| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/cert_loader.h" | 5 #include "chromeos/cert_loader.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/chromeos/chromeos_version.h" | 9 #include "base/chromeos/chromeos_version.h" |
| 10 #include "base/message_loop/message_loop_proxy.h" | 10 #include "base/message_loop/message_loop_proxy.h" |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 57 } | 57 } |
| 58 | 58 |
| 59 } // namespace | 59 } // namespace |
| 60 | 60 |
| 61 static CertLoader* g_cert_loader = NULL; | 61 static CertLoader* g_cert_loader = NULL; |
| 62 | 62 |
| 63 // static | 63 // static |
| 64 void CertLoader::Initialize() { | 64 void CertLoader::Initialize() { |
| 65 CHECK(!g_cert_loader); | 65 CHECK(!g_cert_loader); |
| 66 g_cert_loader = new CertLoader(); | 66 g_cert_loader = new CertLoader(); |
| 67 g_cert_loader->Init(); | |
| 68 } | 67 } |
| 69 | 68 |
| 70 // static | 69 // static |
| 71 void CertLoader::Shutdown() { | 70 void CertLoader::Shutdown() { |
| 72 CHECK(g_cert_loader); | 71 CHECK(g_cert_loader); |
| 73 delete g_cert_loader; | 72 delete g_cert_loader; |
| 74 g_cert_loader = NULL; | 73 g_cert_loader = NULL; |
| 75 } | 74 } |
| 76 | 75 |
| 77 // static | 76 // static |
| 78 CertLoader* CertLoader::Get() { | 77 CertLoader* CertLoader::Get() { |
| 79 CHECK(g_cert_loader) << "CertLoader::Get() called before Initialize()"; | 78 CHECK(g_cert_loader) << "CertLoader::Get() called before Initialize()"; |
| 80 return g_cert_loader; | 79 return g_cert_loader; |
| 81 } | 80 } |
| 82 | 81 |
| 83 // static | 82 // static |
| 84 bool CertLoader::IsInitialized() { | 83 bool CertLoader::IsInitialized() { |
| 85 return g_cert_loader; | 84 return g_cert_loader; |
| 86 } | 85 } |
| 87 | 86 |
| 88 CertLoader::CertLoader() | 87 CertLoader::CertLoader() |
| 89 : certificates_requested_(false), | 88 : initialize_tpm_for_test_(false), |
| 89 certificates_requested_(false), |
| 90 certificates_loaded_(false), | 90 certificates_loaded_(false), |
| 91 certificates_update_required_(false), | 91 certificates_update_required_(false), |
| 92 certificates_update_running_(false), | 92 certificates_update_running_(false), |
| 93 tpm_token_state_(TPM_STATE_UNKNOWN), | 93 tpm_token_state_(TPM_STATE_UNKNOWN), |
| 94 tpm_request_delay_( | 94 tpm_request_delay_( |
| 95 base::TimeDelta::FromMilliseconds(kInitialRequestDelayMs)), | 95 base::TimeDelta::FromMilliseconds(kInitialRequestDelayMs)), |
| 96 initialize_token_factory_(this), | 96 initialize_token_factory_(this), |
| 97 update_certificates_factory_(this) { | 97 update_certificates_factory_(this) { |
| 98 if (LoginState::IsInitialized()) |
| 99 LoginState::Get()->AddObserver(this); |
| 98 } | 100 } |
| 99 | 101 |
| 100 void CertLoader::Init() { | 102 void CertLoader::InitializeTPMForTest() { |
| 101 net::CertDatabase::GetInstance()->AddObserver(this); | 103 initialize_tpm_for_test_ = true; |
| 102 if (LoginState::IsInitialized()) | |
| 103 LoginState::Get()->AddObserver(this); | |
| 104 } | 104 } |
| 105 | 105 |
| 106 void CertLoader::SetCryptoTaskRunner( | 106 void CertLoader::SetCryptoTaskRunner( |
| 107 const scoped_refptr<base::SequencedTaskRunner>& crypto_task_runner) { | 107 const scoped_refptr<base::SequencedTaskRunner>& crypto_task_runner) { |
