chrome/browser/chromeos/login/auth/parallel_authenticator.cc - Issue 317613004: Remove usage of singleton software_slot_ in nss on ChromeOS

Side by Side Diff: chrome/browser/chromeos/login/auth/parallel_authenticator.cc

Issue 317613004: Remove usage of singleton software_slot_ in nss on ChromeOS (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: . Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« no previous file with comments | « no previous file | chrome/browser/chromeos/login/auth/parallel_authenticator_unittest.cc » ('j') | chrome/browser/chromeos/login/auth/parallel_authenticator_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/chromeos/login/auth/parallel_authenticator.h"	5 #include "chrome/browser/chromeos/login/auth/parallel_authenticator.h"

6	6

7 #include "base/bind.h"	7 #include "base/bind.h"

8 #include "base/command_line.h"	8 #include "base/command_line.h"

9 #include "base/files/file_path.h"	9 #include "base/files/file_path.h"

10 #include "base/logging.h"	10 #include "base/logging.h"

(...skipping 490 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
501 user_can_login_ = true;	501 user_can_login_ = true;

502 owner_is_verified_ = true;	502 owner_is_verified_ = true;

503 return true;	503 return true;

504 }	504 }

505	505

506 const std::string& user_id = current_state_->user_context.GetUserID();	506 const std::string& user_id = current_state_->user_context.GetUserID();

507 OwnerSettingsServiceFactory::GetInstance()->SetUsername(user_id);	507 OwnerSettingsServiceFactory::GetInstance()->SetUsername(user_id);

508	508

509 // This should trigger certificate loading, which is needed in order to	509 // This should trigger certificate loading, which is needed in order to

510 // correctly determine if the current user is the owner.	510 // correctly determine if the current user is the owner.

