Chromium Code Reviews Chromium Code Reviews
Issue 2858113003:
Enable device-wide EAP-TLS networks (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/chrome_browser_main_chromeos.h" | 5 #include "chrome/browser/chromeos/chrome_browser_main_chromeos.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 #include <utility> | 10 #include <utility> |
| 11 #include <vector> | 11 #include <vector> |
| 12 | 12 |
| 13 #include "ash/shell.h" | 13 #include "ash/shell.h" |
| 14 #include "ash/sticky_keys/sticky_keys_controller.h" | 14 #include "ash/sticky_keys/sticky_keys_controller.h" |
| 15 #include "base/bind.h" | 15 #include "base/bind.h" |
| 16 #include "base/callback.h" | 16 #include "base/callback.h" |
| 17 #include "base/command_line.h" | 17 #include "base/command_line.h" |
| 18 #include "base/files/file_util.h" | 18 #include "base/files/file_util.h" |
| 19 #include "base/lazy_instance.h" | 19 #include "base/lazy_instance.h" |
| 20 #include "base/linux_util.h" | 20 #include "base/linux_util.h" |
| 21 #include "base/macros.h" | 21 #include "base/macros.h" |
| 22 #include "base/memory/ptr_util.h" | 22 #include "base/memory/ptr_util.h" |
| 23 #include "base/memory/weak_ptr.h" | |
| 23 #include "base/path_service.h" | 24 #include "base/path_service.h" |
| 24 #include "base/strings/string_number_conversions.h" | 25 #include "base/strings/string_number_conversions.h" |
| 25 #include "base/strings/string_split.h" | 26 #include "base/strings/string_split.h" |
| 26 #include "base/sys_info.h" | 27 #include "base/sys_info.h" |
| 27 #include "base/task_scheduler/post_task.h" | 28 #include "base/task_scheduler/post_task.h" |
| 28 #include "chrome/browser/browser_process.h" | 29 #include "chrome/browser/browser_process.h" |
| 29 #include "chrome/browser/browser_process_platform_part_chromeos.h" | 30 #include "chrome/browser/browser_process_platform_part_chromeos.h" |
| 30 #include "chrome/browser/chrome_notification_types.h" | 31 #include "chrome/browser/chrome_notification_types.h" |
| 31 #include "chrome/browser/chromeos/accessibility/accessibility_manager.h" | 32 #include "chrome/browser/chromeos/accessibility/accessibility_manager.h" |
| 32 #include "chrome/browser/chromeos/accessibility/magnification_manager.h" | 33 #include "chrome/browser/chromeos/accessibility/magnification_manager.h" |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 139 #include "components/user_manager/user.h" | 140 #include "components/user_manager/user.h" |
| 140 #include "components/user_manager/user_manager.h" | 141 #include "components/user_manager/user_manager.h" |
| 141 #include "components/user_manager/user_names.h" | 142 #include "components/user_manager/user_names.h" |
| 142 #include "components/version_info/version_info.h" | 143 #include "components/version_info/version_info.h" |
| 143 #include "components/wallpaper/wallpaper_manager_base.h" | 144 #include "components/wallpaper/wallpaper_manager_base.h" |
| 144 #include "content/public/browser/browser_thread.h" | 145 #include "content/public/browser/browser_thread.h" |
| 145 #include "content/public/browser/media_capture_devices.h" | 146 #include "content/public/browser/media_capture_devices.h" |
| 146 #include "content/public/browser/notification_service.h" | 147 #include "content/public/browser/notification_service.h" |
