OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/nss_util.h" | 5 #include "crypto/nss_util.h" |
6 #include "crypto/nss_util_internal.h" | 6 #include "crypto/nss_util_internal.h" |
7 | 7 |
8 #include <nss.h> | 8 #include <nss.h> |
9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
10 #include <plarena.h> | 10 #include <plarena.h> |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
74 scoped_ptr<char[]> error_text(new char[PR_GetErrorTextLength() + 1]); | 74 scoped_ptr<char[]> error_text(new char[PR_GetErrorTextLength() + 1]); |
75 PRInt32 copied = PR_GetErrorText(error_text.get()); | 75 PRInt32 copied = PR_GetErrorText(error_text.get()); |
76 result = std::string(error_text.get(), copied); | 76 result = std::string(error_text.get(), copied); |
77 } else { | 77 } else { |
78 result = base::StringPrintf("NSS error code: %d", PR_GetError()); | 78 result = base::StringPrintf("NSS error code: %d", PR_GetError()); |
79 } | 79 } |
80 return result; | 80 return result; |
81 } | 81 } |
82 | 82 |
83 #if defined(USE_NSS) | 83 #if defined(USE_NSS) |
84 #if !defined(OS_CHROMEOS) | |
84 base::FilePath GetDefaultConfigDirectory() { | 85 base::FilePath GetDefaultConfigDirectory() { |
85 base::FilePath dir; | 86 base::FilePath dir; |
86 PathService::Get(base::DIR_HOME, &dir); | 87 PathService::Get(base::DIR_HOME, &dir); |
87 if (dir.empty()) { | 88 if (dir.empty()) { |
88 LOG(ERROR) << "Failed to get home directory."; | 89 LOG(ERROR) << "Failed to get home directory."; |
89 return dir; | 90 return dir; |
90 } | 91 } |
91 dir = dir.AppendASCII(".pki").AppendASCII("nssdb"); | 92 dir = dir.AppendASCII(".pki").AppendASCII("nssdb"); |
92 if (!base::CreateDirectory(dir)) { | 93 if (!base::CreateDirectory(dir)) { |
93 LOG(ERROR) << "Failed to create " << dir.value() << " directory."; | 94 LOG(ERROR) << "Failed to create " << dir.value() << " directory."; |
94 dir.clear(); | 95 dir.clear(); |
95 } | 96 } |
96 DVLOG(2) << "DefaultConfigDirectory: " << dir.value(); | 97 DVLOG(2) << "DefaultConfigDirectory: " << dir.value(); |
97 return dir; | 98 return dir; |
98 } | 99 } |
100 #endif // !defined(IS_CHROMEOS) | |
99 | 101 |
100 // On non-Chrome OS platforms, return the default config directory. On Chrome OS | 102 // On non-Chrome OS platforms, return the default config directory. On Chrome OS |
101 // test images, return a read-only directory with fake root CA certs (which are | 103 // test images, return a read-only directory with fake root CA certs (which are |
102 // used by the local Google Accounts server mock we use when testing our login | 104 // used by the local Google Accounts server mock we use when testing our login |
103 // code). On Chrome OS non-test images (where the read-only directory doesn't | 105 // code). On Chrome OS non-test images (where the read-only directory doesn't |
104 // exist), return an empty path. | 106 // exist), return an empty path. |
105 base::FilePath GetInitialConfigDirectory() { | 107 base::FilePath GetInitialConfigDirectory() { |
106 #if defined(OS_CHROMEOS) | 108 #if defined(OS_CHROMEOS) |
107 base::FilePath database_dir = base::FilePath(kReadOnlyCertDB); | 109 base::FilePath database_dir = base::FilePath(kReadOnlyCertDB); |
