Chromium Code Reviews Chromium Code Reviews
Issue 14522013:
Separate cert loading code from CertLibrary and move to src/chromeos (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chromeos/network/cert_loader.h |
| diff --git a/chromeos/network/cert_loader.h b/chromeos/network/cert_loader.h |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..1474738be37df609b1b6b1c3834531d83dfab1ca |
| --- /dev/null |
| +++ b/chromeos/network/cert_loader.h |
| @@ -0,0 +1,128 @@ |
| +// Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#ifndef CHROMEOS_NETWORK_CERT_LOADER_H_ |
| +#define CHROMEOS_NETWORK_CERT_LOADER_H_ |
| + |
| +#include <string> |
| + |
| +#include "base/memory/ref_counted.h" |
| +#include "base/memory/scoped_ptr.h" |
| +#include "base/memory/weak_ptr.h" |
| +#include "base/observer_list_threadsafe.h" |
| +#include "chromeos/chromeos_export.h" |
| +#include "chromeos/dbus/dbus_method_call_status.h" |
| +#include "chromeos/login/login_state.h" |
| +#include "net/cert/cert_database.h" |
| +#include "net/cert/x509_certificate.h" |
| + |
| +namespace crypto { |
| +class SymmetricKey; |
| +} |
| + |
| +namespace chromeos { |
| + |
| +class CHROMEOS_EXPORT CertLoader : public net::CertDatabase::Observer, |
|
Ryan Sleevi
2013/05/01 18:16:18
comment nit: Threading guarantees
stevenjb
2013/05/01 20:47:59
Done.
|
| + public LoginState::Observer { |
| + public: |
| + class Observer { |
| + public: |
| + virtual ~Observer() {} |
| + |
| + // Called when the certificates, passed for convenience as |cert_list|, |
| + // have completed loading. |initial_load| is true the first time this |
| + // is called. |
| + virtual void OnCertificatesLoaded(const net::CertificateList& cert_list, |
| + bool initial_load) = 0; |
| + |
| + protected: |
| + Observer() {} |
| + |
| + private: |
| + DISALLOW_COPY_AND_ASSIGN(Observer); |
| + }; |
| + |
| + typedef ObserverListThreadSafe<CertLoader::Observer> ObserverList; |
|
Ryan Sleevi
2013/05/01 18:16:18
style: You don't need to make public, do you? Shou
stevenjb
2013/05/01 20:47:59
Done.
|
| + |
| + // Manage the global instance. |
| + static void Initialize(); |
| + static void Shutdown(); |
| + static CertLoader* Get(); |
| + |
| + void AddObserver(CertLoader::Observer* observer); |
| + void RemoveObserver(CertLoader::Observer* observer); |
| + |
| + // Call this to start the certificate list initialization process. |
| + bool RequestCertificates(); |
| + |
| + // Returns true when the certificate list has been requested but not loaded. |
| + bool CertificatesLoading() const; |
| + |
| + // Returns true if the TPM is available for hardware-backed certificates. |
| + bool IsHardwareBacked() const; |
| + |
| + bool certificates_loaded() const { return certificates_loaded_; } |
| + |
| + const std::string& tpm_token_name() const { return tpm_token_name_; } |
| + |
| + const net::CertificateList& cert_list() const { return cert_list_; } |
| + |
| + private: |
| + CertLoader(); |
| + virtual ~CertLoader(); |
| + |
| + void OnTpmIsEnabled(DBusMethodCallStatus call_status, |
| + bool tpm_is_enabled); |
| + void OnPkcs11IsTpmTokenReady(DBusMethodCallStatus call_status, |
| + bool is_tpm_token_ready); |
| + void OnPkcs11GetTpmTokenInfo(DBusMethodCallStatus call_status, |
| + const std::string& token_name, |
| + const std::string& user_pin); |
| + void InitializeTPMToken(); |
| + void StartLoadCertificates(); |
| + void UpdateCertificates(net::CertificateList* cert_list); |
| + void MaybeRetryRequestCertificates(); |
| + void RequestCertificatesTask(); |
| + |
| + void NotifyCertificatesLoaded(bool initial_load); |
| + |
| + // net::CertDatabase::Observer |
| + virtual void OnCertTrustChanged(const net::X509Certificate* cert) OVERRIDE; |
| + virtual void OnCertAdded(const net::X509Certificate* cert) OVERRIDE; |
| + virtual void OnCertRemoved(const net::X509Certificate* cert) OVERRIDE; |
| + |
| + // LoginState::Observer |
| + virtual void LoggedInStateChanged(LoginState::LoggedInState state) OVERRIDE; |
| + |
| + const scoped_refptr<ObserverList> observer_list_; |
| + |
| + // Active request task for re-requests while waiting for TPM init. |
| + base::Closure request_task_; |
| + |
| + // Local state. |
| + bool tpm_token_ready_; |
| + bool certificates_requested_; |
| + bool certificates_loaded_; |
| + // The key store for the current user has been loaded. This flag is needed to |
| + // ensure that the key store will not be loaded twice in the policy recovery |
| + // "safe-mode". |
| + bool key_store_loaded_; |
| + |
| + // Cached TPM token name. |
| + std::string tpm_token_name_; |
| + |
| + // Cached TPM user pin. |
| + std::string tpm_user_pin_; |
| + |
| + // Cached Certificates. |
| + net::CertificateList cert_list_; |
| + |
| + base::WeakPtrFactory<CertLoader> weak_ptr_factory_; |
| + |
| + DISALLOW_COPY_AND_ASSIGN(CertLoader); |
| +}; |
| + |
| +} // namespace chromeos |
| + |
| +#endif // CHROMEOS_NETWORK_CERT_LOADER_H_ |
