Chromium Code Reviews Chromium Code Reviews
Issue 22327005:
Automatically resolve ClientCertificatePatterns. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROMEOS_CERT_LOADER_H_ | 5 #ifndef CHROMEOS_CERT_LOADER_H_ |
| 6 #define CHROMEOS_CERT_LOADER_H_ | 6 #define CHROMEOS_CERT_LOADER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 62 static void Shutdown(); | 62 static void Shutdown(); |
| 63 | 63 |
| 64 // Gets the global instance. Initialize() must be called first. | 64 // Gets the global instance. Initialize() must be called first. |
| 65 static CertLoader* Get(); | 65 static CertLoader* Get(); |
| 66 | 66 |
| 67 // Returns true if the global instance has been initialized. | 67 // Returns true if the global instance has been initialized. |
| 68 static bool IsInitialized(); | 68 static bool IsInitialized(); |
| 69 | 69 |
| 70 static std::string GetPkcs11IdForCert(const net::X509Certificate& cert); | 70 static std::string GetPkcs11IdForCert(const net::X509Certificate& cert); |
| 71 | 71 |
| 72 // By default, CertLoader tries to load the TPMToken only if running in a | |
| 73 // ChromeOS environment. If this function is called after Initialize() and | |
| 74 // before SetCryptoTaskRunner(). | |
|
stevenjb
2013/08/09 22:22:44
Second sentence is incomplete / unclear.
pneubeck (no reviews)
2013/08/09 22:46:44
Done.
| |
| 75 void InitializeTPMForTest(); | |
| 76 | |
| 72 // |crypto_task_runner| is the task runner that any synchronous crypto calls | 77 // |crypto_task_runner| is the task runner that any synchronous crypto calls |
| 73 // should be made from, e.g. in Chrome this is the IO thread. Must be called | 78 // should be made from, e.g. in Chrome this is the IO thread. Must be called |
| 74 // after the thread is started. Certificate loading will not happen unless | 79 // after the thread is started. Starts TPM initialization and Certificate |
| 75 // this is set. | 80 // loading. |
| 76 void SetCryptoTaskRunner( | 81 void SetCryptoTaskRunner( |
| 77 const scoped_refptr<base::SequencedTaskRunner>& crypto_task_runner); | 82 const scoped_refptr<base::SequencedTaskRunner>& crypto_task_runner); |
| 78 | 83 |
| 79 // Sets the task runner that any slow calls will be made from, e.g. calls | 84 // Sets the task runner that any slow calls will be made from, e.g. calls |
| 80 // to the NSS database. If not set, uses base::WorkerPool. | 85 // to the NSS database. If not set, uses base::WorkerPool. |
| 81 void SetSlowTaskRunnerForTest( | 86 void SetSlowTaskRunnerForTest( |
| 82 const scoped_refptr<base::TaskRunner>& task_runner); | 87 const scoped_refptr<base::TaskRunner>& task_runner); |
| 83 | 88 |
| 84 void AddObserver(CertLoader::Observer* observer); | 89 void AddObserver(CertLoader::Observer* observer); |
| 85 void RemoveObserver(CertLoader::Observer* observer); | 90 void RemoveObserver(CertLoader::Observer* observer); |
| (...skipping 12 matching lines...) Expand all Loading... | |
| 98 const std::string& tpm_token_slot() const { return tpm_token_slot_; } | 103 const std::string& tpm_token_slot() const { return tpm_token_slot_; } |
| 99 const std::string& tpm_user_pin() const { return tpm_user_pin_; } | 104 const std::string& tpm_user_pin() const { return tpm_user_pin_; } |
| 100 | 105 |
| 101 // This will be empty until certificates_loaded() is true. | 106 // This will be empty until certificates_loaded() is true. |
| 102 const net::CertificateList& cert_list() const { return cert_list_; } | 107 const net::CertificateList& cert_list() const { return cert_list_; } |
| 103 | 108 |
| 104 private: | 109 private: |
| 105 CertLoader(); | 110 CertLoader(); |
| 106 virtual ~CertLoader(); | 111 virtual ~CertLoader(); |
| 107 | 112 |
| 108 void Init(); | |
| 109 void MaybeRequestCertificates(); | 113 void MaybeRequestCertificates(); |
| 110 | 114 |
| 111 // This is the cyclic chain of callbacks to initialize the TPM token and to | 115 // This is the cyclic chain of callbacks to initialize the TPM token and to |
| 112 // kick off the update of the certificate list. | 116 // kick off the update of the certificate list. |
| 113 void InitializeTokenAndLoadCertificates(); | 117 void InitializeTokenAndLoadCertificates(); |