108 if (!base::PathExists(database_dir)) | 110 if (!base::PathExists(database_dir)) |
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
209 base::debug::Alias(&nss_error); | 211 base::debug::Alias(&nss_error); |
210 base::debug::Alias(&os_error); | 212 base::debug::Alias(&os_error); |
211 LOG(ERROR) << "Error initializing NSS without a persistent database: " | 213 LOG(ERROR) << "Error initializing NSS without a persistent database: " |
212 << GetNSSErrorMessage(); | 214 << GetNSSErrorMessage(); |
213 LOG(FATAL) << "nss_error=" << nss_error << ", os_error=" << os_error; | 215 LOG(FATAL) << "nss_error=" << nss_error << ", os_error=" << os_error; |
214 } | 216 } |
215 | 217 |
216 #if defined(OS_CHROMEOS) | 218 #if defined(OS_CHROMEOS) |
217 class ChromeOSUserData { | 219 class ChromeOSUserData { |
218 public: | 220 public: |
219 ChromeOSUserData(ScopedPK11Slot public_slot, bool is_primary_user) | 221 ChromeOSUserData(ScopedPK11Slot public_slot) |
220 : public_slot_(public_slot.Pass()), | 222 : public_slot_(public_slot.Pass()) {} |
221 is_primary_user_(is_primary_user) {} | |
222 ~ChromeOSUserData() { | 223 ~ChromeOSUserData() { |
223 if (public_slot_ && !is_primary_user_) { | 224 if (public_slot_) { |
224 SECStatus status = SECMOD_CloseUserDB(public_slot_.get()); | 225 SECStatus status = SECMOD_CloseUserDB(public_slot_.get()); |
225 if (status != SECSuccess) | 226 if (status != SECSuccess) |
226 PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError(); | 227 PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError(); |
227 } | 228 } |
228 } | 229 } |
229 | 230 |
230 ScopedPK11Slot GetPublicSlot() { | 231 ScopedPK11Slot GetPublicSlot() { |
231 return ScopedPK11Slot( | 232 return ScopedPK11Slot( |
232 public_slot_ ? PK11_ReferenceSlot(public_slot_.get()) : NULL); | 233 public_slot_ ? PK11_ReferenceSlot(public_slot_.get()) : NULL); |
233 } | 234 } |
(...skipping 16 matching lines...) Expand all Loading... | |
250 for (SlotReadyCallbackList::iterator i = callback_list.begin(); | 251 for (SlotReadyCallbackList::iterator i = callback_list.begin(); |
251 i != callback_list.end(); | 252 i != callback_list.end(); |
252 ++i) { | 253 ++i) { |
253 (*i).Run(ScopedPK11Slot(PK11_ReferenceSlot(private_slot_.get()))); | 254 (*i).Run(ScopedPK11Slot(PK11_ReferenceSlot(private_slot_.get()))); |
254 } | 255 } |
255 } | 256 } |
256 | 257 |
257 private: | 258 private: |
258 ScopedPK11Slot public_slot_; | 259 ScopedPK11Slot public_slot_; |
259 ScopedPK11Slot private_slot_; | 260 ScopedPK11Slot private_slot_; |
260 bool is_primary_user_; | |
261 | 261 |
262 typedef std::vector<base::Callback<void(ScopedPK11Slot)> > | 262 typedef std::vector<base::Callback<void(ScopedPK11Slot)> > |
263 SlotReadyCallbackList; | 263 SlotReadyCallbackList; |
264 SlotReadyCallbackList tpm_ready_callback_list_; | 264 SlotReadyCallbackList tpm_ready_callback_list_; |
265 }; | 265 }; |
266 #endif // defined(OS_CHROMEOS) | 266 #endif // defined(OS_CHROMEOS) |
267 | 267 |
268 class NSSInitSingleton { | 268 class NSSInitSingleton { |
269 public: | 269 public: |
270 #if defined(OS_CHROMEOS) | 270 #if defined(OS_CHROMEOS) |
271 // Used with PostTaskAndReply to pass handles to worker thread and back. | 271 // Used with PostTaskAndReply to pass handles to worker thread and back. |
