*WIP* Store NSS slots per profile. Move keygen to chrome.

chrome/browser/profiles/profile_io_data.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/profiles/profile_io_data.h"
 
 #include <string>
 
 #include "base/basictypes.h"
 #include "base/bind.h"
@@ skipping 72 matching lines @@
 #include "net/url_request/url_request_job_factory_impl.h"
 
 #if defined(ENABLE_MANAGED_USERS)
 #include "chrome/browser/managed_mode/managed_mode_url_filter.h"
 #include "chrome/browser/managed_mode/managed_user_service.h"
 #include "chrome/browser/managed_mode/managed_user_service_factory.h"
 #endif
 
 #if defined(OS_CHROMEOS)
 #include "chrome/browser/chromeos/drive/drive_protocol_handler.h"
+#include "chrome/browser/chromeos/login/user.h"
+#include "chrome/browser/chromeos/login/user_manager.h"
+#include "chrome/browser/chromeos/net/client_cert_store_chromeos.h"
 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/policy/profile_policy_connector.h"
 #include "chrome/browser/policy/profile_policy_connector_factory.h"
+#include "chromeos/dbus/cryptohome_client.h"
+#include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/settings/cros_settings_names.h"
+#include "content/public/browser/nss_context.h"
+#include "crypto/nss_util.h"
+#include "crypto/nss_util_internal.h"
 #endif  // defined(OS_CHROMEOS)
 
 using content::BrowserContext;
 using content::BrowserThread;
 using content::ResourceContext;
 
 namespace {
 
 // ----------------------------------------------------------------------------
 // CookieMonster::Delegate implementation
@@ skipping 125 matching lines @@
   base::Closure policy_cert_trusted_callback =
       base::Bind(base::IgnoreResult(&content::BrowserThread::PostTask),
                  content::BrowserThread::UI,
                  FROM_HERE,
                  connector->GetPolicyCertTrustedCallback());
   scoped_ptr<policy::PolicyCertVerifier> cert_verifier(
       new policy::PolicyCertVerifier(policy_cert_trusted_callback));
   connector->SetPolicyCertVerifier(cert_verifier.get());
   return cert_verifier.Pass();
 }
-#endif
+
+void DidGetTPMInfoForUserOnUIThread(const std::string& username_hash,
+                                    chromeos::DBusMethodCallStatus call_status,
+                                    const std::string& label,
+                                    const std::string& user_pin,
+                                    int slot_id) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  if (call_status == chromeos::DBUS_METHOD_CALL_FAILURE) {
+    NOTREACHED() << "dbus error getting TPM info for " << username_hash;
+    return;
+  }
+  VLOG(1) << __func__ << " "<< username_hash << " " << slot_id;
+  BrowserThread::PostTask(
+      BrowserThread::IO,
+      FROM_HERE,
+      base::Bind(
+          &crypto::InitializeTPMForChromeOSUser, username_hash, slot_id));
+}
+
+void GetTPMInfoForUserOnUIThread(const std::string& username,
+                                 const std::string& username_hash) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  VLOG(1) << __func__ << " " << username << " " << username_hash;
+  chromeos::DBusThreadManager::Get()
+      ->GetCryptohomeClient()
+      ->Pkcs11GetTpmTokenInfoForUser(
+            username,
+            base::Bind(&DidGetTPMInfoForUserOnUIThread, username_hash));
+}
+
+void StartTPMSlotInitializionOnIOThread(const std::string& username,
+                                        const std::string& username_hash) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+  VLOG(1) << __func__ << " " << username << " " << username_hash;
+
+  BrowserThread::PostTask(
+      BrowserThread::UI,
+      FROM_HERE,
+      base::Bind(&GetTPMInfoForUserOnUIThread, username, username_hash));
+}
+
+void StartNSSInitOnIOThread(const std::string& username,
+                            const std::string& username_hash,
+                            const base::FilePath& path,
+                            bool is_primary_user) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+  VLOG(1) << "username:" << username << "  hash:" << username_hash
+          << "  is_primary_user:" << is_primary_user;
+
+  if (!crypto::InitializeNSSForChromeOSUser(
+      username, username_hash, is_primary_user, path))
+    return;
+
+  if (crypto::IsTPMTokenEnabledForNSS()) {
+    if (crypto::IsTPMTokenReady()) {
+      StartTPMSlotInitializionOnIOThread(username, username_hash);
+    } else {
+      VLOG(1) << "waiting for tpm ready ...";
+      crypto::OnTPMReady(base::Bind(
+          &StartTPMSlotInitializionOnIOThread, username, username_hash));
+    }
+  } else {
+    crypto::InitializePrivateSoftwareSlotForChromeOSUser(username_hash);
+  }
+}
+#endif  // defined(OS_CHROMEOS)
 }  // namespace
 
