OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/net/cert_database_service_factory.h" | |
6 | |
7 #include "base/memory/scoped_ptr.h" | |
8 #include "base/memory/singleton.h" | |
9 #include "chrome/browser/profiles/incognito_helpers.h" | |
10 #include "components/cert_database/public/cert_database_service.h" | |
11 #include "components/keyed_service/content/browser_context_dependency_manager.h" | |
12 #include "content/public/browser/browser_thread.h" | |
13 | |
14 #if defined(OS_CHROMEOS) | |
15 #include "chrome/browser/browser_process.h" | |
16 #include "chrome/browser/browser_process_platform_part.h" | |
17 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" | |
18 #include "chrome/browser/chromeos/profiles/profile_helper.h" | |
19 #include "chrome/browser/profiles/profile.h" | |
20 #include "chromeos/cert_loader.h" | |
21 #include "chromeos/dbus/dbus_thread_manager.h" | |
22 #include "chromeos/tpm_token_loader.h" | |
23 #include "components/cert_database/public/chromeos/cert_database_service_io_part _chromeos.h" | |
24 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | |
25 #include "components/user_manager/user.h" | |
26 #include "components/user_manager/user_manager.h" | |
27 #else | |
28 #include "components/cert_database/public/linux/cert_database_service_io_part_li nux.h" | |
29 #endif | |
30 | |
31 namespace cert_database { | |
mattm
2014/10/18 00:45:15
Is it normal to use the same namespace in chrome/
pneubeck (no reviews)
2014/10/21 09:22:09
Not sure, I find examples for both, even for the s
| |
32 | |
33 namespace { | |
34 | |
35 #if defined(OS_CHROMEOS) | |
36 void WrapReadyCallbackForUI( | |
mattm
2014/10/18 00:45:16
Maybe "RunReadyCallbackOnIOThread" ?
pneubeck (no reviews)
2014/10/21 09:22:09
Done.
| |
37 const CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback& | |
38 callback, | |
39 bool system_tpm_token_enabled) { | |
40 content::BrowserThread::PostTask( | |
41 content::BrowserThread::IO, | |
42 FROM_HERE, | |
43 base::Bind(callback, system_tpm_token_enabled)); | |
44 } | |
45 #endif | |
46 | |
47 } // namespace | |
48 | |
49 // static | |
50 CertDatabaseService* CertDatabaseServiceFactory::GetForBrowserContext( | |
51 content::BrowserContext* context) { | |
52 return static_cast<CertDatabaseService*>( | |
53 GetInstance()->GetServiceForBrowserContext(context, true)); | |
54 } | |
55 | |
56 // static | |
57 CertDatabaseServiceFactory* CertDatabaseServiceFactory::GetInstance() { | |
58 return Singleton<CertDatabaseServiceFactory>::get(); | |
59 } | |
60 | |
61 CertDatabaseServiceFactory::CertDatabaseServiceFactory() | |
62 : BrowserContextKeyedServiceFactory( | |
63 "CertDatabaseService", | |
64 BrowserContextDependencyManager::GetInstance()) { | |
65 } | |
66 | |
67 CertDatabaseServiceFactory::~CertDatabaseServiceFactory() { | |
68 } | |
69 | |
70 content::BrowserContext* CertDatabaseServiceFactory::GetBrowserContextToUse( | |
71 content::BrowserContext* context) const { | |
72 // TODO(pneubeck): Once CertLoader is not a separate singleton anymore, we can | |
73 // create the CertDatabaseService on demand. | |
mattm
2014/10/18 00:45:16
Is this comment in the right place?
pneubeck (no reviews)
2014/10/21 09:22:09
Done.
| |
74 return chrome::GetBrowserContextRedirectedInIncognito(context); | |
75 } | |
76 | |
77 bool CertDatabaseServiceFactory::ServiceIsCreatedWithBrowserContext() const { | |
78 return true; | |
79 } | |
80 | |
81 KeyedService* CertDatabaseServiceFactory::BuildServiceInstanceFor( | |
82 content::BrowserContext* context) const { | |
83 #if defined(OS_CHROMEOS) | |
mattm
2014/10/18 00:45:16
Can this be changed to use platform specific files
| |
84 Profile* profile = static_cast<Profile*>(context); | |
mattm
2014/10/18 00:45:15
Profile::FromBrowserContext(context)
pneubeck (no reviews)
2014/10/21 09:22:09
Done.