272 struct TPMModuleAndSlot { | 272 struct TPMModuleAndSlot { |
273 explicit TPMModuleAndSlot(SECMODModule* init_chaps_module) | 273 explicit TPMModuleAndSlot(SECMODModule* init_chaps_module) |
274 : chaps_module(init_chaps_module), tpm_slot(NULL) {} | 274 : chaps_module(init_chaps_module), tpm_slot(NULL) {} |
275 SECMODModule* chaps_module; | 275 SECMODModule* chaps_module; |
276 PK11SlotInfo* tpm_slot; | 276 PK11SlotInfo* tpm_slot; |
277 }; | 277 }; |
278 | 278 |
279 void OpenPersistentNSSDB() { | |
280 DCHECK(thread_checker_.CalledOnValidThread()); | |
281 | |
282 if (!chromeos_user_logged_in_) { | |
283 // GetDefaultConfigDirectory causes us to do blocking IO on UI thread. | |
284 // Temporarily allow it until we fix http://crbug.com/70119 | |
285 base::ThreadRestrictions::ScopedAllowIO allow_io; | |
286 chromeos_user_logged_in_ = true; | |
287 | |
288 // This creates another DB slot in NSS that is read/write, unlike | |
289 // the fake root CA cert DB and the "default" crypto key | |
290 // provider, which are still read-only (because we initialized | |
291 // NSS before we had a cryptohome mounted). | |
292 software_slot_ = OpenUserDB(GetDefaultConfigDirectory(), | |
293 kNSSDatabaseName); | |
294 } | |
295 } | |
296 | |
297 PK11SlotInfo* OpenPersistentNSSDBForPath(const base::FilePath& path) { | 279 PK11SlotInfo* OpenPersistentNSSDBForPath(const base::FilePath& path) { |
298 DCHECK(thread_checker_.CalledOnValidThread()); | 280 DCHECK(thread_checker_.CalledOnValidThread()); |
299 // NSS is allowed to do IO on the current thread since dispatching | 281 // NSS is allowed to do IO on the current thread since dispatching |
300 // to a dedicated thread would still have the affect of blocking | 282 // to a dedicated thread would still have the affect of blocking |
301 // the current thread, due to NSS's internal locking requirements | 283 // the current thread, due to NSS's internal locking requirements |
302 base::ThreadRestrictions::ScopedAllowIO allow_io; | 284 base::ThreadRestrictions::ScopedAllowIO allow_io; |
303 | 285 |
304 base::FilePath nssdb_path = path.AppendASCII(".pki").AppendASCII("nssdb"); | 286 base::FilePath nssdb_path = path.AppendASCII(".pki").AppendASCII("nssdb"); |
305 if (!base::CreateDirectory(nssdb_path)) { | 287 if (!base::CreateDirectory(nssdb_path)) { |
306 LOG(ERROR) << "Failed to create " << nssdb_path.value() << " directory."; | 288 LOG(ERROR) << "Failed to create " << nssdb_path.value() << " directory."; |
(...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
452 | 434 |
453 PK11SlotInfo* slot = SECMOD_LookupSlot(chaps_module->moduleID, slot_id); | 435 PK11SlotInfo* slot = SECMOD_LookupSlot(chaps_module->moduleID, slot_id); |
454 if (!slot) | 436 if (!slot) |
455 LOG(ERROR) << "TPM slot " << slot_id << " not found."; | 437 LOG(ERROR) << "TPM slot " << slot_id << " not found."; |
456 return slot; | 438 return slot; |
457 } | 439 } |
458 | 440 |
459 bool InitializeNSSForChromeOSUser( | 441 bool InitializeNSSForChromeOSUser( |
460 const std::string& email, | 442 const std::string& email, |
461 const std::string& username_hash, | 443 const std::string& username_hash, |
462 bool is_primary_user, | |
463 const base::FilePath& path) { | 444 const base::FilePath& path) { |