| 147 #include "content/public/common/content_switches.h" | 148 #include "content/public/common/content_switches.h" |
| 148 #include "content/public/common/main_function_params.h" | 149 #include "content/public/common/main_function_params.h" |
| 150 #include "crypto/nss_util_internal.h" | |
| 151 #include "crypto/scoped_nss_types.h" | |
| 149 #include "dbus/object_path.h" | 152 #include "dbus/object_path.h" |
| 150 #include "device/bluetooth/bluetooth_adapter_factory.h" | 153 #include "device/bluetooth/bluetooth_adapter_factory.h" |
| 151 #include "device/bluetooth/dbus/bluez_dbus_manager.h" | 154 #include "device/bluetooth/dbus/bluez_dbus_manager.h" |
| 152 #include "media/audio/sounds/sounds_manager.h" | 155 #include "media/audio/sounds/sounds_manager.h" |
| 153 #include "net/base/network_change_notifier.h" | 156 #include "net/base/network_change_notifier.h" |
| 157 #include "net/cert/nss_cert_database.h" | |
| 158 #include "net/cert/nss_cert_database_chromeos.h" | |
| 154 #include "net/url_request/url_request.h" | 159 #include "net/url_request/url_request.h" |
| 155 #include "net/url_request/url_request_context_getter.h" | 160 #include "net/url_request/url_request_context_getter.h" |
| 156 #include "printing/backend/print_backend.h" | 161 #include "printing/backend/print_backend.h" |
| 157 #include "rlz/features/features.h" | 162 #include "rlz/features/features.h" |
| 158 #include "third_party/cros_system_api/dbus/service_constants.h" | 163 #include "third_party/cros_system_api/dbus/service_constants.h" |
| 159 #include "ui/base/ime/chromeos/ime_keyboard.h" | 164 #include "ui/base/ime/chromeos/ime_keyboard.h" |
| 160 #include "ui/base/ime/chromeos/input_method_manager.h" | 165 #include "ui/base/ime/chromeos/input_method_manager.h" |
| 161 #include "ui/base/touch/touch_device.h" | 166 #include "ui/base/touch/touch_device.h" |
| 162 #include "ui/chromeos/events/event_rewriter_chromeos.h" | 167 #include "ui/chromeos/events/event_rewriter_chromeos.h" |
| 163 #include "ui/chromeos/events/pref_names.h" | 168 #include "ui/chromeos/events/pref_names.h" |
| (...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 358 std::unique_ptr<CrosDBusService> cros_dbus_service_; | 363 std::unique_ptr<CrosDBusService> cros_dbus_service_; |
| 359 | 364 |
| 360 std::unique_ptr<CrosDBusService> proxy_resolution_service_; | 365 std::unique_ptr<CrosDBusService> proxy_resolution_service_; |
| 361 std::unique_ptr<CrosDBusService> kiosk_info_service_; | 366 std::unique_ptr<CrosDBusService> kiosk_info_service_; |
| 362 | 367 |
| 363 std::unique_ptr<NetworkConnectDelegateChromeOS> network_connect_delegate_; | 368 std::unique_ptr<NetworkConnectDelegateChromeOS> network_connect_delegate_; |
| 364 | 369 |
| 365 DISALLOW_COPY_AND_ASSIGN(DBusServices); | 370 DISALLOW_COPY_AND_ASSIGN(DBusServices); |
| 366 }; | 371 }; |
| 367 | 372 |
| 373 // Initializes a global NSSCertDatabase for the system token and starts | |
| 374 // CertLoader with that database. | |
| 375 class SystemTokenCertDBInitializer { | |
| 376 public: | |
| 377 SystemTokenCertDBInitializer() : weak_ptr_factory_(this) {} | |
| 378 ~SystemTokenCertDBInitializer() {} | |
| 379 | |
| 380 // Entry point, called on UI thread. | |