| 108 crypto_task_runner_ = crypto_task_runner; | 108 crypto_task_runner_ = crypto_task_runner; |
| 109 MaybeRequestCertificates(); | 109 MaybeRequestCertificates(); |
| 110 } | 110 } |
| 111 | 111 |
| 112 void CertLoader::SetSlowTaskRunnerForTest( | 112 void CertLoader::SetSlowTaskRunnerForTest( |
| 113 const scoped_refptr<base::TaskRunner>& task_runner) { | 113 const scoped_refptr<base::TaskRunner>& task_runner) { |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 147 const bool logged_in = LoginState::IsInitialized() ? | 147 const bool logged_in = LoginState::IsInitialized() ? |
| 148 LoginState::Get()->IsUserLoggedIn() : false; | 148 LoginState::Get()->IsUserLoggedIn() : false; |
| 149 VLOG(1) << "RequestCertificates: " << logged_in; | 149 VLOG(1) << "RequestCertificates: " << logged_in; |
| 150 if (!logged_in) | 150 if (!logged_in) |
| 151 return; | 151 return; |
| 152 | 152 |
| 153 certificates_requested_ = true; | 153 certificates_requested_ = true; |
| 154 | 154 |
| 155 // Ensure we only initialize the TPM token once. | 155 // Ensure we only initialize the TPM token once. |
| 156 DCHECK_EQ(tpm_token_state_, TPM_STATE_UNKNOWN); | 156 DCHECK_EQ(tpm_token_state_, TPM_STATE_UNKNOWN); |
| 157 if (!base::chromeos::IsRunningOnChromeOS()) | 157 if (!initialize_tpm_for_test_ && !base::chromeos::IsRunningOnChromeOS()) |
| 158 tpm_token_state_ = TPM_DISABLED; |
| 159 |
| 160 // Treat TPM as disabled for guest users since they do not store certs. |
| 161 if (LoginState::IsInitialized() && LoginState::Get()->IsGuestUser()) |
| 158 tpm_token_state_ = TPM_DISABLED; | 162 tpm_token_state_ = TPM_DISABLED; |
| 159 | 163 |
| 160 InitializeTokenAndLoadCertificates(); | 164 InitializeTokenAndLoadCertificates(); |
| 161 } | 165 } |
| 162 | 166 |
| 163 void CertLoader::InitializeTokenAndLoadCertificates() { | 167 void CertLoader::InitializeTokenAndLoadCertificates() { |
| 164 CHECK(thread_checker_.CalledOnValidThread()); | 168 CHECK(thread_checker_.CalledOnValidThread()); |
| 165 VLOG(1) << "InitializeTokenAndLoadCertificates: " << tpm_token_state_; | 169 VLOG(1) << "InitializeTokenAndLoadCertificates: " << tpm_token_state_; |
| 166 | 170 |
| 167 // Treat TPM as disabled for guest users since they do not store certs. | |
| 168 if (LoginState::IsInitialized() && LoginState::Get()->IsGuestUser()) | |
| 169 tpm_token_state_ = TPM_DISABLED; | |
| 170 | |
| 171 switch (tpm_token_state_) { | 171 switch (tpm_token_state_) { |
| 172 case TPM_STATE_UNKNOWN: { | 172 case TPM_STATE_UNKNOWN: { |
| 173 crypto_task_runner_->PostTaskAndReply( | 173 crypto_task_runner_->PostTaskAndReply( |
| 174 FROM_HERE, | 174 FROM_HERE, |
| 175 base::Bind(&CallOpenPersistentNSSDB), | 175 base::Bind(&CallOpenPersistentNSSDB), |
| 176 base::Bind(&CertLoader::OnPersistentNSSDBOpened, | 176 base::Bind(&CertLoader::OnPersistentNSSDBOpened, |
| 177 initialize_token_factory_.GetWeakPtr())); | 177 initialize_token_factory_.GetWeakPtr())); |
| 178 return; | 178 return; |
| 179 } | 179 } |
| 180 case TPM_DB_OPENED: { | 180 case TPM_DB_OPENED: { |
| (...skipping 23 matching lines...) Expand all Loading... |
| 204 } | 204 } |
