Chromium Code Reviews Chromium Code Reviews
Issue 270663002:
Implemented profile-aware owner key loading. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/settings/session_manager_operation.h" | 5 #include "chrome/browser/chromeos/settings/session_manager_operation.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
| 10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
| 11 #include "base/stl_util.h" | 11 #include "base/stl_util.h" |
| 12 #include "base/task_runner_util.h" | 12 #include "base/task_runner_util.h" |
| 13 #include "base/threading/sequenced_worker_pool.h" | 13 #include "base/threading/sequenced_worker_pool.h" |
| 14 #include "chrome/browser/chromeos/login/user.h" | |
| 15 #include "chrome/browser/chromeos/login/user_manager.h" | |
| 14 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" | 16 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" |
| 15 #include "chrome/browser/chromeos/settings/owner_key_util.h" | 17 #include "chrome/browser/chromeos/settings/owner_key_util.h" |
| 18 #include "chrome/browser/net/nss_context.h" | |
| 16 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | 19 #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
| 17 #include "content/public/browser/browser_thread.h" | 20 #include "content/public/browser/browser_thread.h" |
| 18 #include "crypto/rsa_private_key.h" | 21 #include "crypto/rsa_private_key.h" |
| 19 #include "crypto/signature_creator.h" | 22 #include "crypto/signature_creator.h" |
| 20 #include "policy/proto/device_management_backend.pb.h" | 23 #include "policy/proto/device_management_backend.pb.h" |
| 21 | 24 |
| 22 namespace em = enterprise_management; | 25 namespace em = enterprise_management; |
| 23 | 26 |
| 24 namespace chromeos { | 27 namespace chromeos { |
| 25 | 28 |
| 29 namespace { | |
| 30 | |
| 31 Profile* GetProfileByUsername(const std::string& username) { | |
|
Mattias Nissler (ping if slow)
2014/05/13 11:55:53
No longer needed.
ygorshenin1
2014/05/14 09:10:58
Done.
| |
| 32 if (!UserManager::IsInitialized()) | |
| 33 return NULL; | |
| 34 UserManager* manager = UserManager::Get(); | |
| 35 const User* user = manager->FindUser(username); | |
| 36 if (!user || !user->is_profile_created()) | |
| 37 return NULL; | |
| 38 return manager->GetProfileByUser(user); | |
| 39 } | |
| 40 | |
| 41 } // namespace | |
| 42 | |
| 26 SessionManagerOperation::SessionManagerOperation(const Callback& callback) | 43 SessionManagerOperation::SessionManagerOperation(const Callback& callback) |
| 27 : session_manager_client_(NULL), | 44 : session_manager_client_(NULL), |
| 28 weak_factory_(this), | 45 weak_factory_(this), |
| 29 callback_(callback), | 46 callback_(callback), |
| 30 force_key_load_(false), | 47 force_key_load_(false), |
| 31 is_loading_(false) {} | 48 is_loading_(false) {} |
| 32 | 49 |
| 33 SessionManagerOperation::~SessionManagerOperation() {} | 50 SessionManagerOperation::~SessionManagerOperation() {} |
| 34 | 51 |
| 35 void SessionManagerOperation::Start( | 52 void SessionManagerOperation::Start( |
| (...skipping 29 matching lines...) Expand all Loading... | |
| 65 } | 82 } |
| 66 | 83 |
| 67 void SessionManagerOperation::ReportResult( | 84 void SessionManagerOperation::ReportResult( |
| 68 DeviceSettingsService::Status status) { | 85 DeviceSettingsService::Status status) { |
| 69 callback_.Run(this, status); | 86 callback_.Run(this, status); |
| 70 } | 87 } |
| 71 | 88 |
| 72 void SessionManagerOperation::EnsureOwnerKey(const base::Closure& callback) { | 89 void SessionManagerOperation::EnsureOwnerKey(const base::Closure& callback) { |
| 73 if (force_key_load_ || !owner_key_.get() || !owner_key_->public_key()) { | 90 if (force_key_load_ || !owner_key_.get() || !owner_key_->public_key()) { |
| 74 scoped_refptr<base::TaskRunner> task_runner = | 91 scoped_refptr<base::TaskRunner> task_runner = |
| 75 content::BrowserThread::GetBlockingPool()-> | 92 content::BrowserThread::GetBlockingPool() |
| 76 GetTaskRunnerWithShutdownBehavior( | 93 ->GetTaskRunnerWithShutdownBehavior( |