511 if (LoginState::IsInitialized()) {	511 if (LoginState::IsInitialized()) {
	pneubeck (no reviews) 2014/07/01 14:37:17 When you added this, you wrote that SafeMode depen When you added this, you wrote that SafeMode depends on the CertLoader: https://chromiumcodereview.appspot.com/23684033 Even in the old version of CertLoader when it included the TPM initialization, why is this dependency? SafeMode only requires the private key from the software token and neither certs nor the TPM being initialized, IIUC. The purpose of the certificate loading in CertLoader is also solely to have a list of certs available for the UI thread. If the dependency is required, how was the old code supposed to be synchronized with the cert loading? the loading is asynchronous and I don't see any waiting for events. tbarzic 2014/07/01 16:33:07 It depended on CertLoader because CertLoader was a Show quoted text On 2014/07/01 14:37:17, pneubeck wrote: > When you added this, you wrote that SafeMode depends on the CertLoader: > https://chromiumcodereview.appspot.com/23684033 > > Even in the old version of CertLoader when it included the TPM initialization, > why is this dependency? SafeMode only requires the private key from the software > token and neither certs nor the TPM being initialized, IIUC. The purpose of the > certificate loading in CertLoader is also solely to have a list of certs > available for the UI thread. > > If the dependency is required, how was the old code supposed to be synchronized > with the cert loading? the loading is asynchronous and I don't see any waiting > for events. It depended on CertLoader because CertLoader was actually where software token used to be loaded (OpenPersistentNSSDB in TPMTokenLoader used to be part of CertLoader class). Though, I admit that that cl description could have been more precise. pneubeck (no reviews) 2014/07/09 16:08:11 Since you're removing OpenPersistentNSSDB from TPM Show quoted text On 2014/07/01 16:33:07, tbarzic wrote: > On 2014/07/01 14:37:17, pneubeck wrote: > > When you added this, you wrote that SafeMode depends on the CertLoader: > > https://chromiumcodereview.appspot.com/23684033 > > > > Even in the old version of CertLoader when it included the TPM initialization, > > why is this dependency? SafeMode only requires the private key from the > software > > token and neither certs nor the TPM being initialized, IIUC. The purpose of > the > > certificate loading in CertLoader is also solely to have a list of certs > > available for the UI thread. > > > > If the dependency is required, how was the old code supposed to be > synchronized > > with the cert loading? the loading is asynchronous and I don't see any waiting > > for events. > > It depended on CertLoader because CertLoader was actually where software token > used to be loaded (OpenPersistentNSSDB in TPMTokenLoader used to be part of > CertLoader class). Though, I admit that that cl description could have been more > precise. Since you're removing OpenPersistentNSSDB from TPMTokenLoader and instead initializing the NSSDB in IsOwnerForSafeModeAsync, isn't this comment incorrect now? tbarzic 2014/07/09 20:45:33 Changed the comment, though, it may make sense to Show quoted text On 2014/07/09 16:08:11, pneubeck wrote: > On 2014/07/01 16:33:07, tbarzic wrote: > > On 2014/07/01 14:37:17, pneubeck wrote: > > > When you added this, you wrote that SafeMode depends on the CertLoader: > > > https://chromiumcodereview.appspot.com/23684033 > > > > > > Even in the old version of CertLoader when it included the TPM > initialization, > > > why is this dependency? SafeMode only requires the private key from the > > software > > > token and neither certs nor the TPM being initialized, IIUC. The purpose of > > the > > > certificate loading in CertLoader is also solely to have a list of certs > > > available for the UI thread. > > > > > > If the dependency is required, how was the old code supposed to be > > synchronized > > > with the cert loading? the loading is asynchronous and I don't see any > waiting > > > for events. > > > > It depended on CertLoader because CertLoader was actually where software token > > used to be loaded (OpenPersistentNSSDB in TPMTokenLoader used to be part of > > CertLoader class). Though, I admit that that cl description could have been > more > > precise. > > Since you're removing OpenPersistentNSSDB from TPMTokenLoader and instead > initializing the NSSDB in IsOwnerForSafeModeAsync, > isn't this comment incorrect now? Changed the comment, though, it may make sense to remove this logged in state after this lands.
512 LoginState::Get()->SetLoggedInState(LoginState::LOGGED_IN_SAFE_MODE,	512 LoginState::Get()->SetLoggedInState(LoginState::LOGGED_IN_SAFE_MODE,

513 LoginState::LOGGED_IN_USER_NONE);	513 LoginState::LOGGED_IN_USER_NONE);

514 }	514 }

515	515

516 OwnerSettingsService::IsPrivateKeyExistAsync(	516 OwnerSettingsService::IsOwnerForSafeModeAsync(

	517 user_id,

	518 current_state_->user_context.GetUserIDHash(),

517 base::Bind(&ParallelAuthenticator::OnOwnershipChecked, this));	519 base::Bind(&ParallelAuthenticator::OnOwnershipChecked, this));

518 return false;	520 return false;

519 }	521 }

520	522

521 void ParallelAuthenticator::OnOwnershipChecked(bool is_owner) {	523 void ParallelAuthenticator::OnOwnershipChecked(bool is_owner) {

522 // Now we can check if this user is the owner.	524 // Now we can check if this user is the owner.

523 user_can_login_ = is_owner;	525 user_can_login_ = is_owner;

524 owner_is_verified_ = true;	526 owner_is_verified_ = true;

525 Resolve();	527 Resolve();

526 }	528 }

(...skipping 286 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
813 Resolve();	815 Resolve();

814 }	816 }

815	817

816 void ParallelAuthenticator::SetOwnerState(bool owner_check_finished,	818 void ParallelAuthenticator::SetOwnerState(bool owner_check_finished,

817 bool check_result) {	819 bool check_result) {

818 owner_is_verified_ = owner_check_finished;	820 owner_is_verified_ = owner_check_finished;

819 user_can_login_ = check_result;	821 user_can_login_ = check_result;

820 }	822 }

821	823

822 } // namespace chromeos	824 } // namespace chromeos

OLD	NEW