Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(375)

Unified Diff: chrome/browser/chromeos/chrome_browser_main_chromeos.cc

Issue 2858113003: Enable device-wide EAP-TLS networks (Closed)
Patch Set: std::unique_ptr<net::CertificateList> -> net::CertificateList where possible. Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/chromeos/chrome_browser_main_chromeos.cc
diff --git a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc
index 2840377dde423f13a1b377a78c932fa9ddbc48b7..efed2b558b1c5f73f56e623dd3ad437977d861b8 100644
--- a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc
+++ b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc
@@ -20,6 +20,7 @@
#include "base/linux_util.h"
#include "base/macros.h"
#include "base/memory/ptr_util.h"
+#include "base/memory/weak_ptr.h"
#include "base/path_service.h"
#include "base/strings/string_number_conversions.h"
#include "base/strings/string_split.h"
@@ -146,11 +147,15 @@
#include "content/public/browser/notification_service.h"
#include "content/public/common/content_switches.h"
#include "content/public/common/main_function_params.h"
+#include "crypto/nss_util_internal.h"
+#include "crypto/scoped_nss_types.h"
#include "dbus/object_path.h"
#include "device/bluetooth/bluetooth_adapter_factory.h"
#include "device/bluetooth/dbus/bluez_dbus_manager.h"
#include "media/audio/sounds/sounds_manager.h"
#include "net/base/network_change_notifier.h"
+#include "net/cert/nss_cert_database.h"
+#include "net/cert/nss_cert_database_chromeos.h"
#include "net/url_request/url_request.h"
#include "net/url_request/url_request_context_getter.h"
#include "printing/backend/print_backend.h"
@@ -365,6 +370,70 @@ class DBusServices {
DISALLOW_COPY_AND_ASSIGN(DBusServices);
};
+// Initializes a global NSSCertDatabase for the system token and starts
+// CertLoader with that database. Note that this is triggered from
+// PreMainMessageLoopRun, which is executed after PostMainMessageLoopStart,
+// where CertLoader is initialized. We can thus assume that CertLoader is
+// initialized.
+class SystemTokenCertDBInitializer {
+ public:
+ SystemTokenCertDBInitializer() : weak_ptr_factory_(this) {}
+ ~SystemTokenCertDBInitializer() {}
+
+ // Entry point, called on UI thread.
+ void Initialize() {
+ content::BrowserThread::PostTask(
+ content::BrowserThread::IO, FROM_HERE,
+ base::BindOnce(&SystemTokenCertDBInitializer::GetSystemSlotOnIOThread,
+ weak_ptr_factory_.GetWeakPtr()));
+ }
+
+ private:
+ // Called on IO Thread, initiates retrieval of system slot.
+ void GetSystemSlotOnIOThread() {
+ auto callback =
+ base::Bind(&SystemTokenCertDBInitializer::GotSystemSlotOnIOThread,
stevenjb 2017/05/11 18:25:35 nit: BindRepeating?
pmarko 2017/05/11 21:01:46 Done.
+ weak_ptr_factory_.GetWeakPtr());
+ crypto::ScopedPK11Slot system_nss_slot =
+ crypto::GetSystemNSSKeySlot(callback);
+ if (system_nss_slot) {
+ callback.Run(std::move(system_nss_slot));
+ }
+ }
+
+ // Called on IO Thread when the system slot has been retrieved.
+ void GotSystemSlotOnIOThread(crypto::ScopedPK11Slot system_slot) {
+ content::BrowserThread::PostTask(
+ content::BrowserThread::UI, FROM_HERE,
+ base::BindOnce(&SystemTokenCertDBInitializer::InitializeDatabase,
+ weak_ptr_factory_.GetWeakPtr(), std::move(system_slot)));
+ }
+
+ // Initializes the global system token NSSCertDatabase with |system_slot|.
+ // Also starts CertLoader with the system token database.
+ void InitializeDatabase(crypto::ScopedPK11Slot system_slot) {
+ // Currently, NSSCertDatabase requires a public slot to be set, so we use
+ // the system slot there. We also want GetSystemSlot() to return the system
+ // slot. As ScopedPK11Slot is actually a unique_ptr which will be moved into
+ // the NSSCertDatabase, we need to create a copy, referencing the same slot
+ // (using PK11_ReferenceSlot).
+ crypto::ScopedPK11Slot system_slot_copy =
+ crypto::ScopedPK11Slot(PK11_ReferenceSlot(system_slot.get()));
+ auto database = base::MakeUnique<net::NSSCertDatabaseChromeOS>(
+ std::move(system_slot) /* public_slot */,
+ crypto::ScopedPK11Slot() /* private_slot */);
+ database->SetSystemSlot(std::move(system_slot_copy));
+ system_token_cert_database_ = std::move(database);
+
+ CertLoader::Get()->SetSystemNSSDB(system_token_cert_database_.get());
+ }
+
+ // Global NSSCertDatabase which sees the system token.
+ std::unique_ptr<net::NSSCertDatabase> system_token_cert_database_;
+
+ base::WeakPtrFactory<SystemTokenCertDBInitializer> weak_ptr_factory_;
+};
+
} // namespace internal
// ChromeBrowserMainPartsChromeos ----------------------------------------------
@@ -470,6 +539,12 @@ void ChromeBrowserMainPartsChromeos::PreMainMessageLoopRun() {
content::BrowserThread::GetTaskRunnerForThread(
content::BrowserThread::IO));
+ // Initialize NSS database for system token.
+ TPMTokenLoader::Get()->EnsureStarted();
+ system_token_certdb_initializer_ =
+ base::MakeUnique<internal::SystemTokenCertDBInitializer>();
+ system_token_certdb_initializer_->Initialize();
+
CrasAudioHandler::Initialize(
new AudioDevicesPrefHandlerImpl(g_browser_process->local_state()));
@@ -999,6 +1074,10 @@ void ChromeBrowserMainPartsChromeos::PostDestroyThreads() {
// Destroy DBus services immediately after threads are stopped.
dbus_services_.reset();
+ // Reset SystemTokenCertDBInitializer after DBus services because it should
+ // outlive CertLoader.
+ system_token_certdb_initializer_.reset();
+
ChromeBrowserMainPartsLinux::PostDestroyThreads();
// Destroy DeviceSettingsService after g_browser_process.

Powered by Google App Engine
This is Rietveld 408576698