| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/cert_loader.h" | 5 #include "chromeos/cert_loader.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/chromeos/chromeos_version.h" | 9 #include "base/chromeos/chromeos_version.h" |
| 10 #include "base/message_loop/message_loop_proxy.h" | 10 #include "base/message_loop/message_loop_proxy.h" |
| 11 #include "base/observer_list.h" | 11 #include "base/observer_list.h" |
| 12 #include "base/sequenced_task_runner.h" | 12 #include "base/sequenced_task_runner.h" |
| 13 #include "base/strings/string_number_conversions.h" | 13 #include "base/strings/string_number_conversions.h" |
| 14 #include "base/task_runner_util.h" | 14 #include "base/task_runner_util.h" |
| 15 #include "base/threading/worker_pool.h" | |
| 16 #include "chromeos/dbus/cryptohome_client.h" | 15 #include "chromeos/dbus/cryptohome_client.h" |
| 17 #include "chromeos/dbus/dbus_thread_manager.h" | 16 #include "chromeos/dbus/dbus_thread_manager.h" |
| 18 #include "crypto/encryptor.h" | 17 #include "crypto/encryptor.h" |
| 19 #include "crypto/nss_util.h" | 18 #include "crypto/nss_util.h" |
| 20 #include "crypto/sha2.h" | 19 #include "crypto/sha2.h" |
| 21 #include "crypto/symmetric_key.h" | 20 #include "crypto/symmetric_key.h" |
| 22 #include "net/cert/nss_cert_database.h" | 21 #include "net/cert/nss_cert_database.h" |
| 23 | 22 |
| 24 namespace chromeos { | 23 namespace chromeos { |
| 25 | 24 |
| (...skipping 27 matching lines...) Expand all Loading... |
| 53 | 52 |
| 54 // Ensure we've opened the user's key/certificate database. | 53 // Ensure we've opened the user's key/certificate database. |
| 55 crypto::OpenPersistentNSSDB(); | 54 crypto::OpenPersistentNSSDB(); |
| 56 if (base::chromeos::IsRunningOnChromeOS()) | 55 if (base::chromeos::IsRunningOnChromeOS()) |
| 57 crypto::EnableTPMTokenForNSS(); | 56 crypto::EnableTPMTokenForNSS(); |
| 58 } | 57 } |
| 59 | 58 |
| 60 } // namespace | 59 } // namespace |
| 61 | 60 |
| 62 static CertLoader* g_cert_loader = NULL; | 61 static CertLoader* g_cert_loader = NULL; |
| 62 |
| 63 // static | 63 // static |
| 64 void CertLoader::Initialize() { | 64 void CertLoader::Initialize( |
| 65 const scoped_refptr<base::TaskRunner>& task_runner) { |
| 65 CHECK(!g_cert_loader); | 66 CHECK(!g_cert_loader); |
| 66 g_cert_loader = new CertLoader(); | 67 CHECK(task_runner); |
| 68 g_cert_loader = new CertLoader(task_runner); |
| 67 g_cert_loader->Init(); | 69 g_cert_loader->Init(); |
| 68 } | 70 } |
| 69 | 71 |
| 70 // static | 72 // static |
| 71 void CertLoader::Shutdown() { | 73 void CertLoader::Shutdown() { |
| 72 CHECK(g_cert_loader); | 74 CHECK(g_cert_loader); |
| 73 delete g_cert_loader; | 75 delete g_cert_loader; |
| 74 g_cert_loader = NULL; | 76 g_cert_loader = NULL; |
| 75 } | 77 } |
| 76 | 78 |
| 77 // static | 79 // static |
| 78 CertLoader* CertLoader::Get() { | 80 CertLoader* CertLoader::Get() { |
| 79 CHECK(g_cert_loader) | 81 CHECK(g_cert_loader) |
| 80 << "CertLoader::Get() called before Initialize()"; | 82 << "CertLoader::Get() called before Initialize()"; |
| 81 return g_cert_loader; | 83 return g_cert_loader; |
| 82 } | 84 } |
| 83 | 85 |
| 84 // static | 86 // static |
| 85 bool CertLoader::IsInitialized() { | 87 bool CertLoader::IsInitialized() { |
| 86 return g_cert_loader; | 88 return g_cert_loader; |
| 87 } | 89 } |
| 88 | 90 |
| 89 CertLoader::CertLoader() | 91 CertLoader::CertLoader(const scoped_refptr<base::TaskRunner>& task_runner) |
| 90 : certificates_requested_(false), | 92 : certificates_requested_(false), |
| 91 certificates_loaded_(false), | 93 certificates_loaded_(false), |
| 92 certificates_update_required_(false), | 94 certificates_update_required_(false), |
| 93 certificates_update_running_(false), | 95 certificates_update_running_(false), |