| 114 void RetryTokenInitializationLater(); | 118 void RetryTokenInitializationLater(); |
| 115 void OnPersistentNSSDBOpened(); | 119 void OnPersistentNSSDBOpened(); |
| 116 void OnTpmIsEnabled(DBusMethodCallStatus call_status, | 120 void OnTpmIsEnabled(DBusMethodCallStatus call_status, |
| 117 bool tpm_is_enabled); | 121 bool tpm_is_enabled); |
| 118 void OnPkcs11IsTpmTokenReady(DBusMethodCallStatus call_status, | 122 void OnPkcs11IsTpmTokenReady(DBusMethodCallStatus call_status, |
| 119 bool is_tpm_token_ready); | 123 bool is_tpm_token_ready); |
| 120 void OnPkcs11GetTpmTokenInfo(DBusMethodCallStatus call_status, | 124 void OnPkcs11GetTpmTokenInfo(DBusMethodCallStatus call_status, |
| 121 const std::string& token_name, | 125 const std::string& token_name, |
| 122 const std::string& user_pin); | 126 const std::string& user_pin); |
| 123 void OnTPMTokenInitialized(bool success); | 127 void OnTPMTokenInitialized(bool success); |
| 124 | 128 |
| 125 // These calls handle the updating of the certificate list after the TPM token | 129 // These calls handle the updating of the certificate list after the TPM token |
| 126 // was initialized. | 130 // was initialized. |
| 131 | |
| 132 // Start certificate loading. Must be called at most once. | |
| 127 void StartLoadCertificates(); | 133 void StartLoadCertificates(); |
| 134 | |
| 135 // Trigger a certificate load. If a certificate loading task is already in | |
| 136 // progress, will start a reload once the current task finised. | |
| 137 void LoadCertificates(); | |
| 138 | |
| 139 // Called if a certificate load task is finished. | |
| 128 void UpdateCertificates(net::CertificateList* cert_list); | 140 void UpdateCertificates(net::CertificateList* cert_list); |
| 129 | 141 |
| 130 void NotifyCertificatesLoaded(bool initial_load); | 142 void NotifyCertificatesLoaded(bool initial_load); |
| 131 | 143 |
| 132 // net::CertDatabase::Observer | 144 // net::CertDatabase::Observer |
| 133 virtual void OnCertTrustChanged(const net::X509Certificate* cert) OVERRIDE; | 145 virtual void OnCertTrustChanged(const net::X509Certificate* cert) OVERRIDE; |
| 134 virtual void OnCertAdded(const net::X509Certificate* cert) OVERRIDE; | 146 virtual void OnCertAdded(const net::X509Certificate* cert) OVERRIDE; |
| 135 virtual void OnCertRemoved(const net::X509Certificate* cert) OVERRIDE; | 147 virtual void OnCertRemoved(const net::X509Certificate* cert) OVERRIDE; |
| 136 | 148 |
| 137 // LoginState::Observer | 149 // LoginState::Observer |
| 138 virtual void LoggedInStateChanged(LoginState::LoggedInState state) OVERRIDE; | 150 virtual void LoggedInStateChanged(LoginState::LoggedInState state) OVERRIDE; |
| 139 | 151 |
| 152 bool initialize_tpm_for_test_; | |
| 153 | |
| 140 ObserverList<Observer> observers_; | 154 ObserverList<Observer> observers_; |
| 141 | 155 |
| 142 bool certificates_requested_; | 156 bool certificates_requested_; |
| 143 bool certificates_loaded_; | 157 bool certificates_loaded_; |
| 144 bool certificates_update_required_; | 158 bool certificates_update_required_; |
| 145 bool certificates_update_running_; | 159 bool certificates_update_running_; |
| 146 | 160 |
| 147 // The states are traversed in this order but some might get omitted or never | 161 // The states are traversed in this order but some might get omitted or never |
| 148 // be left. | 162 // be left. |
| 149 enum TPMTokenState { | 163 enum TPMTokenState { |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 184 // This factory should be used only for callbacks during updating the | 198 // This factory should be used only for callbacks during updating the |
| 185 // certificate list. | 199 // certificate list. |
| 186 base::WeakPtrFactory<CertLoader> update_certificates_factory_; | 200 base::WeakPtrFactory<CertLoader> update_certificates_factory_; |
| 187 | 201 |
| 188 DISALLOW_COPY_AND_ASSIGN(CertLoader); | 202 DISALLOW_COPY_AND_ASSIGN(CertLoader); |
| 189 }; | 203 }; |
| 190 | 204 |
| 191 } // namespace chromeos | 205 } // namespace chromeos |
| 192 | 206 |
| 193 #endif // CHROMEOS_CERT_LOADER_H_ | 207 #endif // CHROMEOS_CERT_LOADER_H_ |
| OLD | NEW |