| 381 void Initialize() { | |
| 382 content::BrowserThread::PostTask( | |
| 383 content::BrowserThread::IO, FROM_HERE, | |
| 384 base::BindOnce(&SystemTokenCertDBInitializer::GetSystemSlotOnIOThread, | |
| 385 weak_ptr_factory_.GetWeakPtr())); | |
| 386 } | |
| 387 | |
| 388 private: | |
| 389 // Called on IO Thread, initiates retrieval of system slot. | |
| 390 void GetSystemSlotOnIOThread() { | |
| 391 auto callback = | |
| 392 base::Bind(&SystemTokenCertDBInitializer::GotSystemSlotOnIOThread, | |
| 393 weak_ptr_factory_.GetWeakPtr()); | |
| 394 crypto::ScopedPK11Slot system_nss_slot = | |
| 395 crypto::GetSystemNSSKeySlot(callback); | |
| 396 if (system_nss_slot) { | |
| 397 callback.Run(std::move(system_nss_slot)); | |
| 398 } | |
| 399 } | |
| 400 | |
| 401 // Called on IO Thread when the system slot has been retrieved. | |
| 402 void GotSystemSlotOnIOThread(crypto::ScopedPK11Slot system_slot) { | |
| 403 content::BrowserThread::PostTask( | |
| 404 content::BrowserThread::UI, FROM_HERE, | |
| 405 base::BindOnce(&SystemTokenCertDBInitializer::InitializeDatabase, | |
| 406 weak_ptr_factory_.GetWeakPtr(), std::move(system_slot))); | |
| 407 } | |
| 408 | |
| 409 // Initializes the global system token NSSCertDatabase with |system_slot|. | |
| 410 // Also starts CertLoader with the system token database. | |
| 411 void InitializeDatabase(crypto::ScopedPK11Slot system_slot) { | |
| 412 // Currently, NSSCertDatabase requires a public slot to be set, so we use | |
| 413 // the system slot there. We also want GetSystemSlot() to return the system | |
| 414 // slot. As ScopedPK11Slot is actually a unique_ptr which will be moved into | |
| 415 // the NSSCertDatabase, we need to create a copy, referencing the same slot | |
| 416 // (using PK11_ReferenceSlot). | |
| 417 crypto::ScopedPK11Slot system_slot_copy = | |
| 418 crypto::ScopedPK11Slot(PK11_ReferenceSlot(system_slot.get())); | |
| 419 auto database = base::MakeUnique<net::NSSCertDatabaseChromeOS>( | |
| 420 std::move(system_slot) /* public_slot */, | |
| 421 crypto::ScopedPK11Slot() /* private_slot */); | |
| 422 database->SetSystemSlot(std::move(system_slot_copy)); | |
| 423 system_token_cert_database_ = std::move(database); | |
| 424 | |
| 425 CertLoader::Get()->SetSystemNSSDB(system_token_cert_database_.get()); | |
|
emaxx
2017/05/11 14:36:53
Another question is whether the lifetime of this N
emaxx
2017/05/11 14:36:53
Is CertLoader guaranteed to be initialized at this
pmarko
2017/05/11 17:24:57
Order: For a moment I thought this could be a prob
pmarko
2017/05/11 17:24:57
Actually, I've added an explicit reset() to the un
| |
| 426 } | |
| 427 | |
| 428 // Global NSSCertDatabase which sees the system token. | |
| 429 std::unique_ptr<net::NSSCertDatabase> system_token_cert_database_; | |
| 430 | |
| 431 base::WeakPtrFactory<SystemTokenCertDBInitializer> weak_ptr_factory_; | |
| 432 }; | |
| 433 | |
| 368 } // namespace internal | 434 } // namespace internal |
| 369 | 435 |
| 370 // ChromeBrowserMainPartsChromeos ---------------------------------------------- | 436 // ChromeBrowserMainPartsChromeos ---------------------------------------------- |
| 371 | 437 |
| 372 ChromeBrowserMainPartsChromeos::ChromeBrowserMainPartsChromeos( | 438 ChromeBrowserMainPartsChromeos::ChromeBrowserMainPartsChromeos( |
