Call crypto::InitializeTPMToken on the IO thread

chromeos/network/cert_loader.h

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROMEOS_NETWORK_CERT_LOADER_H_
 #define CHROMEOS_NETWORK_CERT_LOADER_H_
 
 #include <string>
 
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/observer_list_threadsafe.h"
 #include "base/threading/thread_checker.h"
 #include "chromeos/chromeos_export.h"
 #include "chromeos/dbus/dbus_method_call_status.h"
 #include "chromeos/login/login_state.h"
 #include "chromeos/network/network_handler.h"
 #include "net/cert/cert_database.h"
 #include "net/cert/x509_certificate.h"
 
+namespace base {
+class SequencedTaskRunner;
+}
+
 namespace crypto {
 class SymmetricKey;
 }
 
 namespace chromeos {
 
 // This class is responsible for initializing the TPM token and loading
 // certificates once the TPM is initialized. It is expected to be constructed
 // on the UI thread and public methods should all be called from the UI thread.
 // When certificates have been loaded (after login completes), or the cert
@@ skipping 38 matching lines @@
   const std::string& tpm_token_name() const { return tpm_token_name_; }
   const std::string& tpm_token_slot() const { return tpm_token_slot_; }
   const std::string& tpm_user_pin() const { return tpm_user_pin_; }
 
   // This will be empty until certificates_loaded() is true.
   const net::CertificateList& cert_list() const { return cert_list_; }
 
  private:
   friend class NetworkHandler;
   CertLoader();
+  // |crypto_task_runner| is the task runner that any synchronous crypto calls
+  // should be made from. In Chrome this is the IO thread.

[Ryan Sleevi, 2013/06/06 23:03:41]

Given that chromeos/ is only allowed to depend on net/ and crypto/, it should be
saying nothing about what "Chrome" (namely, src/chrome, but logically,
src/content) is doing or how the threads are setup.

[stevenjb, 2013/06/07 02:37:47]

This is still the chrome project codebase. We commonly make helpful statements
like this. The 'e.g.' is implied, but I will add it explicitly.

[Ryan Sleevi, 2013/06/07 23:12:43]

Sorry I wasn't clear here.

Even though this is the Chrome codebase, we still try to ensure that comments
reflect the code layering and separation. That is, code in net/ should not
reference how chrome/ is implemented, because chrome/ depends on net/, not
vice-versa.

Similarly, code in chromeos/ shouldn't mention how chrome/ is implemented,
because chromeos/ doesn't depend on chrome/. This is why, for example, in net/,
we talk about "the network task runner", rather than the IO thread.

The problem with these comments, beyond them getting "out of date" (an argument
against any comments, for sure), is that they highlight poor design assumptions.
chromeos/ should just focus on how it *SHOULD BE* used, without having to talk
about how it *IS* used.

+  void Init(const scoped_refptr<base::SequencedTaskRunner>& crypto_task_runner);
 
   void RequestCertificates();
+  void CallOpenPersistentNSSDB();
 
   // This is the cyclic chain of callbacks to initialize the TPM token and to
   // kick off the update of the certificate list.
   void InitializeTokenAndLoadCertificates();
   void RetryTokenInitializationLater();
   void OnTpmIsEnabled(DBusMethodCallStatus call_status,
                       bool tpm_is_enabled);
   void OnPkcs11IsTpmTokenReady(DBusMethodCallStatus call_status,
                                bool is_tpm_token_ready);
   void OnPkcs11GetTpmTokenInfo(DBusMethodCallStatus call_status,
                                const std::string& token_name,
                                const std::string& user_pin);
+  void CallInitializeTPMToken();
   void InitializeNSSForTPMToken();
 
   // These calls handle the updating of the certificate list after the TPM token
   // was initialized.
   void StartLoadCertificates();
   void UpdateCertificates(net::CertificateList* cert_list);
 
   void NotifyCertificatesLoaded(bool initial_load);
 
   // net::CertDatabase::Observer
@@ skipping 12 matching lines @@
   bool certificates_update_running_;
 
   // The states are traversed in this order but some might get omitted or never
   // be left.
   enum TPMTokenState {
     TPM_STATE_UNKNOWN,
     TPM_DISABLED,
     TPM_ENABLED,
     TPM_TOKEN_READY,
     TPM_TOKEN_INFO_RECEIVED,
+    TPM_TOKEN_INITIALIZED,
     TPM_TOKEN_NSS_INITIALIZED,
   };
   TPMTokenState tpm_token_state_;
 
   // The current request delay before the next attempt to initialize the
   // TPM. Will be adapted after each attempt.
   base::TimeDelta tpm_request_delay_;
 
   // Cached TPM token info.
   std::string tpm_token_name_;
   std::string tpm_token_slot_;
   std::string tpm_user_pin_;
 
   // Cached Certificates.
   net::CertificateList cert_list_;
 
   base::ThreadChecker thread_checker_;
 
   // This factory should be used only for callbacks during TPMToken
   // initialization.
   base::WeakPtrFactory<CertLoader> initialize_token_factory_;
 
   // This factory should be used only for callbacks during updating the
   // certificate list.
   base::WeakPtrFactory<CertLoader> update_certificates_factory_;
 
+  scoped_refptr<base::SequencedTaskRunner> main_task_runner_;
+  scoped_refptr<base::SequencedTaskRunner> crypto_task_runner_;
+
   DISALLOW_COPY_AND_ASSIGN(CertLoader);
 };
 
 }  // namespace chromeos
 
 #endif  // CHROMEOS_NETWORK_CERT_LOADER_H_