| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROMEOS_NETWORK_CERT_LOADER_H_ | 5 #ifndef CHROMEOS_NETWORK_CERT_LOADER_H_ |
| 6 #define CHROMEOS_NETWORK_CERT_LOADER_H_ | 6 #define CHROMEOS_NETWORK_CERT_LOADER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/memory/ref_counted.h" | 10 #include "base/memory/ref_counted.h" |
| 11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "base/memory/weak_ptr.h" | 12 #include "base/memory/weak_ptr.h" |
| 13 #include "base/observer_list_threadsafe.h" | 13 #include "base/observer_list_threadsafe.h" |
| 14 #include "base/threading/thread_checker.h" | 14 #include "base/threading/thread_checker.h" |
| 15 #include "chromeos/chromeos_export.h" | 15 #include "chromeos/chromeos_export.h" |
| 16 #include "chromeos/dbus/dbus_method_call_status.h" | 16 #include "chromeos/dbus/dbus_method_call_status.h" |
| 17 #include "chromeos/login/login_state.h" | 17 #include "chromeos/login/login_state.h" |
| 18 #include "chromeos/network/network_handler.h" | 18 #include "chromeos/network/network_handler.h" |
| 19 #include "net/cert/cert_database.h" | 19 #include "net/cert/cert_database.h" |
| 20 #include "net/cert/x509_certificate.h" | 20 #include "net/cert/x509_certificate.h" |
| 21 | 21 |
| 22 namespace base { |
| 23 class SequencedTaskRunner; |
| 24 } |
| 25 |
| 22 namespace crypto { | 26 namespace crypto { |
| 23 class SymmetricKey; | 27 class SymmetricKey; |
| 24 } | 28 } |
| 25 | 29 |
| 26 namespace chromeos { | 30 namespace chromeos { |
| 27 | 31 |
| 28 // This class is responsible for initializing the TPM token and loading | 32 // This class is responsible for initializing the TPM token and loading |
| 29 // certificates once the TPM is initialized. It is expected to be constructed | 33 // certificates once the TPM is initialized. It is expected to be constructed |
| 30 // on the UI thread and public methods should all be called from the UI thread. | 34 // on the UI thread and public methods should all be called from the UI thread. |
| 31 // When certificates have been loaded (after login completes), or the cert | 35 // When certificates have been loaded (after login completes), or the cert |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 70 const std::string& tpm_token_name() const { return tpm_token_name_; } | 74 const std::string& tpm_token_name() const { return tpm_token_name_; } |
| 71 const std::string& tpm_token_slot() const { return tpm_token_slot_; } | 75 const std::string& tpm_token_slot() const { return tpm_token_slot_; } |
| 72 const std::string& tpm_user_pin() const { return tpm_user_pin_; } | 76 const std::string& tpm_user_pin() const { return tpm_user_pin_; } |
| 73 | 77 |
| 74 // This will be empty until certificates_loaded() is true. | 78 // This will be empty until certificates_loaded() is true. |
| 75 const net::CertificateList& cert_list() const { return cert_list_; } | 79 const net::CertificateList& cert_list() const { return cert_list_; } |
| 76 | 80 |
| 77 private: | 81 private: |
| 78 friend class NetworkHandler; | 82 friend class NetworkHandler; |
| 79 CertLoader(); | 83 CertLoader(); |
| 84 // |crypto_task_runner| is the task runner that any synchronous crypto calls |
| 85 // should be made from. e.g. in Chrome this is the IO thread. |
| 86 void Init(const scoped_refptr<base::SequencedTaskRunner>& crypto_task_runner); |
| 80 | 87 |
| 81 void RequestCertificates(); | 88 void RequestCertificates(); |
| 82 | 89 |
| 83 // This is the cyclic chain of callbacks to initialize the TPM token and to | 90 // This is the cyclic chain of callbacks to initialize the TPM token and to |
| 84 // kick off the update of the certificate list. | 91 // kick off the update of the certificate list. |
| 92 void OnPersistentNSSDBOpened(); |
| 85 void InitializeTokenAndLoadCertificates(); | 93 void InitializeTokenAndLoadCertificates(); |
| 86 void RetryTokenInitializationLater(); | 94 void RetryTokenInitializationLater(); |
| 87 void OnTpmIsEnabled(DBusMethodCallStatus call_status, | 95 void OnTpmIsEnabled(DBusMethodCallStatus call_status, |
| 88 bool tpm_is_enabled); | 96 bool tpm_is_enabled); |
| 89 void OnPkcs11IsTpmTokenReady(DBusMethodCallStatus call_status, | 97 void OnPkcs11IsTpmTokenReady(DBusMethodCallStatus call_status, |
| 90 bool is_tpm_token_ready); | 98 bool is_tpm_token_ready); |
| 91 void OnPkcs11GetTpmTokenInfo(DBusMethodCallStatus call_status, | 99 void OnPkcs11GetTpmTokenInfo(DBusMethodCallStatus call_status, |
| 92 const std::string& token_name, | 100 const std::string& token_name, |
| 93 const std::string& user_pin); | 101 const std::string& user_pin); |
| 94 void InitializeNSSForTPMToken(); | 102 void OnTPMTokenInitialized(bool success); |
| 95 | 103 |
