Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(559)

Side by Side Diff: chromeos/network/cert_loader.h

Issue 14522013: Separate cert loading code from CertLibrary and move to src/chromeos (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Address feedback Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
(Empty)
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef CHROMEOS_NETWORK_CERT_LOADER_H_
6 #define CHROMEOS_NETWORK_CERT_LOADER_H_
7
8 #include <string>
9
10 #include "base/memory/ref_counted.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/memory/weak_ptr.h"
13 #include "base/observer_list_threadsafe.h"
14 #include "base/threading/thread_checker.h"
15 #include "chromeos/chromeos_export.h"
16 #include "chromeos/dbus/dbus_method_call_status.h"
17 #include "chromeos/login/login_state.h"
18 #include "net/cert/cert_database.h"
19 #include "net/cert/x509_certificate.h"
20
21 namespace crypto {
22 class SymmetricKey;
23 }
24
25 namespace chromeos {
26
27 // This class is responsible for initializing the TPM token and loading
28 // certificates once the TPM is initialized. It is expected to be constructed
29 // on the UI thread and public methods should all be called from the UI thread.
30 // When certificates have been loaded (after login completes), or the cert
31 // database changes, observers are called with OnCertificatesLoaded().
32 class CHROMEOS_EXPORT CertLoader : public net::CertDatabase::Observer,
33 public LoginState::Observer {
34 public:
35 class Observer {
36 public:
37 virtual ~Observer() {}
38
39 // Called when the certificates, passed for convenience as |cert_list|,
40 // have completed loading. |initial_load| is true the first time this
41 // is called.
42 virtual void OnCertificatesLoaded(const net::CertificateList& cert_list,
43 bool initial_load) = 0;
44
45 protected:
46 Observer() {}
47
48 private:
49 DISALLOW_COPY_AND_ASSIGN(Observer);
50 };
51
52 // Manage the global instance.
53 static void Initialize();
54 static void Shutdown();
55 static CertLoader* Get();
56
57 void AddObserver(CertLoader::Observer* observer);
58 void RemoveObserver(CertLoader::Observer* observer);
59
60 // Returns true when the certificate list has been requested but not loaded.
61 bool CertificatesLoading() const;
62
63 // Returns true if the TPM is available for hardware-backed certificates.
64 bool IsHardwareBacked() const;
65
66 bool certificates_loaded() const { return certificates_loaded_; }
67
68 // TPM info is only valid once the TPM is available (IsHardwareBacked is
69 // true). Otherwise empty strings will be returned.
70 const std::string& tpm_token_name() const { return tpm_token_name_; }
71 const std::string& tpm_token_slot() const { return tpm_token_slot_; }
72 const std::string& tpm_user_pin() const { return tpm_user_pin_; }
73
74 // This will be empty until certificates_loaded() is true.
75 const net::CertificateList& cert_list() const { return cert_list_; }
76
77 private:
78 CertLoader();
79 virtual ~CertLoader();
80
81 void RequestCertificates();
82
83 void OnTpmIsEnabled(DBusMethodCallStatus call_status,
84 bool tpm_is_enabled);
85 void OnPkcs11IsTpmTokenReady(DBusMethodCallStatus call_status,
86 bool is_tpm_token_ready);
87 void OnPkcs11GetTpmTokenInfo(DBusMethodCallStatus call_status,
88 const std::string& token_name,
89 const std::string& user_pin);
90 void InitializeTPMToken();
91 void StartLoadCertificates();
92 void UpdateCertificates(net::CertificateList* cert_list);
93 void MaybeRetryRequestCertificates();
94 void RequestCertificatesTask();
95
96 void NotifyCertificatesLoaded(bool initial_load);
97
98 // net::CertDatabase::Observer
99 virtual void OnCertTrustChanged(const net::X509Certificate* cert) OVERRIDE;
100 virtual void OnCertAdded(const net::X509Certificate* cert) OVERRIDE;
101 virtual void OnCertRemoved(const net::X509Certificate* cert) OVERRIDE;
102
103 // LoginState::Observer
104 virtual void LoggedInStateChanged(LoginState::LoggedInState state) OVERRIDE;
105
106 ObserverList<Observer> observers_;
107
108 // Active request task for re-requests while waiting for TPM init.
109 base::Closure request_task_;
110
111 // Local state.
112 bool tpm_token_ready_;
113 bool certificates_requested_;
114 bool certificates_loaded_;
115 // The key store for the current user has been loaded. This flag is needed to
116 // ensure that the key store will not be loaded twice in the policy recovery
117 // "safe-mode".
118 bool key_store_loaded_;
119
120 // Cached TPM token info.
121 std::string tpm_token_name_;
122 std::string tpm_token_slot_;
123 std::string tpm_user_pin_;
124
125 // Cached Certificates.
126 net::CertificateList cert_list_;
127
128 base::ThreadChecker thread_checker_;
129
130 // TODO(stevenjb): Use multiple factories to track callback chains.
131 base::WeakPtrFactory<CertLoader> weak_ptr_factory_;
132
133 DISALLOW_COPY_AND_ASSIGN(CertLoader);
134 };
135
136 } // namespace chromeos
137
138 #endif // CHROMEOS_NETWORK_CERT_LOADER_H_
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698