Index: chrome/browser/chromeos/chrome_browser_main_chromeos.cc |
diff --git a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc |
index 2840377dde423f13a1b377a78c932fa9ddbc48b7..4d3491328191d208bf6d632caa12ecc26cf9c166 100644 |
--- a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc |
+++ b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc |
@@ -146,11 +146,13 @@ |
#include "content/public/browser/notification_service.h" |
#include "content/public/common/content_switches.h" |
#include "content/public/common/main_function_params.h" |
+#include "crypto/nss_util_internal.h" |
#include "dbus/object_path.h" |
#include "device/bluetooth/bluetooth_adapter_factory.h" |
#include "device/bluetooth/dbus/bluez_dbus_manager.h" |
#include "media/audio/sounds/sounds_manager.h" |
#include "net/base/network_change_notifier.h" |
+#include "net/cert/nss_cert_database_chromeos.h" |
#include "net/url_request/url_request.h" |
#include "net/url_request/url_request_context_getter.h" |
#include "printing/backend/print_backend.h" |
@@ -365,6 +367,56 @@ class DBusServices { |
DISALLOW_COPY_AND_ASSIGN(DBusServices); |
}; |
+// Initializes a global NSSCertDatabase for the system token and starts |
+// CertLoader with that database. |
+class SystemTokenCertDBInitializer { |
+ public: |
+ // Entry point, called on UI thread. |
+ void Initialize() { |
+ content::BrowserThread::PostTask( |
+ content::BrowserThread::IO, FROM_HERE, |
+ base::BindOnce(&SystemTokenCertDBInitializer::GetSystemSlotOnIOThread, |
+ base::Unretained(this))); |
emaxx
2017/05/11 02:57:45
It seems to be unsafe to use Unretained(this) thro
pmarko
2017/05/11 11:49:17
You are right, this could get destroyed if we clos
|
+ } |
+ |
+ private: |
+ // Called on IO Thread, initiates retrieval of system slot. |
+ void GetSystemSlotOnIOThread() { |
+ auto callback = |
+ base::Bind(&SystemTokenCertDBInitializer::GotSystemSlotOnIOThread, |
+ base::Unretained(this)); |
+ crypto::ScopedPK11Slot system_nss_slot = |
emaxx
2017/05/11 02:57:46
nit: #include "crypto/scoped_nss_types.h"
pmarko
2017/05/11 11:49:17
Done.
|
+ crypto::GetSystemNSSKeySlot(callback); |
+ if (system_nss_slot) { |
+ callback.Run(std::move(system_nss_slot)); |
+ } |
+ } |
+ |
+ // Called on IO Thread when the system slot has been retrieved. |
+ void GotSystemSlotOnIOThread(crypto::ScopedPK11Slot system_slot) { |
+ content::BrowserThread::PostTask( |
+ content::BrowserThread::UI, FROM_HERE, |
+ base::BindOnce(&SystemTokenCertDBInitializer::InitializeDatabase, |
+ base::Unretained(this), std::move(system_slot))); |
+ } |
+ |
+ // Initializes the global system token NSSCertDatabase with |system_slot|. |
+ // Also starts CertLoader with the system token database. |
+ void InitializeDatabase(crypto::ScopedPK11Slot system_slot) { |
+ crypto::ScopedPK11Slot system_slot_copy = |
+ crypto::ScopedPK11Slot(PK11_ReferenceSlot(system_slot.get())); |
+ auto database = base::MakeUnique<net::NSSCertDatabaseChromeOS>( |
+ std::move(system_slot), crypto::ScopedPK11Slot()); |
emaxx
2017/05/11 02:57:46
nit: I'd prefer having some hints here for what th
pmarko
2017/05/11 11:49:17
Done.
|
+ database->SetSystemSlot(std::move(system_slot_copy)); |
emaxx
2017/05/11 02:57:46
I think this trick with passing the same slot twic
pmarko
2017/05/11 11:49:17
Done.
|
+ system_token_cert_database_ = std::move(database); |
+ |
+ CertLoader::Get()->StartWithSystemNSSDB(system_token_cert_database_.get()); |
+ } |
+ |
+ // Global NSSCertDatabase which sees the system token. |
+ std::unique_ptr<net::NSSCertDatabase> system_token_cert_database_; |
emaxx
2017/05/11 02:57:45
nit: #include "net/cert/nss_cert_database.h"
pmarko
2017/05/11 11:49:17
Done.
|
+}; |
+ |
} // namespace internal |
// ChromeBrowserMainPartsChromeos ---------------------------------------------- |
@@ -470,6 +522,12 @@ void ChromeBrowserMainPartsChromeos::PreMainMessageLoopRun() { |
content::BrowserThread::GetTaskRunnerForThread( |
content::BrowserThread::IO)); |
+ // Initialize NSS database for system token. |
+ TPMTokenLoader::Get()->EnsureStarted(); |
+ system_token_certdb_initializer_ = |
+ base::MakeUnique<internal::SystemTokenCertDBInitializer>(); |
+ system_token_certdb_initializer_->Initialize(); |
+ |
CrasAudioHandler::Initialize( |
new AudioDevicesPrefHandlerImpl(g_browser_process->local_state())); |