| 373 const content::MainFunctionParams& parameters) | 439 const content::MainFunctionParams& parameters) |
| 374 : ChromeBrowserMainPartsLinux(parameters) { | 440 : ChromeBrowserMainPartsLinux(parameters) { |
| 375 } | 441 } |
| 376 | 442 |
| 377 ChromeBrowserMainPartsChromeos::~ChromeBrowserMainPartsChromeos() { | 443 ChromeBrowserMainPartsChromeos::~ChromeBrowserMainPartsChromeos() { |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 463 } | 529 } |
| 464 | 530 |
| 465 // Threads are initialized between MainMessageLoopStart and MainMessageLoopRun. | 531 // Threads are initialized between MainMessageLoopStart and MainMessageLoopRun. |
| 466 // about_flags settings are applied in ChromeBrowserMainParts::PreCreateThreads. | 532 // about_flags settings are applied in ChromeBrowserMainParts::PreCreateThreads. |
| 467 void ChromeBrowserMainPartsChromeos::PreMainMessageLoopRun() { | 533 void ChromeBrowserMainPartsChromeos::PreMainMessageLoopRun() { |
| 468 // Set the crypto thread after the IO thread has been created/started. | 534 // Set the crypto thread after the IO thread has been created/started. |
| 469 TPMTokenLoader::Get()->SetCryptoTaskRunner( | 535 TPMTokenLoader::Get()->SetCryptoTaskRunner( |
| 470 content::BrowserThread::GetTaskRunnerForThread( | 536 content::BrowserThread::GetTaskRunnerForThread( |
| 471 content::BrowserThread::IO)); | 537 content::BrowserThread::IO)); |
| 472 | 538 |
| 539 // Initialize NSS database for system token. | |
| 540 TPMTokenLoader::Get()->EnsureStarted(); | |
| 541 system_token_certdb_initializer_ = | |
| 542 base::MakeUnique<internal::SystemTokenCertDBInitializer>(); | |
| 543 system_token_certdb_initializer_->Initialize(); | |
| 544 | |
| 473 CrasAudioHandler::Initialize( | 545 CrasAudioHandler::Initialize( |
| 474 new AudioDevicesPrefHandlerImpl(g_browser_process->local_state())); | 546 new AudioDevicesPrefHandlerImpl(g_browser_process->local_state())); |
| 475 | 547 |
| 476 content::MediaCaptureDevices::GetInstance()->AddVideoCaptureObserver( | 548 content::MediaCaptureDevices::GetInstance()->AddVideoCaptureObserver( |
| 477 CrasAudioHandler::Get()); | 549 CrasAudioHandler::Get()); |
| 478 | 550 |
| 479 quirks::QuirksManager::Initialize( | 551 quirks::QuirksManager::Initialize( |
| 480 std::unique_ptr<quirks::QuirksManager::Delegate>( | 552 std::unique_ptr<quirks::QuirksManager::Delegate>( |
| 481 new quirks::QuirksManagerDelegateImpl()), | 553 new quirks::QuirksManagerDelegateImpl()), |
| 482 content::BrowserThread::GetBlockingPool(), | 554 content::BrowserThread::GetBlockingPool(), |
| (...skipping 518 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1001 | 1073 |
| 1002 ChromeBrowserMainPartsLinux::PostDestroyThreads(); | 1074 ChromeBrowserMainPartsLinux::PostDestroyThreads(); |
| 1003 | 1075 |
| 1004 // Destroy DeviceSettingsService after g_browser_process. | 1076 // Destroy DeviceSettingsService after g_browser_process. |
| 1005 DeviceSettingsService::Shutdown(); | 1077 DeviceSettingsService::Shutdown(); |
| 1006 | 1078 |
| 1007 chromeos::ShutdownCloseTracking(); | 1079 chromeos::ShutdownCloseTracking(); |
| 1008 } | 1080 } |
| 1009 | 1081 |
| 1010 } // namespace chromeos | 1082 } // namespace chromeos |
| OLD | NEW |