| 94 tpm_token_state_(TPM_STATE_UNKNOWN), | 96 tpm_token_state_(TPM_STATE_UNKNOWN), |
| 95 tpm_request_delay_( | 97 tpm_request_delay_( |
| 96 base::TimeDelta::FromMilliseconds(kInitialRequestDelayMs)), | 98 base::TimeDelta::FromMilliseconds(kInitialRequestDelayMs)), |
| 99 worker_pool_task_runner_(task_runner), |
| 97 initialize_token_factory_(this), | 100 initialize_token_factory_(this), |
| 98 update_certificates_factory_(this) { | 101 update_certificates_factory_(this) { |
| 99 } | 102 } |
| 100 | 103 |
| 101 void CertLoader::Init() { | 104 void CertLoader::Init() { |
| 102 net::CertDatabase::GetInstance()->AddObserver(this); | 105 net::CertDatabase::GetInstance()->AddObserver(this); |
| 103 if (LoginState::IsInitialized()) | 106 if (LoginState::IsInitialized()) |
| 104 LoginState::Get()->AddObserver(this); | 107 LoginState::Get()->AddObserver(this); |
| 105 } | 108 } |
| 106 | 109 |
| (...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 320 VLOG(1) << "StartLoadCertificates: " << certificates_update_running_; | 323 VLOG(1) << "StartLoadCertificates: " << certificates_update_running_; |
| 321 | 324 |
| 322 if (certificates_update_running_) { | 325 if (certificates_update_running_) { |
| 323 certificates_update_required_ = true; | 326 certificates_update_required_ = true; |
| 324 return; | 327 return; |
| 325 } | 328 } |
| 326 | 329 |
| 327 net::CertificateList* cert_list = new net::CertificateList; | 330 net::CertificateList* cert_list = new net::CertificateList; |
| 328 certificates_update_running_ = true; | 331 certificates_update_running_ = true; |
| 329 certificates_update_required_ = false; | 332 certificates_update_required_ = false; |
| 330 base::WorkerPool::GetTaskRunner(true /* task_is_slow */)-> | 333 worker_pool_task_runner_->PostTaskAndReply( |
| 331 PostTaskAndReply( | 334 FROM_HERE, |
| 332 FROM_HERE, | 335 base::Bind(LoadNSSCertificates, cert_list), |
| 333 base::Bind(LoadNSSCertificates, cert_list), | 336 base::Bind(&CertLoader::UpdateCertificates, |
| 334 base::Bind(&CertLoader::UpdateCertificates, | 337 update_certificates_factory_.GetWeakPtr(), |
| 335 update_certificates_factory_.GetWeakPtr(), | 338 base::Owned(cert_list))); |
| 336 base::Owned(cert_list))); | |
| 337 } | 339 } |
| 338 | 340 |
| 339 void CertLoader::UpdateCertificates(net::CertificateList* cert_list) { | 341 void CertLoader::UpdateCertificates(net::CertificateList* cert_list) { |
| 340 CHECK(thread_checker_.CalledOnValidThread()); | 342 CHECK(thread_checker_.CalledOnValidThread()); |
| 341 DCHECK(certificates_update_running_); | 343 DCHECK(certificates_update_running_); |
| 342 VLOG(1) << "UpdateCertificates: " << cert_list->size(); | 344 VLOG(1) << "UpdateCertificates: " << cert_list->size(); |
| 343 | 345 |
| 344 // Ignore any existing certificates. | 346 // Ignore any existing certificates. |
| 345 cert_list_.swap(*cert_list); | 347 cert_list_.swap(*cert_list); |
| 346 | 348 |
| (...skipping 23 matching lines...) Expand all Loading... |
| 370 VLOG(1) << "OnCertRemoved"; | 372 VLOG(1) << "OnCertRemoved"; |
| 371 StartLoadCertificates(); | 373 StartLoadCertificates(); |
| 372 } | 374 } |
| 373 | 375 |
| 374 void CertLoader::LoggedInStateChanged(LoginState::LoggedInState state) { | 376 void CertLoader::LoggedInStateChanged(LoginState::LoggedInState state) { |
| 375 VLOG(1) << "LoggedInStateChanged: " << state; | 377 VLOG(1) << "LoggedInStateChanged: " << state; |
| 376 MaybeRequestCertificates(); | 378 MaybeRequestCertificates(); |
| 377 } | 379 } |
| 378 | 380 |
| 379 } // namespace chromeos | 381 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 20087002:
Add migration from CaCert NSS nicknames to PEM. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src