| 205 case TPM_TOKEN_INFO_RECEIVED: { | 205 case TPM_TOKEN_INFO_RECEIVED: { |
| 206 base::PostTaskAndReplyWithResult( | 206 base::PostTaskAndReplyWithResult( |
| 207 crypto_task_runner_.get(), | 207 crypto_task_runner_.get(), |
| 208 FROM_HERE, | 208 FROM_HERE, |
| 209 base::Bind( | 209 base::Bind( |
| 210 &crypto::InitializeTPMToken, tpm_token_name_, tpm_user_pin_), | 210 &crypto::InitializeTPMToken, tpm_token_name_, tpm_user_pin_), |
| 211 base::Bind(&CertLoader::OnTPMTokenInitialized, | 211 base::Bind(&CertLoader::OnTPMTokenInitialized, |
| 212 initialize_token_factory_.GetWeakPtr())); | 212 initialize_token_factory_.GetWeakPtr())); |
| 213 return; | 213 return; |
| 214 tpm_token_state_ = TPM_TOKEN_INITIALIZED; | |
| 215 // FALL_THROUGH_INTENDED | |
| 216 } | 214 } |
| 217 case TPM_TOKEN_INITIALIZED: { | 215 case TPM_TOKEN_INITIALIZED: { |
| 218 StartLoadCertificates(); | 216 StartLoadCertificates(); |
| 219 return; | 217 return; |
| 220 } | 218 } |
| 221 } | 219 } |
| 222 } | 220 } |
| 223 | 221 |
| 224 void CertLoader::RetryTokenInitializationLater() { | 222 void CertLoader::RetryTokenInitializationLater() { |
| 225 CHECK(thread_checker_.CalledOnValidThread()); | 223 CHECK(thread_checker_.CalledOnValidThread()); |
| 226 LOG(WARNING) << "Re-Requesting Certificates later."; | 224 LOG(WARNING) << "Retry token initialization later."; |
| 227 base::MessageLoop::current()->PostDelayedTask( | 225 base::MessageLoop::current()->PostDelayedTask( |
| 228 FROM_HERE, | 226 FROM_HERE, |
| 229 base::Bind(&CertLoader::InitializeTokenAndLoadCertificates, | 227 base::Bind(&CertLoader::InitializeTokenAndLoadCertificates, |
| 230 initialize_token_factory_.GetWeakPtr()), | 228 initialize_token_factory_.GetWeakPtr()), |
| 231 tpm_request_delay_); | 229 tpm_request_delay_); |
| 232 tpm_request_delay_ = GetNextRequestDelayMs(tpm_request_delay_); | 230 tpm_request_delay_ = GetNextRequestDelayMs(tpm_request_delay_); |
| 233 } | 231 } |
| 234 | 232 |
| 235 void CertLoader::OnPersistentNSSDBOpened() { | 233 void CertLoader::OnPersistentNSSDBOpened() { |
| 236 VLOG(1) << "PersistentNSSDBOpened"; | 234 VLOG(1) << "PersistentNSSDBOpened"; |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 317 VLOG(1) << "OnTPMTokenInitialized: " << success; | 315 VLOG(1) << "OnTPMTokenInitialized: " << success; |
| 318 if (!success) { | 316 if (!success) { |
| 319 RetryTokenInitializationLater(); | 317 RetryTokenInitializationLater(); |
| 320 return; | 318 return; |
| 321 } | 319 } |
| 322 tpm_token_state_ = TPM_TOKEN_INITIALIZED; | 320 tpm_token_state_ = TPM_TOKEN_INITIALIZED; |
| 323 InitializeTokenAndLoadCertificates(); | 321 InitializeTokenAndLoadCertificates(); |
| 324 } | 322 } |
| 325 | 323 |
| 326 void CertLoader::StartLoadCertificates() { | 324 void CertLoader::StartLoadCertificates() { |
| 325 DCHECK(!certificates_loaded_ && !certificates_update_running_); |
| 326 net::CertDatabase::GetInstance()->AddObserver(this); |
| 327 LoadCertificates(); |
| 328 } |
| 329 |
| 330 void CertLoader::LoadCertificates() { |
| 327 CHECK(thread_checker_.CalledOnValidThread()); | 331 CHECK(thread_checker_.CalledOnValidThread()); |