 void ProfileIOData::InitializeOnUIThread(Profile* profile) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   PrefService* pref_service = profile->GetPrefs();
   PrefService* local_state_pref_service = g_browser_process->local_state();
 
   scoped_ptr<ProfileParams> params(new ProfileParams);
   params->path = profile->GetPath();
 
@@ skipping 37 matching lines @@
       .reset(ProxyServiceFactory::CreateProxyConfigService(
            profile->GetProxyConfigTracker()));
 #if defined(ENABLE_MANAGED_USERS)
   ManagedUserService* managed_user_service =
       ManagedUserServiceFactory::GetForProfile(profile);
   params->managed_mode_url_filter =
       managed_user_service->GetURLFilterForIOThread();
 #endif
 #if defined(OS_CHROMEOS)
   params->cert_verifier = CreatePolicyCertVerifier(profile);
+  chromeos::UserManager* user_manager = chromeos::UserManager::Get();
+  if (user_manager) {
+    chromeos::User* user = user_manager->GetUserByProfile(profile);
+    if (user) {
+      params->username_hash = user->username_hash();
+      bool is_primary_user = (user_manager->GetPrimaryUser() == user);
+      BrowserThread::PostTask(BrowserThread::IO,
+                              FROM_HERE,
+                              base::Bind(&StartNSSInitOnIOThread,
+                                         user->email(),
+                                         user->username_hash(),
+                                         profile->GetPath(),
+                                         is_primary_user));
+    }
+  }
+  if (params->username_hash.empty())
+    LOG(WARNING) << "no username_hash";
 #endif
 
   params->profile = profile;
   profile_params_.reset(params.release());
 
   ChromeNetworkDelegate::InitializePrefsOnUIThread(
       &enable_referrers_,
       &enable_do_not_track_,
       &force_safesearch_,
       pref_service);
@@ skipping 396 matching lines @@
 }
 
 net::URLRequestContext* ProfileIOData::ResourceContext::GetRequestContext()  {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   DCHECK(io_data_->initialized_);
   return request_context_;
 }
 
 scoped_ptr<net::ClientCertStore>
 ProfileIOData::ResourceContext::CreateClientCertStore() {
-#if !defined(USE_OPENSSL)
+#if defined(OS_CHROMEOS)
+  return scoped_ptr<net::ClientCertStore>(
+      new chromeos::ClientCertStoreChromeOS(this));
+#elif !defined(USE_OPENSSL)
   return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreImpl());
 #else
   // OpenSSL does not use the ClientCertStore infrastructure. On Android client
   // cert matching is done by the OS as part of the call to show the cert
   // selection dialog.
   return scoped_ptr<net::ClientCertStore>();
 #endif
 }
 
 bool ProfileIOData::ResourceContext::AllowMicAccess(const GURL& origin) {
@@ skipping 107 matching lines @@
   }
 
 #if defined(ENABLE_MANAGED_USERS)
   managed_mode_url_filter_ = profile_params_->managed_mode_url_filter;
 #endif
 
 #if defined(OS_CHROMEOS)
   profile_params_->cert_verifier->InitializeOnIOThread();
   cert_verifier_ = profile_params_->cert_verifier.Pass();
   main_request_context_->set_cert_verifier(cert_verifier_.get());
+
+  content::SetChromeOSUserForResourceContext(resource_context_.get(),
+                                             profile_params_->username_hash);
 #else
   main_request_context_->set_cert_verifier(
       io_thread_globals->cert_verifier.get());
 #endif
 
   InitializeInternal(profile_params_.get(), protocol_handlers);
 
   profile_params_.reset();
   initialized_ = true;
 }
@@ skipping 137 matching lines @@
 void ProfileIOData::SetCookieSettingsForTesting(
     CookieSettings* cookie_settings) {
   DCHECK(!cookie_settings_.get());
   cookie_settings_ = cookie_settings;
 }
 
 void ProfileIOData::set_signin_names_for_testing(
     SigninNamesOnIOThread* signin_names) {
   signin_names_.reset(signin_names);
 }