Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chromeos/cert_loader.cc

Issue 135193007: Use user specific NSSDatabase in CertLoader. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: . Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/chromeos/net/nss_cert_database_factory.h ('K') | « chromeos/cert_loader.h ('k') | chromeos/cert_loader_unittest.cc » ('j') | chromeos/cert_loader_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chromeos/cert_loader.cc
diff --git a/chromeos/cert_loader.cc b/chromeos/cert_loader.cc
index 70e49819d0840705d1a5c2b65e0f5e93612f2e5f..75f257a2f9340b99983742807fd979d9729ed305 100644
--- a/chromeos/cert_loader.cc
+++ b/chromeos/cert_loader.cc
@@ -8,9 +8,9 @@
#include "base/bind.h"
#include "base/location.h"
+#include "base/sequenced_task_runner.h"
#include "base/strings/string_number_conversions.h"
#include "base/task_runner_util.h"
-#include "base/threading/worker_pool.h"
#include "crypto/nss_util.h"
#include "net/cert/nss_cert_database.h"
#include "net/cert/x509_certificate.h"
@@ -58,37 +58,15 @@ CertLoader::CertLoader()
certificates_loaded_(false),
certificates_update_required_(false),
certificates_update_running_(false),
+ database_(NULL),
tpm_token_slot_id_(-1),
+ is_hardware_backed_(false),
+ hardware_backed_for_test_(false),
weak_factory_(this) {
- if (TPMTokenLoader::IsInitialized())
- TPMTokenLoader::Get()->AddObserver(this);
-}
-
-void CertLoader::SetSlowTaskRunnerForTest(
- const scoped_refptr<base::TaskRunner>& task_runner) {
- slow_task_runner_for_test_ = task_runner;
}
CertLoader::~CertLoader() {
net::CertDatabase::GetInstance()->RemoveObserver(this);
- if (TPMTokenLoader::IsInitialized())
- TPMTokenLoader::Get()->RemoveObserver(this);
-}
-
-void CertLoader::AddObserver(CertLoader::Observer* observer) {
- observers_.AddObserver(observer);
-}
-
-void CertLoader::RemoveObserver(CertLoader::Observer* observer) {
- observers_.RemoveObserver(observer);
-}
-
-bool CertLoader::IsHardwareBacked() const {
- return !tpm_token_name_.empty();
-}
-
-bool CertLoader::CertificatesLoading() const {
- return certificates_requested_ && !certificates_loaded_;
}
// This is copied from chrome/common/net/x509_certificate_model_nss.cc.
@@ -120,13 +98,49 @@ std::string CertLoader::GetPkcs11IdForCert(const net::X509Certificate& cert) {
return pkcs11_id;
}
-void CertLoader::RequestCertificates() {
+void CertLoader::SetCryptoTaskRunner(
+ const scoped_refptr<base::SequencedTaskRunner>& crypto_task_runner) {
+ crypto_task_runner_ = crypto_task_runner;
+}
+
+void CertLoader::AddObserver(CertLoader::Observer* observer) {
+ observers_.AddObserver(observer);
+}
+
+void CertLoader::RemoveObserver(CertLoader::Observer* observer) {
+ observers_.RemoveObserver(observer);
+}
+
+bool CertLoader::IsCertificateHardwareBacked(
+ const net::X509Certificate* cert) const {
+ if (!database_ || !cert)
+ return false;
+ return database_->IsHardwareBacked(cert);
+}
+
+bool CertLoader::CertificatesLoading() const {
+ return certificates_requested_ && !certificates_loaded_;
+}
+
+void CertLoader::StartWithNSSDB(net::NSSCertDatabase* database) {
if (certificates_requested_)
return;
certificates_requested_ = true;
- DCHECK(!certificates_loaded_ && !certificates_update_running_);
+ CHECK(database);
+ CHECK(!database_);
+ CHECK(crypto_task_runner_) << "Crypto task runner not set.";
+
+ database_ = database;
+ tpm_token_slot_id_ =
+ static_cast<int>(PK11_GetSlotID(database_->GetPrivateSlot().get()));
+
+ is_hardware_backed_ = hardware_backed_for_test_ ||
+ PK11_IsHW(database_->GetPrivateSlot().get());
+
+ // Start observing cert database for changes.
net::CertDatabase::GetInstance()->AddObserver(this);
+
LoadCertificates();
}
@@ -143,14 +157,9 @@ void CertLoader::LoadCertificates() {
certificates_update_running_ = true;
certificates_update_required_ = false;
- base::TaskRunner* task_runner = slow_task_runner_for_test_.get();
- if (!task_runner)
- task_runner = base::WorkerPool::GetTaskRunner(true /* task is slow */);
- task_runner->PostTaskAndReply(
+ crypto_task_runner_->PostTaskAndReply(
FROM_HERE,
- base::Bind(LoadNSSCertificates,
- net::NSSCertDatabase::GetInstance(),
- cert_list),
+ base::Bind(LoadNSSCertificates, database_, cert_list),
base::Bind(&CertLoader::UpdateCertificates,
weak_factory_.GetWeakPtr(),
base::Owned(cert_list)));
@@ -195,15 +204,4 @@ void CertLoader::OnCertRemoved(const net::X509Certificate* cert) {
LoadCertificates();
}
-void CertLoader::OnTPMTokenReady(const std::string& tpm_user_pin,
- const std::string& tpm_token_name,
- int tpm_token_slot_id) {
- tpm_user_pin_ = tpm_user_pin;
- tpm_token_name_ = tpm_token_name;
- tpm_token_slot_id_ = tpm_token_slot_id;
-
- VLOG(1) << "TPM token ready.";
- RequestCertificates();
-}
-
} // namespace chromeos
« chrome/browser/chromeos/net/nss_cert_database_factory.h ('K') | « chromeos/cert_loader.h ('k') | chromeos/cert_loader_unittest.cc » ('j') | chromeos/cert_loader_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698