| 328 VLOG(1) << "StartLoadCertificates: " << certificates_update_running_; | 332 VLOG(1) << "LoadCertificates: " << certificates_update_running_; |
| 329 | 333 |
| 330 if (certificates_update_running_) { | 334 if (certificates_update_running_) { |
| 331 certificates_update_required_ = true; | 335 certificates_update_required_ = true; |
| 332 return; | 336 return; |
| 333 } | 337 } |
| 334 | 338 |
| 335 net::CertificateList* cert_list = new net::CertificateList; | 339 net::CertificateList* cert_list = new net::CertificateList; |
| 336 certificates_update_running_ = true; | 340 certificates_update_running_ = true; |
| 337 certificates_update_required_ = false; | 341 certificates_update_required_ = false; |
| 338 | 342 |
| (...skipping 15 matching lines...) Expand all Loading... |
| 354 | 358 |
| 355 // Ignore any existing certificates. | 359 // Ignore any existing certificates. |
| 356 cert_list_.swap(*cert_list); | 360 cert_list_.swap(*cert_list); |
| 357 | 361 |
| 358 bool initial_load = !certificates_loaded_; | 362 bool initial_load = !certificates_loaded_; |
| 359 certificates_loaded_ = true; | 363 certificates_loaded_ = true; |
| 360 NotifyCertificatesLoaded(initial_load); | 364 NotifyCertificatesLoaded(initial_load); |
| 361 | 365 |
| 362 certificates_update_running_ = false; | 366 certificates_update_running_ = false; |
| 363 if (certificates_update_required_) | 367 if (certificates_update_required_) |
| 364 StartLoadCertificates(); | 368 LoadCertificates(); |
| 365 } | 369 } |
| 366 | 370 |
| 367 void CertLoader::NotifyCertificatesLoaded(bool initial_load) { | 371 void CertLoader::NotifyCertificatesLoaded(bool initial_load) { |
| 368 FOR_EACH_OBSERVER(Observer, observers_, | 372 FOR_EACH_OBSERVER(Observer, observers_, |
| 369 OnCertificatesLoaded(cert_list_, initial_load)); | 373 OnCertificatesLoaded(cert_list_, initial_load)); |
| 370 } | 374 } |
| 371 | 375 |
| 372 void CertLoader::OnCertTrustChanged(const net::X509Certificate* cert) { | 376 void CertLoader::OnCertTrustChanged(const net::X509Certificate* cert) { |
| 373 } | 377 } |
| 374 | 378 |
| 375 void CertLoader::OnCertAdded(const net::X509Certificate* cert) { | 379 void CertLoader::OnCertAdded(const net::X509Certificate* cert) { |
| 376 VLOG(1) << "OnCertAdded"; | 380 VLOG(1) << "OnCertAdded"; |
| 377 StartLoadCertificates(); | 381 LoadCertificates(); |
| 378 } | 382 } |
| 379 | 383 |
| 380 void CertLoader::OnCertRemoved(const net::X509Certificate* cert) { | 384 void CertLoader::OnCertRemoved(const net::X509Certificate* cert) { |
| 381 VLOG(1) << "OnCertRemoved"; | 385 VLOG(1) << "OnCertRemoved"; |
| 382 StartLoadCertificates(); | 386 LoadCertificates(); |
| 383 } | 387 } |
| 384 | 388 |
| 385 void CertLoader::LoggedInStateChanged(LoginState::LoggedInState state) { | 389 void CertLoader::LoggedInStateChanged(LoginState::LoggedInState state) { |
| 386 VLOG(1) << "LoggedInStateChanged: " << state; | 390 VLOG(1) << "LoggedInStateChanged: " << state; |
| 387 MaybeRequestCertificates(); | 391 MaybeRequestCertificates(); |
| 388 } | 392 } |
| 389 | 393 |
| 390 } // namespace chromeos | 394 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 22327005:
Automatically resolve ClientCertificatePatterns. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src