Restart the host when the third party auth certificate changes

remoting/host/linux/certificate_watcher.cc

Index: remoting/host/linux/certificate_watcher.cc
diff --git a/remoting/host/linux/certificate_watcher.cc b/remoting/host/linux/certificate_watcher.cc
new file mode 100644
index 0000000000000000000000000000000000000000..ad05c9ea8d2d98e5ab4536b37ae61de6dc274dfe
--- /dev/null
+++ b/remoting/host/linux/certificate_watcher.cc
@@ -0,0 +1,169 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "certificate_watcher.h"
+
+#include "base/bind.h"
+#include "base/location.h"
+#include "base/logging.h"
+
+namespace remoting {
+
+// Full Path: $HOME/.pki/nssdb
+const char kNSSEnvironmentPrefix[] = "HOME";
+const char kNSSWatchPathToHome[] = "/.pki/nssdb";
+
+/* Impl Class */
+
+class CertificateWatcherImpl : public CertificateWatcherImplInterface {
+ public:
+  // Will not take ownership of watcher
+  CertificateWatcherImpl(scoped_refptr<base::SingleThreadTaskRunner>
+                             io_task_runner,
+                         scoped_refptr<base::SingleThreadTaskRunner>
+                             suicide_task_runner,
+                         int suicide_delay,
+                         const CertificateWatcher::SuicideAction&
+                             suicide_action,
+                         CertificateWatcher* watcher);
+  void Start() override;
+  void Stop() override;
+  void ScheduleSuicide() override;
+
+ private:
+  // The time to way to execute suicide_action_ after the suicide is scheduled.
+  int suicide_delay_;
+
+  // Will be called when a suicide is scheduled
+  const CertificateWatcher::SuicideAction suicide_action_;
+
+  CertificateWatcher* watcher_;
+
+  // The thread to watch file changes
+  scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_;
+
+  // The thread to post suicide task
+  scoped_refptr<base::SingleThreadTaskRunner> suicide_task_runner_;
+
+  // The file watcher to watch certificate
+  scoped_ptr<base::FilePathWatcher> file_watcher_;
+
+  // path of the NSS files/directories
+  base::FilePath nss_watch_path_;
+
+  void WatchOnIO();
+  void StopOnIO();
+  void OnNSSUpdate(const base::FilePath& path, bool error);
+
+  DISALLOW_COPY_AND_ASSIGN(CertificateWatcherImpl);
+};
+
+
+CertificateWatcherImpl::CertificateWatcherImpl
+        (scoped_refptr<base::SingleThreadTaskRunner> io_task_runner,
+         scoped_refptr<base::SingleThreadTaskRunner> suicide_task_runner,
+         int suicide_delay,
+         const CertificateWatcher::SuicideAction& suicide_action,
+         CertificateWatcher* watcher) :
+      suicide_delay_(suicide_delay),
+      suicide_action_(suicide_action),
+      watcher_(watcher),
+      io_task_runner_(io_task_runner),
+      suicide_task_runner_(suicide_task_runner),
+      nss_watch_path_(getenv(kNSSEnvironmentPrefix) +
+                      std::string(kNSSWatchPathToHome)) {}
+
+void CertificateWatcherImpl::Start() {
+  io_task_runner_->PostTask(FROM_HERE,
+                            base::Bind(&CertificateWatcherImpl::WatchOnIO,
+                                       base::Unretained(this)));
+}
+
+void CertificateWatcherImpl::Stop() {
+  io_task_runner_->PostTask(FROM_HERE,
+                            base::Bind(&CertificateWatcherImpl::StopOnIO,
+                                       base::Unretained(this)));
+}
+
+void CertificateWatcherImpl::ScheduleSuicide() {
+  suicide_task_runner_->PostDelayedTask(FROM_HERE, suicide_action_,
+                                base::TimeDelta::FromSeconds(suicide_delay_));

[Sergey Ulanov, 2016/03/29 19:40:04]

this line is not indented correctly. Please use clang-format:
https://chromium.googlesource.com/chromium/src/+/master/docs/clang_format.md

[Yuwei, 2016/03/29 19:57:02]

Acknowledged.

[Yuwei, 2016/03/30 18:47:45]

Done. Have run clang-format

+}
+
+void CertificateWatcherImpl::WatchOnIO() {
+  DCHECK(io_task_runner_->BelongsToCurrentThread());
+
+  file_watcher_.reset(new base::FilePathWatcher());
+  file_watcher_->Watch(nss_watch_path_, true,
+                       base::Bind(&CertificateWatcherImpl::OnNSSUpdate,
+                                  base::Unretained(this)));
+}
+
+void CertificateWatcherImpl::StopOnIO() {
+  DCHECK(io_task_runner_->BelongsToCurrentThread());
+
+  file_watcher_.reset();
+}
+
+void CertificateWatcherImpl::OnNSSUpdate(const base::FilePath& path,
+                                         bool error) {
+  if (!error && path == nss_watch_path_) {
+    watcher_->OnUpdate();
+  }
+}
+
+/* Watcher */
+
+CertificateWatcher::CertificateWatcher(
+    scoped_refptr<base::SingleThreadTaskRunner> io_task_runner,
+    scoped_refptr<base::SingleThreadTaskRunner> suicide_task_runner,
+    int suicide_delay, const SuicideAction& suicide_action) :
+        impl_(new CertificateWatcherImpl(io_task_runner, suicide_task_runner,
+                                         suicide_delay, suicide_action,
+                                         this)) {}
+
+CertificateWatcher::CertificateWatcher(CertificateWatcherImplInterface* impl) :
+    impl_(impl) {}
+
+CertificateWatcher::~CertificateWatcher() {
+  Stop();
+}
+
+void CertificateWatcher::Start() {
+  impl_->Start();
+  LOG(INFO) << "Started watching certificate changes.";
+}
+
+void CertificateWatcher::Stop() {
+  impl_->Stop();
+  LOG(INFO) << "Stopped watching certificate changes.";
+}
+
+void CertificateWatcher::Inhibit() {
+  inhibit_mode_ = true;
+  LOG(INFO) << "Inhibit mode on. Will not suicide until connection drops.";
+}
+
+void CertificateWatcher::Uninhibit() {
+  inhibit_mode_ = false;
+  if (suicide_scheduled_) {
+    impl_->ScheduleSuicide();
+    LOG(INFO) << "Certificate was updated in inhibit mode. Schedule a suicide.";
+  }
+}
+
+void CertificateWatcher::OnUpdate() {
+  if (!suicide_scheduled_) {
+    suicide_scheduled_ = true;
+    if (inhibit_mode_) {
+      LOG(INFO) << "Inhibit mode is on. "
+                   "Will postpone suicide until disconnection.";
+      return;
+    }
+    impl_->ScheduleSuicide();
+    LOG(INFO) << "Certificate updated. Scheduled a suicide.";
+  }
+}
+
+}

[Sergey Ulanov, 2016/03/29 19:40:04]

  // namespace remoting

[Yuwei, 2016/03/29 19:57:02]

Acknowledged.

[Yuwei, 2016/03/30 18:47:44]

Done.