464 DCHECK(thread_checker_.CalledOnValidThread()); | 445 DCHECK(thread_checker_.CalledOnValidThread()); |
465 if (chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()) { | 446 if (chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()) { |
466 // This user already exists in our mapping. | 447 // This user already exists in our mapping. |
467 DVLOG(2) << username_hash << " already initialized."; | 448 DVLOG(2) << username_hash << " already initialized."; |
468 return false; | 449 return false; |
469 } | 450 } |
470 ScopedPK11Slot public_slot; | 451 ScopedPK11Slot public_slot; |
471 if (is_primary_user) { | 452 if (test_slot_) { |
472 DVLOG(2) << "Primary user, using GetPublicNSSKeySlot()"; | 453 DVLOG(2) << "Using the test slot for the user's software slot."; |
tbarzic
2014/06/12 01:41:37
so, the main functional change here is that the pu
pneubeck (no reviews)
2014/06/12 15:14:54
In all types of modes/sessions the username_hash s
tbarzic
2014/06/12 18:38:12
For users other than guest and public account, it
tbarzic
2014/06/12 18:41:49
btw. we used to open user db for guest users, but
| |
473 public_slot.reset(GetPublicNSSKeySlot()); | 454 public_slot.reset(PK11_ReferenceSlot(test_slot_)); |
474 } else { | 455 } else { |
475 DVLOG(2) << "Opening NSS DB " << path.value(); | 456 DVLOG(2) << "Opening NSS DB " << path.value(); |
476 public_slot.reset(OpenPersistentNSSDBForPath(path)); | 457 public_slot.reset(OpenPersistentNSSDBForPath(path)); |
477 } | 458 } |
478 chromeos_user_map_[username_hash] = | 459 chromeos_user_map_[username_hash] = |
479 new ChromeOSUserData(public_slot.Pass(), is_primary_user); | 460 new ChromeOSUserData(public_slot.Pass()); |
480 return true; | 461 return true; |
481 } | 462 } |
482 | 463 |
483 void InitializeTPMForChromeOSUser(const std::string& username_hash, | 464 void InitializeTPMForChromeOSUser(const std::string& username_hash, |
484 CK_SLOT_ID slot_id) { | 465 CK_SLOT_ID slot_id) { |
485 DCHECK(thread_checker_.CalledOnValidThread()); | 466 DCHECK(thread_checker_.CalledOnValidThread()); |
486 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); | 467 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); |
487 | 468 |
488 if (!chaps_module_) | 469 if (!chaps_module_) |
489 return; | 470 return; |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
603 if (!test_slot_) | 584 if (!test_slot_) |
604 return; | 585 return; |
605 SECStatus status = SECMOD_CloseUserDB(test_slot_); | 586 SECStatus status = SECMOD_CloseUserDB(test_slot_); |
606 if (status != SECSuccess) | 587 if (status != SECSuccess) |
607 PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError(); | 588 PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError(); |
608 PK11_FreeSlot(test_slot_); | 589 PK11_FreeSlot(test_slot_); |
609 test_slot_ = NULL; | 590 test_slot_ = NULL; |
610 ignore_result(g_test_nss_db_dir.Get().Delete()); | 591 ignore_result(g_test_nss_db_dir.Get().Delete()); |
611 } | 592 } |
612 | 593 |
613 PK11SlotInfo* GetPublicNSSKeySlot() { | 594 PK11SlotInfo* GetPublicNSSKeySlot() { |
tbarzic
2014/06/12 01:41:37
afaik, on ChromeOS, this is only referenced from d
pneubeck (no reviews)
2014/06/12 15:14:54
So, this is.... surprising...