| 77 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); | 94 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); |
| 78 base::PostTaskAndReplyWithResult( | 95 base::PostTaskAndReplyWithResult( |
| 79 task_runner.get(), | 96 task_runner.get(), |
| 80 FROM_HERE, | 97 FROM_HERE, |
| 81 base::Bind(&SessionManagerOperation::LoadOwnerKey, | 98 base::Bind(&SessionManagerOperation::LoadOwnerKey, |
| 82 owner_key_util_, owner_key_), | 99 owner_key_util_, |
| 100 owner_key_, | |
| 101 slot_), | |
| 83 base::Bind(&SessionManagerOperation::StoreOwnerKey, | 102 base::Bind(&SessionManagerOperation::StoreOwnerKey, |
| 84 weak_factory_.GetWeakPtr(), callback)); | 103 weak_factory_.GetWeakPtr(), |
| 104 callback)); | |
| 85 } else { | 105 } else { |
| 86 callback.Run(); | 106 callback.Run(); |
| 87 } | 107 } |
| 88 } | 108 } |
| 89 | 109 |
| 90 // static | 110 // static |
| 91 scoped_refptr<OwnerKey> SessionManagerOperation::LoadOwnerKey( | 111 scoped_refptr<OwnerKey> SessionManagerOperation::LoadOwnerKey( |
| 92 scoped_refptr<OwnerKeyUtil> util, | 112 scoped_refptr<OwnerKeyUtil> util, |
| 93 scoped_refptr<OwnerKey> current_key) { | 113 scoped_refptr<OwnerKey> current_key, |
| 114 PK11SlotInfo* slot) { | |
| 94 scoped_ptr<std::vector<uint8> > public_key; | 115 scoped_ptr<std::vector<uint8> > public_key; |
| 95 scoped_ptr<crypto::RSAPrivateKey> private_key; | 116 scoped_ptr<crypto::RSAPrivateKey> private_key; |
| 96 | 117 |
| 97 // Keep any already-existing keys. | 118 // Keep any already-existing keys. |
| 98 if (current_key.get()) { | 119 if (current_key.get()) { |
| 99 if (current_key->public_key()) | 120 if (current_key->public_key()) |
| 100 public_key.reset(new std::vector<uint8>(*current_key->public_key())); | 121 public_key.reset(new std::vector<uint8>(*current_key->public_key())); |
| 101 if (current_key->private_key()) | 122 if (current_key->private_key()) |
| 102 private_key.reset(current_key->private_key()->Copy()); | 123 private_key.reset(current_key->private_key()->Copy()); |
| 103 } | 124 } |
| 104 | 125 |
| 105 if (!public_key.get() && util->IsPublicKeyPresent()) { | 126 if (!public_key.get() && util->IsPublicKeyPresent()) { |
| 106 public_key.reset(new std::vector<uint8>()); | 127 public_key.reset(new std::vector<uint8>()); |
| 107 if (!util->ImportPublicKey(public_key.get())) | 128 if (!util->ImportPublicKey(public_key.get())) |
| 108 LOG(ERROR) << "Failed to load public owner key."; | 129 LOG(ERROR) << "Failed to load public owner key."; |
| 109 } | 130 } |
| 110 | 131 |
| 111 if (public_key.get() && !private_key.get()) { | 132 if (public_key.get() && !private_key.get()) { |
| 112 private_key.reset(util->FindPrivateKey(*public_key)); | 133 private_key.reset(util->FindPrivateKeyInSlot(*public_key, slot)); |
| 113 if (!private_key.get()) | 134 if (!private_key.get()) |
| 114 VLOG(1) << "Failed to load private owner key."; | 135 VLOG(1) << "Failed to load private owner key."; |
| 115 } | 136 } |
| 116 | 137 |
| 117 return new OwnerKey(public_key.Pass(), private_key.Pass()); | 138 return new OwnerKey(public_key.Pass(), private_key.Pass()); |
| 118 } | 139 } |
| 119 | 140 |
| 120 void SessionManagerOperation::StoreOwnerKey(const base::Closure& callback, | 141 void SessionManagerOperation::StoreOwnerKey(const base::Closure& callback, |
| 121 scoped_refptr<OwnerKey> new_key) { | 142 scoped_refptr<OwnerKey> new_key) { |
| 122 force_key_load_ = false; | 143 force_key_load_ = false; |
| (...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 322 } | 343 } |
| 323 | 344 |
| 324 void SignAndStoreSettingsOperation::HandleStoreResult(bool success) { | 345 void SignAndStoreSettingsOperation::HandleStoreResult(bool success) { |
| 325 if (!success) | 346 if (!success) |
| 326 ReportResult(DeviceSettingsService::STORE_OPERATION_FAILED); | 347 ReportResult(DeviceSettingsService::STORE_OPERATION_FAILED); |
| 327 else | 348 else |
| 328 StartLoading(); | 349 StartLoading(); |
| 329 } | 350 } |
| 330 | 351 |
| 331 } // namespace chromeos | 352 } // namespace chromeos |
| OLD | NEW |
