| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROMEOS_NETWORK_CERT_LOADER_H_ |
| 6 #define CHROMEOS_NETWORK_CERT_LOADER_H_ |
| 7 |
| 8 #include <string> |
| 9 |
| 10 #include "base/memory/ref_counted.h" |
| 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "base/memory/weak_ptr.h" |
| 13 #include "base/observer_list_threadsafe.h" |
| 14 #include "base/threading/thread_checker.h" |
| 15 #include "chromeos/chromeos_export.h" |
| 16 #include "chromeos/dbus/dbus_method_call_status.h" |
| 17 #include "chromeos/login/login_state.h" |
| 18 #include "net/cert/cert_database.h" |
| 19 #include "net/cert/x509_certificate.h" |
| 20 |
| 21 namespace crypto { |
| 22 class SymmetricKey; |
| 23 } |
| 24 |
| 25 namespace chromeos { |
| 26 |
| 27 // This class is responsible for initializing the TPM token and loading |
| 28 // certificates once the TPM is initialized. It is expected to be constructed |
| 29 // on the UI thread and public methods should all be called from the UI thread. |
| 30 // When certificates have been loaded (after login completes), or the cert |
| 31 // database changes, observers are called with OnCertificatesLoaded(). |
| 32 class CHROMEOS_EXPORT CertLoader : public net::CertDatabase::Observer, |
| 33 public LoginState::Observer { |
| 34 public: |
| 35 class Observer { |
| 36 public: |
| 37 virtual ~Observer() {} |
| 38 |
| 39 // Called when the certificates, passed for convenience as |cert_list|, |
| 40 // have completed loading. |initial_load| is true the first time this |
| 41 // is called. |
| 42 virtual void OnCertificatesLoaded(const net::CertificateList& cert_list, |
| 43 bool initial_load) = 0; |
| 44 |
| 45 protected: |
| 46 Observer() {} |
| 47 |
| 48 private: |
| 49 DISALLOW_COPY_AND_ASSIGN(Observer); |
| 50 }; |
| 51 |
| 52 // Manage the global instance. |
| 53 static void Initialize(); |
| 54 static void Shutdown(); |
| 55 static CertLoader* Get(); |
| 56 |
| 57 void AddObserver(CertLoader::Observer* observer); |
| 58 void RemoveObserver(CertLoader::Observer* observer); |
| 59 |
| 60 // Returns true when the certificate list has been requested but not loaded. |
| 61 bool CertificatesLoading() const; |
| 62 |
| 63 // Returns true if the TPM is available for hardware-backed certificates. |
| 64 bool IsHardwareBacked() const; |
| 65 |
| 66 bool certificates_loaded() const { return certificates_loaded_; } |
| 67 |
| 68 // TPM info is only valid once the TPM is available (IsHardwareBacked is |
| 69 // true). Otherwise empty strings will be returned. |
| 70 const std::string& tpm_token_name() const { return tpm_token_name_; } |
| 71 const std::string& tpm_token_slot() const { return tpm_token_slot_; } |
| 72 const std::string& tpm_user_pin() const { return tpm_user_pin_; } |
| 73 |
| 74 // This will be empty until certificates_loaded() is true. |
| 75 const net::CertificateList& cert_list() const { return cert_list_; } |
| 76 |
| 77 private: |
| 78 CertLoader(); |
| 79 virtual ~CertLoader(); |
| 80 |
| 81 void RequestCertificates(); |
| 82 |
| 83 void OnTpmIsEnabled(DBusMethodCallStatus call_status, |
| 84 bool tpm_is_enabled); |
| 85 void OnPkcs11IsTpmTokenReady(DBusMethodCallStatus call_status, |
| 86 bool is_tpm_token_ready); |
| 87 void OnPkcs11GetTpmTokenInfo(DBusMethodCallStatus call_status, |
| 88 const std::string& token_name, |
| 89 const std::string& user_pin); |
| 90 void InitializeTPMToken(); |
| 91 void StartLoadCertificates(); |
| 92 void UpdateCertificates(net::CertificateList* cert_list); |
| 93 void MaybeRetryRequestCertificates(); |
| 94 void RequestCertificatesTask(); |
| 95 |
| 96 void NotifyCertificatesLoaded(bool initial_load); |
| 97 |
| 98 // net::CertDatabase::Observer |
| 99 virtual void OnCertTrustChanged(const net::X509Certificate* cert) OVERRIDE; |
| 100 virtual void OnCertAdded(const net::X509Certificate* cert) OVERRIDE; |
| 101 virtual void OnCertRemoved(const net::X509Certificate* cert) OVERRIDE; |
| 102 |
| 103 // LoginState::Observer |
| 104 virtual void LoggedInStateChanged(LoginState::LoggedInState state) OVERRIDE; |
| 105 |
| 106 ObserverList<Observer> observers_; |
| 107 |
| 108 // Active request task for re-requests while waiting for TPM init. |
| 109 base::Closure request_task_; |
| 110 |
| 111 // Local state. |
| 112 bool tpm_token_ready_; |
| 113 bool certificates_requested_; |
| 114 bool certificates_loaded_; |
| 115 // The key store for the current user has been loaded. This flag is needed to |
| 116 // ensure that the key store will not be loaded twice in the policy recovery |
| 117 // "safe-mode". |
| 118 bool key_store_loaded_; |
| 119 |
| 120 // Cached TPM token info. |
| 121 std::string tpm_token_name_; |
| 122 std::string tpm_token_slot_; |
| 123 std::string tpm_user_pin_; |
| 124 |
| 125 // Cached Certificates. |
| 126 net::CertificateList cert_list_; |
| 127 |
| 128 base::ThreadChecker thread_checker_; |
| 129 |
| 130 // TODO(stevenjb): Use multiple factories to track callback chains. |
| 131 base::WeakPtrFactory<CertLoader> weak_ptr_factory_; |
| 132 |
| 133 DISALLOW_COPY_AND_ASSIGN(CertLoader); |
| 134 }; |
| 135 |
| 136 } // namespace chromeos |
| 137 |
| 138 #endif // CHROMEOS_NETWORK_CERT_LOADER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14522013:
Separate cert loading code from CertLibrary and move to src/chromeos (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src