The 'default' NSSCer
tbarzic
2014/06/12 18:38:12
yeah, I'd started looking at removing this method
Ryan Sleevi
2014/06/12 18:44:04
Sorry, I haven't looked at the ChromeOS side, but
pneubeck (no reviews)
2014/06/12 18:48:29
I think that discussion will sidetrack from the ma
| |
614 // TODO(mattm): Change to DCHECK when callers have been fixed. | 595 // TODO(mattm): Change to DCHECK when callers have been fixed. |
615 if (!thread_checker_.CalledOnValidThread()) { | 596 if (!thread_checker_.CalledOnValidThread()) { |
616 DVLOG(1) << "Called on wrong thread.\n" | 597 DVLOG(1) << "Called on wrong thread.\n" |
617 << base::debug::StackTrace().ToString(); | 598 << base::debug::StackTrace().ToString(); |
618 } | 599 } |
619 | 600 |
620 if (test_slot_) | 601 if (test_slot_) |
621 return PK11_ReferenceSlot(test_slot_); | 602 return PK11_ReferenceSlot(test_slot_); |
622 if (software_slot_) | |
623 return PK11_ReferenceSlot(software_slot_); | |
624 return PK11_GetInternalKeySlot(); | 603 return PK11_GetInternalKeySlot(); |
625 } | 604 } |
626 | 605 |
627 PK11SlotInfo* GetPrivateNSSKeySlot() { | 606 PK11SlotInfo* GetPrivateNSSKeySlot() { |
628 // TODO(mattm): Change to DCHECK when callers have been fixed. | 607 // TODO(mattm): Change to DCHECK when callers have been fixed. |
629 if (!thread_checker_.CalledOnValidThread()) { | 608 if (!thread_checker_.CalledOnValidThread()) { |
630 DVLOG(1) << "Called on wrong thread.\n" | 609 DVLOG(1) << "Called on wrong thread.\n" |
631 << base::debug::StackTrace().ToString(); | 610 << base::debug::StackTrace().ToString(); |
632 } | 611 } |
633 | 612 |
634 if (test_slot_) | 613 if (test_slot_) |
635 return PK11_ReferenceSlot(test_slot_); | 614 return PK11_ReferenceSlot(test_slot_); |
636 | 615 |
637 #if defined(OS_CHROMEOS) | 616 #if defined(OS_CHROMEOS) |
638 if (tpm_token_enabled_for_nss_) { | 617 if (tpm_token_enabled_for_nss_) { |
639 if (IsTPMTokenReady(base::Closure())) { | 618 if (IsTPMTokenReady(base::Closure())) { |
640 return PK11_ReferenceSlot(tpm_slot_); | 619 return PK11_ReferenceSlot(tpm_slot_); |
641 } else { | 620 } else { |
642 // If we were supposed to get the hardware token, but were | 621 // If we were supposed to get the hardware token, but were |
643 // unable to, return NULL rather than fall back to sofware. | 622 // unable to, return NULL rather than fall back to sofware. |
644 return NULL; | 623 return NULL; |
645 } | 624 } |
646 } | 625 } |
647 #endif | 626 #endif |
648 // If we weren't supposed to enable the TPM for NSS, then return | |
649 // the software slot. | |
650 if (software_slot_) | |
651 return PK11_ReferenceSlot(software_slot_); | |
652 return PK11_GetInternalKeySlot(); | 627 return PK11_GetInternalKeySlot(); |
653 } | 628 } |
654 | 629 |
655 #if defined(USE_NSS) | 630 #if defined(USE_NSS) |
656 base::Lock* write_lock() { | 631 base::Lock* write_lock() { |
657 return &write_lock_; | 632 return &write_lock_; |
658 } | 633 } |
659 #endif // defined(USE_NSS) | 634 #endif // defined(USE_NSS) |
660 | 635 |
661 // This method is used to force NSS to be initialized without a DB. | 636 // This method is used to force NSS to be initialized without a DB. |
662 // Call this method before NSSInitSingleton() is constructed. | 637 // Call this method before NSSInitSingleton() is constructed. |