| 96 // These calls handle the updating of the certificate list after the TPM token | 104 // These calls handle the updating of the certificate list after the TPM token |
| 97 // was initialized. | 105 // was initialized. |
| 98 void StartLoadCertificates(); | 106 void StartLoadCertificates(); |
| 99 void UpdateCertificates(net::CertificateList* cert_list); | 107 void UpdateCertificates(net::CertificateList* cert_list); |
| 100 | 108 |
| 101 void NotifyCertificatesLoaded(bool initial_load); | 109 void NotifyCertificatesLoaded(bool initial_load); |
| 102 | 110 |
| 103 // net::CertDatabase::Observer | 111 // net::CertDatabase::Observer |
| 104 virtual void OnCertTrustChanged(const net::X509Certificate* cert) OVERRIDE; | 112 virtual void OnCertTrustChanged(const net::X509Certificate* cert) OVERRIDE; |
| 105 virtual void OnCertAdded(const net::X509Certificate* cert) OVERRIDE; | 113 virtual void OnCertAdded(const net::X509Certificate* cert) OVERRIDE; |
| 106 virtual void OnCertRemoved(const net::X509Certificate* cert) OVERRIDE; | 114 virtual void OnCertRemoved(const net::X509Certificate* cert) OVERRIDE; |
| 107 | 115 |
| 108 // LoginState::Observer | 116 // LoginState::Observer |
| 109 virtual void LoggedInStateChanged(LoginState::LoggedInState state) OVERRIDE; | 117 virtual void LoggedInStateChanged(LoginState::LoggedInState state) OVERRIDE; |
| 110 | 118 |
| 111 ObserverList<Observer> observers_; | 119 ObserverList<Observer> observers_; |
| 112 | 120 |
| 113 bool certificates_requested_; | 121 bool certificates_requested_; |
| 114 bool certificates_loaded_; | 122 bool certificates_loaded_; |
| 115 bool certificates_update_required_; | 123 bool certificates_update_required_; |
| 116 bool certificates_update_running_; | 124 bool certificates_update_running_; |
| 117 | 125 |
| 118 // The states are traversed in this order but some might get omitted or never | 126 // The states are traversed in this order but some might get omitted or never |
| 119 // be left. | 127 // be left. |
| 120 enum TPMTokenState { | 128 enum TPMTokenState { |
| 121 TPM_STATE_UNKNOWN, | 129 TPM_STATE_UNKNOWN, |
| 130 TPM_DB_OPENED, |
| 122 TPM_DISABLED, | 131 TPM_DISABLED, |
| 123 TPM_ENABLED, | 132 TPM_ENABLED, |
| 124 TPM_TOKEN_READY, | 133 TPM_TOKEN_READY, |
| 125 TPM_TOKEN_INFO_RECEIVED, | 134 TPM_TOKEN_INFO_RECEIVED, |
| 126 TPM_TOKEN_NSS_INITIALIZED, | 135 TPM_TOKEN_INITIALIZED, |
| 127 }; | 136 }; |
| 128 TPMTokenState tpm_token_state_; | 137 TPMTokenState tpm_token_state_; |
| 129 | 138 |
| 130 // The current request delay before the next attempt to initialize the | 139 // The current request delay before the next attempt to initialize the |
| 131 // TPM. Will be adapted after each attempt. | 140 // TPM. Will be adapted after each attempt. |
| 132 base::TimeDelta tpm_request_delay_; | 141 base::TimeDelta tpm_request_delay_; |
| 133 | 142 |
| 134 // Cached TPM token info. | 143 // Cached TPM token info. |
| 135 std::string tpm_token_name_; | 144 std::string tpm_token_name_; |
| 136 std::string tpm_token_slot_; | 145 std::string tpm_token_slot_; |
| 137 std::string tpm_user_pin_; | 146 std::string tpm_user_pin_; |
| 138 | 147 |
| 139 // Cached Certificates. | 148 // Cached Certificates. |
| 140 net::CertificateList cert_list_; | 149 net::CertificateList cert_list_; |
| 141 | 150 |
| 142 base::ThreadChecker thread_checker_; | 151 base::ThreadChecker thread_checker_; |
| 143 | 152 |
| 153 // TaskRunner for crypto calls. |
| 154 scoped_refptr<base::SequencedTaskRunner> crypto_task_runner_; |
| 155 |
| 144 // This factory should be used only for callbacks during TPMToken | 156 // This factory should be used only for callbacks during TPMToken |
| 145 // initialization. | 157 // initialization. |
| 146 base::WeakPtrFactory<CertLoader> initialize_token_factory_; | 158 base::WeakPtrFactory<CertLoader> initialize_token_factory_; |
| 147 | 159 |
| 148 // This factory should be used only for callbacks during updating the | 160 // This factory should be used only for callbacks during updating the |
| 149 // certificate list. | 161 // certificate list. |
| 150 base::WeakPtrFactory<CertLoader> update_certificates_factory_; | 162 base::WeakPtrFactory<CertLoader> update_certificates_factory_; |
| 151 | 163 |
| 152 DISALLOW_COPY_AND_ASSIGN(CertLoader); | 164 DISALLOW_COPY_AND_ASSIGN(CertLoader); |
| 153 }; | 165 }; |
| 154 | 166 |
| 155 } // namespace chromeos | 167 } // namespace chromeos |
| 156 | 168 |
| 157 #endif // CHROMEOS_NETWORK_CERT_LOADER_H_ | 169 #endif // CHROMEOS_NETWORK_CERT_LOADER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 15649018:
Call crypto::InitializeTPMToken on the IO thread (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src