OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" | 5 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <cryptohi.h> | 8 #include <cryptohi.h> |
9 #include <keyhi.h> | 9 #include <keyhi.h> |
10 #include <secder.h> | 10 #include <secder.h> |
11 | 11 |
12 #include "base/bind.h" | 12 #include "base/bind.h" |
13 #include "base/bind_helpers.h" | 13 #include "base/bind_helpers.h" |
14 #include "base/callback.h" | 14 #include "base/callback.h" |
15 #include "base/compiler_specific.h" | 15 #include "base/compiler_specific.h" |
16 #include "base/location.h" | 16 #include "base/location.h" |
17 #include "base/logging.h" | 17 #include "base/logging.h" |
18 #include "base/macros.h" | 18 #include "base/macros.h" |
19 #include "base/single_thread_task_runner.h" | 19 #include "base/single_thread_task_runner.h" |
20 #include "base/stl_util.h" | 20 #include "base/stl_util.h" |
21 #include "base/thread_task_runner_handle.h" | 21 #include "base/thread_task_runner_handle.h" |
22 #include "base/threading/worker_pool.h" | 22 #include "base/threading/worker_pool.h" |
23 #include "chrome/browser/browser_process.h" | 23 #include "chrome/browser/browser_process.h" |
24 #include "chrome/browser/browser_process_platform_part_chromeos.h" | 24 #include "chrome/browser/browser_process_platform_part_chromeos.h" |
25 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" | 25 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" |
26 #include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h" | 26 #include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h" |
27 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" | 27 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" |
28 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" | |
29 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 28 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
30 #include "chrome/browser/extensions/api/enterprise_platform_keys/enterprise_plat
form_keys_api.h" | 29 #include "chrome/browser/extensions/api/enterprise_platform_keys/enterprise_plat
form_keys_api.h" |
31 #include "chrome/browser/net/nss_context.h" | 30 #include "chrome/browser/net/nss_context.h" |
32 #include "chrome/browser/profiles/profile.h" | 31 #include "chrome/browser/profiles/profile.h" |
33 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | 32 #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
34 #include "content/public/browser/browser_context.h" | 33 #include "content/public/browser/browser_context.h" |
35 #include "content/public/browser/browser_thread.h" | 34 #include "content/public/browser/browser_thread.h" |
36 #include "crypto/nss_key_util.h" | 35 #include "crypto/nss_key_util.h" |
37 #include "crypto/scoped_nss_types.h" | 36 #include "crypto/scoped_nss_types.h" |
38 #include "net/base/crypto_module.h" | 37 #include "net/base/crypto_module.h" |
(...skipping 732 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
771 // Currently we do not pass down the requested certificate type to the net | 770 // Currently we do not pass down the requested certificate type to the net |
772 // layer, as it does not support filtering certificates by type. Rather, we | 771 // layer, as it does not support filtering certificates by type. Rather, we |
773 // do not constrain the certificate type here, instead the caller has to apply | 772 // do not constrain the certificate type here, instead the caller has to apply |
774 // filtering afterwards. | 773 // filtering afterwards. |
775 cert_request_info->cert_authorities = certificate_authorities; | 774 cert_request_info->cert_authorities = certificate_authorities; |
776 | 775 |
777 const user_manager::User* user = | 776 const user_manager::User* user = |
778 chromeos::ProfileHelper::Get()->GetUserByProfile( | 777 chromeos::ProfileHelper::Get()->GetUserByProfile( |
779 Profile::FromBrowserContext(browser_context)); | 778 Profile::FromBrowserContext(browser_context)); |
780 | 779 |
781 // Use the device-wide system key slot only if the user is of the same | 780 // Use the device-wide system key slot only if the user is affiliated on the |
782 // domain as the device is registered to. | 781 // device. |
783 policy::BrowserPolicyConnectorChromeOS* connector = | 782 bool use_system_key_slot = user->is_affiliated(); |
784 g_browser_process->platform_part()->browser_policy_connector_chromeos(); | |
785 bool use_system_key_slot = connector->GetUserAffiliation(user->email()) == | |
786 policy::USER_AFFILIATION_MANAGED; | |
787 | 783 |
788 scoped_ptr<SelectCertificatesState> state(new SelectCertificatesState( | 784 scoped_ptr<SelectCertificatesState> state(new SelectCertificatesState( |
789 user->username_hash(), use_system_key_slot, cert_request_info, callback)); | 785 user->username_hash(), use_system_key_slot, cert_request_info, callback)); |
790 | 786 |
791 BrowserThread::PostTask( | 787 BrowserThread::PostTask( |
792 BrowserThread::IO, FROM_HERE, | 788 BrowserThread::IO, FROM_HERE, |
793 base::Bind(&SelectCertificatesOnIOThread, base::Passed(&state))); | 789 base::Bind(&SelectCertificatesOnIOThread, base::Passed(&state))); |
794 } | 790 } |
795 | 791 |
796 } // namespace subtle | 792 } // namespace subtle |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
894 NSSOperationState* state_ptr = state.get(); | 890 NSSOperationState* state_ptr = state.get(); |
895 GetCertDatabase(std::string() /* don't get any specific slot */, | 891 GetCertDatabase(std::string() /* don't get any specific slot */, |
896 base::Bind(&GetTokensWithDB, base::Passed(&state)), | 892 base::Bind(&GetTokensWithDB, base::Passed(&state)), |
897 browser_context, | 893 browser_context, |
898 state_ptr); | 894 state_ptr); |
899 } | 895 } |
900 | 896 |
901 } // namespace platform_keys | 897 } // namespace platform_keys |
902 | 898 |
903 } // namespace chromeos | 899 } // namespace chromeos |
OLD | NEW |