663 static void ForceNoDBInit() { | 638 static void ForceNoDBInit() { |
664 force_nodb_init_ = true; | 639 force_nodb_init_ = true; |
665 } | 640 } |
666 | 641 |
667 private: | 642 private: |
668 friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>; | 643 friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>; |
669 | 644 |
670 NSSInitSingleton() | 645 NSSInitSingleton() |
671 : tpm_token_enabled_for_nss_(false), | 646 : tpm_token_enabled_for_nss_(false), |
672 initializing_tpm_token_(false), | 647 initializing_tpm_token_(false), |
673 chaps_module_(NULL), | 648 chaps_module_(NULL), |
674 software_slot_(NULL), | |
675 test_slot_(NULL), | 649 test_slot_(NULL), |
676 tpm_slot_(NULL), | 650 tpm_slot_(NULL), |
677 root_(NULL), | 651 root_(NULL) { |
678 chromeos_user_logged_in_(false) { | |
679 base::TimeTicks start_time = base::TimeTicks::Now(); | 652 base::TimeTicks start_time = base::TimeTicks::Now(); |
680 | 653 |
681 // It's safe to construct on any thread, since LazyInstance will prevent any | 654 // It's safe to construct on any thread, since LazyInstance will prevent any |
682 // other threads from accessing until the constructor is done. | 655 // other threads from accessing until the constructor is done. |
683 thread_checker_.DetachFromThread(); | 656 thread_checker_.DetachFromThread(); |
684 | 657 |
685 DisableAESNIIfNeeded(); | 658 DisableAESNIIfNeeded(); |
686 | 659 |
687 EnsureNSPRInit(); | 660 EnsureNSPRInit(); |
688 | 661 |
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
788 // prevent non-joinable threads from using NSS after it's already been shut | 761 // prevent non-joinable threads from using NSS after it's already been shut |
789 // down. | 762 // down. |
790 ~NSSInitSingleton() { | 763 ~NSSInitSingleton() { |
791 #if defined(OS_CHROMEOS) | 764 #if defined(OS_CHROMEOS) |
792 STLDeleteValues(&chromeos_user_map_); | 765 STLDeleteValues(&chromeos_user_map_); |
793 #endif | 766 #endif |
794 if (tpm_slot_) { | 767 if (tpm_slot_) { |
795 PK11_FreeSlot(tpm_slot_); | 768 PK11_FreeSlot(tpm_slot_); |
796 tpm_slot_ = NULL; | 769 tpm_slot_ = NULL; |
797 } | 770 } |
798 if (software_slot_) { | |
799 SECMOD_CloseUserDB(software_slot_); | |
800 PK11_FreeSlot(software_slot_); | |
801 software_slot_ = NULL; | |
802 } | |
803 CloseTestNSSDB(); | 771 CloseTestNSSDB(); |
804 if (root_) { | 772 if (root_) { |
805 SECMOD_UnloadUserModule(root_); | 773 SECMOD_UnloadUserModule(root_); |
806 SECMOD_DestroyModule(root_); | 774 SECMOD_DestroyModule(root_); |
807 root_ = NULL; | 775 root_ = NULL; |
808 } | 776 } |
809 if (chaps_module_) { | 777 if (chaps_module_) { |
810 SECMOD_UnloadUserModule(chaps_module_); | 778 SECMOD_UnloadUserModule(chaps_module_); |
811 SECMOD_DestroyModule(chaps_module_); | 779 SECMOD_DestroyModule(chaps_module_); |
812 chaps_module_ = NULL; | 780 chaps_module_ = NULL; |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
895 } | 863 } |
896 | 864 |
897 // If this is set to true NSS is forced to be initialized without a DB. | 865 // If this is set to true NSS is forced to be initialized without a DB. |
898 static bool force_nodb_init_; | 866 static bool force_nodb_init_; |
899 | 867 |
900 bool tpm_token_enabled_for_nss_; | 868 bool tpm_token_enabled_for_nss_; |
