&state))); 789 base::Bind(&SelectCertificatesOnIOThread, base::Passed(&state)));
794 } 790 }
795 791
796 } // namespace subtle 792 } // namespace subtle
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after
894 NSSOperationState* state_ptr = state.get(); 890 NSSOperationState* state_ptr = state.get();
895 GetCertDatabase(std::string() /* don't get any specific slot */, 891 GetCertDatabase(std::string() /* don't get any specific slot */,
896 base::Bind(&GetTokensWithDB, base::Passed(&state)), 892 base::Bind(&GetTokensWithDB, base::Passed(&state)),
897 browser_context, 893 browser_context,
898 state_ptr); 894 state_ptr);
899 } 895 }
900 896
901 } // namespace platform_keys 897 } // namespace platform_keys
902 898
903 } // namespace chromeos 899 } // namespace chromeos
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698