| |
85 | |
86 // No cert database for the sign-in profile. | |
87 if (chromeos::ProfileHelper::IsSigninProfile(profile)) | |
88 return NULL; | |
89 | |
90 user_manager::User* user = | |
91 chromeos::ProfileHelper::Get()->GetUserByProfile(profile); | |
92 | |
93 // Use the device-wide system key slot only if the user is of the same | |
94 // domain as the device is registered to. | |
95 policy::BrowserPolicyConnectorChromeOS* connector = | |
96 g_browser_process->platform_part()->browser_policy_connector_chromeos(); | |
97 bool use_system_key_slot = connector->GetUserAffiliation(user->email()) == | |
98 policy::USER_AFFILIATION_MANAGED; | |
99 VLOG(1) << "Use system key slot " << use_system_key_slot; | |
100 | |
101 scoped_ptr<CertDatabaseServiceIOPartChromeOS> io_part( | |
102 new CertDatabaseServiceIOPartChromeOS( | |
103 user->email(), | |
104 user->username_hash(), | |
105 use_system_key_slot, | |
106 profile->GetPath(), | |
107 content::BrowserThread::GetMessageLoopProxyForThread( | |
108 content::BrowserThread::UI), // Thread for DBus calls | |
109 chromeos::DBusThreadManager::Get()->GetCryptohomeClient())); | |
110 | |
111 // This callback must be called on IO. | |
112 CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback | |
113 callback_on_io = io_part->GetSystemTPMTokenReadyCallback(); | |
114 | |
115 // Wrap it to be callable from the UI thread. | |
116 base::Callback<void(bool enabled)> callback_on_ui = | |
117 base::Bind(&WrapReadyCallbackForUI, callback_on_io); | |
118 #else | |
119 scoped_ptr<CertDatabaseServiceIOPart> io_part( | |
120 new CertDatabaseServiceIOPartLinux()); | |
121 #endif | |
122 | |
123 scoped_ptr<CertDatabaseService> service(new CertDatabaseService( | |
124 content::BrowserThread::GetMessageLoopProxyForThread( | |
125 content::BrowserThread::IO))); | |
126 | |
127 // After this point, the IOPart must only be accessed from the IO thread! | |
128 service->SetIOPart(io_part.PassAs<CertDatabaseServiceIOPart>()); | |
mattm
2014/10/18 00:45:16
I think you can use Pass instead of PassAs now
pneubeck (no reviews)
2014/10/21 09:22:09
Awesome! Thanks for pointing that out.
| |
129 | |
130 #if defined(OS_CHROMEOS) | |
131 chromeos::TPMTokenLoader::TPMTokenStatus tpm_token_status = | |
132 chromeos::TPMTokenLoader::Get()->IsTPMTokenEnabled(callback_on_ui); | |
133 if (tpm_token_status != | |
134 chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED) { | |
135 callback_on_ui.Run(tpm_token_status == | |
136 chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_ENABLED); | |
137 } | |
138 | |
139 // TODO(pneubeck): Integrate CertLoader into the CertDatabaseService so that | |
140 // it can be used per user and not only for the primary user. | |
141 user_manager::UserManager* user_manager = user_manager::UserManager::Get(); | |
142 bool is_primary_user = user_manager && user == user_manager->GetPrimaryUser(); | |
143 if (is_primary_user) { | |
144 service->GetNSSCertDatabase( | |
145 base::Bind(&chromeos::CertLoader::StartWithNSSDB, | |
146 base::Unretained(chromeos::CertLoader::Get()))); | |
147 } | |
148 #endif | |
149 | |
150 return service.release(); | |
151 } | |
152 | |
153 } // namespace cert_database | |
OLD | NEW |