901 bool initializing_tpm_token_; | 869 bool initializing_tpm_token_; |
902 typedef std::vector<base::Closure> TPMReadyCallbackList; | 870 typedef std::vector<base::Closure> TPMReadyCallbackList; |
903 TPMReadyCallbackList tpm_ready_callback_list_; | 871 TPMReadyCallbackList tpm_ready_callback_list_; |
904 SECMODModule* chaps_module_; | 872 SECMODModule* chaps_module_; |
905 PK11SlotInfo* software_slot_; | |
906 PK11SlotInfo* test_slot_; | 873 PK11SlotInfo* test_slot_; |
907 PK11SlotInfo* tpm_slot_; | 874 PK11SlotInfo* tpm_slot_; |
908 SECMODModule* root_; | 875 SECMODModule* root_; |
909 bool chromeos_user_logged_in_; | |
910 #if defined(OS_CHROMEOS) | 876 #if defined(OS_CHROMEOS) |
911 typedef std::map<std::string, ChromeOSUserData*> ChromeOSUserMap; | 877 typedef std::map<std::string, ChromeOSUserData*> ChromeOSUserMap; |
912 ChromeOSUserMap chromeos_user_map_; | 878 ChromeOSUserMap chromeos_user_map_; |
913 #endif | 879 #endif |
914 #if defined(USE_NSS) | 880 #if defined(USE_NSS) |
915 // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 | 881 // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 |
916 // is fixed, we will no longer need the lock. | 882 // is fixed, we will no longer need the lock. |
917 base::Lock write_lock_; | 883 base::Lock write_lock_; |
918 #endif // defined(USE_NSS) | 884 #endif // defined(USE_NSS) |
919 | 885 |
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1063 SECMOD_GetReadLock(lock_); | 1029 SECMOD_GetReadLock(lock_); |
1064 } | 1030 } |
1065 | 1031 |
1066 AutoSECMODListReadLock::~AutoSECMODListReadLock() { | 1032 AutoSECMODListReadLock::~AutoSECMODListReadLock() { |
1067 SECMOD_ReleaseReadLock(lock_); | 1033 SECMOD_ReleaseReadLock(lock_); |
1068 } | 1034 } |
1069 | 1035 |
1070 #endif // defined(USE_NSS) | 1036 #endif // defined(USE_NSS) |
1071 | 1037 |
1072 #if defined(OS_CHROMEOS) | 1038 #if defined(OS_CHROMEOS) |
1073 void OpenPersistentNSSDB() { | |
1074 g_nss_singleton.Get().OpenPersistentNSSDB(); | |
1075 } | |
1076 | |
1077 void EnableTPMTokenForNSS() { | 1039 void EnableTPMTokenForNSS() { |
1078 g_nss_singleton.Get().EnableTPMTokenForNSS(); | 1040 g_nss_singleton.Get().EnableTPMTokenForNSS(); |
1079 } | 1041 } |
1080 | 1042 |
1081 bool IsTPMTokenEnabledForNSS() { | 1043 bool IsTPMTokenEnabledForNSS() { |
1082 return g_nss_singleton.Get().IsTPMTokenEnabledForNSS(); | 1044 return g_nss_singleton.Get().IsTPMTokenEnabledForNSS(); |
1083 } | 1045 } |
1084 | 1046 |
1085 bool IsTPMTokenReady(const base::Closure& callback) { | 1047 bool IsTPMTokenReady(const base::Closure& callback) { |
1086 return g_nss_singleton.Get().IsTPMTokenReady(callback); | 1048 return g_nss_singleton.Get().IsTPMTokenReady(callback); |
1087 } | 1049 } |
1088 | 1050 |
1089 void InitializeTPMToken(int token_slot_id, | 1051 void InitializeTPMToken(int token_slot_id, |
1090 const base::Callback<void(bool)>& callback) { | 1052 const base::Callback<void(bool)>& callback) { |
1091 g_nss_singleton.Get().InitializeTPMToken(token_slot_id, callback); | 1053 g_nss_singleton.Get().InitializeTPMToken(token_slot_id, callback); |
1092 } | 1054 } |
1093 | 1055 |
1094 ScopedTestNSSChromeOSUser::ScopedTestNSSChromeOSUser( | 1056 ScopedTestNSSChromeOSUser::ScopedTestNSSChromeOSUser( |
1095 const std::string& username_hash) | 1057 const std::string& username_hash) |
1096 : username_hash_(username_hash), constructed_successfully_(false) { | 1058 : username_hash_(username_hash), constructed_successfully_(false) { |
1097 if (!temp_dir_.CreateUniqueTempDir()) | 1059 if (!temp_dir_.CreateUniqueTempDir()) |
1098 return; | 1060 return; |
1099 constructed_successfully_ = | 1061 constructed_successfully_ = |
1100 InitializeNSSForChromeOSUser(username_hash, | 1062 InitializeNSSForChromeOSUser(username_hash, |
1101 username_hash, | 1063 username_hash, |
1102 false /* is_primary_user */, | |
1103 temp_dir_.path()); | 1064 temp_dir_.path()); |
1104 } | 1065 } |
1105 | 1066 |
1106 ScopedTestNSSChromeOSUser::~ScopedTestNSSChromeOSUser() { | 1067 ScopedTestNSSChromeOSUser::~ScopedTestNSSChromeOSUser() { |
1107 if (constructed_successfully_) | 1068 if (constructed_successfully_) |
1108 g_nss_singleton.Get().CloseTestChromeOSUser(username_hash_); | 1069 g_nss_singleton.Get().CloseTestChromeOSUser(username_hash_); |
1109 } | 1070 } |
1110 | 1071 |
1111 void ScopedTestNSSChromeOSUser::FinishInit() { | 1072 void ScopedTestNSSChromeOSUser::FinishInit() { |
1112 InitializePrivateSoftwareSlotForChromeOSUser(username_hash_); | 1073 InitializePrivateSoftwareSlotForChromeOSUser(username_hash_); |
1113 } | 1074 } |
1114 | 1075 |
1115 bool InitializeNSSForChromeOSUser( | 1076 bool InitializeNSSForChromeOSUser( |
1116 const std::string& email, | 1077 const std::string& email, |
1117 const std::string& username_hash, | 1078 const std::string& username_hash, |
1118 bool is_primary_user, | |
1119 const base::FilePath& path) { | 1079 const base::FilePath& path) { |
1120 return g_nss_singleton.Get().InitializeNSSForChromeOSUser( | 1080 return g_nss_singleton.Get().InitializeNSSForChromeOSUser( |
1121 email, username_hash, is_primary_user, path); | 1081 email, username_hash, path); |
1122 } | 1082 } |
1123 void InitializeTPMForChromeOSUser( | 1083 void InitializeTPMForChromeOSUser( |
1124 const std::string& username_hash, | 1084 const std::string& username_hash, |
1125 CK_SLOT_ID slot_id) { | 1085 CK_SLOT_ID slot_id) { |
1126 g_nss_singleton.Get().InitializeTPMForChromeOSUser(username_hash, slot_id); | 1086 g_nss_singleton.Get().InitializeTPMForChromeOSUser(username_hash, slot_id); |
1127 } | 1087 } |
1128 void InitializePrivateSoftwareSlotForChromeOSUser( | 1088 void InitializePrivateSoftwareSlotForChromeOSUser( |
1129 const std::string& username_hash) { | 1089 const std::string& username_hash) { |
1130 g_nss_singleton.Get().InitializePrivateSoftwareSlotForChromeOSUser( | 1090 g_nss_singleton.Get().InitializePrivateSoftwareSlotForChromeOSUser( |
1131 username_hash); | 1091 username_hash); |
(...skipping 20 matching lines...) Expand all Loading... | |
1152 | 1112 |
1153 PK11SlotInfo* GetPublicNSSKeySlot() { | 1113 PK11SlotInfo* GetPublicNSSKeySlot() { |
1154 return g_nss_singleton.Get().GetPublicNSSKeySlot(); | 1114 return g_nss_singleton.Get().GetPublicNSSKeySlot(); |
1155 } | 1115 } |
1156 | 1116 |
1157 PK11SlotInfo* GetPrivateNSSKeySlot() { | 1117 PK11SlotInfo* GetPrivateNSSKeySlot() { |
1158 return g_nss_singleton.Get().GetPrivateNSSKeySlot(); | 1118 return g_nss_singleton.Get().GetPrivateNSSKeySlot(); |
1159 } | 1119 } |
1160 | 1120 |
1161 } // namespace crypto | 1121 } // namespace crypto |
OLD | NEW |