chrome/browser/net/cert_database_service_factory_chromeos.cc - Issue 419013003: Replace c/b/nss_context by a KeyedService.

Side by Side Diff: chrome/browser/net/cert_database_service_factory_chromeos.cc

Issue 419013003: Replace c/b/nss_context by a KeyedService. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Rebase, format. Created 6 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« no previous file with comments | « chrome/browser/net/cert_database_service_factory.cc ('k') | chrome/browser/net/cert_database_service_factory_linux.cc » ('j') | chrome/browser/ui/crypto_module_delegate_nss.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2014 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/browser/net/cert_database_service_factory.h"

	6

	7 #include "base/memory/scoped_ptr.h"

	8 #include "chrome/browser/browser_process.h"

	9 #include "chrome/browser/browser_process_platform_part.h"

	10 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"

	11 #include "chrome/browser/chromeos/profiles/profile_helper.h"

	12 #include "chrome/browser/profiles/profile.h"

	13 #include "chromeos/cert_loader.h"

	14 #include "chromeos/dbus/dbus_thread_manager.h"

	15 #include "chromeos/tpm_token_loader.h"

	16 #include "components/cert_database/public/cert_database_service.h"

	17 #include "components/cert_database/public/chromeos/cert_database_service_io_part _chromeos.h"

	18 #include "components/policy/core/common/cloud/cloud_policy_constants.h"

	19 #include "components/user_manager/user.h"

	20 #include "components/user_manager/user_manager.h"

	21 #include "content/public/browser/browser_thread.h"

	22

	23 namespace cert_database {

	24

	25 namespace {

	26

	27 void RunReadyCallbackOnIOThread(

	28 const CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback&

	29 callback,

	30 bool system_tpm_token_enabled) {

	31 content::BrowserThread::PostTask(

	32 content::BrowserThread::IO,

	33 FROM_HERE,

	34 base::Bind(callback, system_tpm_token_enabled));

	35 }

	36

	37 } // namespace

	38

	39 KeyedService* CertDatabaseServiceFactory::BuildServiceInstanceFor(

	40 content::BrowserContext* context) const {

	41 Profile* profile = Profile::FromBrowserContext(context);

	42

	43 // No cert database for the sign-in profile.

	44 if (chromeos::ProfileHelper::IsSigninProfile(profile))

	45 return NULL;

	46

	47 user_manager::User* user =

	48 chromeos::ProfileHelper::Get()->GetUserByProfile(profile);

	49

	50 // Use the device-wide system key slot only if the user is of the same

	51 // domain as the device is registered to.
	tbarzic 2014/10/22 20:38:19 why do we allow system key slot only in this case why do we allow system key slot only in this case (unrelated to this cl, I'm just curious) pneubeck (no reviews) 2014/10/24 12:51:37 clarified the comment, so that other readers do no Show quoted text On 2014/10/22 20:38:19, tbarzic wrote: > why do we allow system key slot only in this case (unrelated to this cl, I'm > just curious) clarified the comment, so that other readers do not have to wonder either.
	52 policy::BrowserPolicyConnectorChromeOS* connector =

	53 g_browser_process->platform_part()->browser_policy_connector_chromeos();

	54 bool use_system_key_slot = connector->GetUserAffiliation(user->email()) ==

	55 policy::USER_AFFILIATION_MANAGED;

	56 VLOG(1) << "Use system key slot " << use_system_key_slot;

	57

	58 scoped_ptr<CertDatabaseServiceIOPartChromeOS> io_part(

	59 new CertDatabaseServiceIOPartChromeOS(

	60 user->email(),

	61 user->username_hash(),

	62 use_system_key_slot,

	63 profile->GetPath(),

	64 content::BrowserThread::GetMessageLoopProxyForThread(

	65 content::BrowserThread::UI), // Thread for DBus calls

	66 chromeos::DBusThreadManager::Get()->GetCryptohomeClient()));

	67

	68 // This callback must be called on IO.

	69 CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback

	70 callback_on_io = io_part->GetSystemTPMTokenReadyCallback();

	71

	72 // Wrap it to be callable from the UI thread.

	73 base::Callback<void(bool enabled)> callback_on_ui =

	74 base::Bind(&RunReadyCallbackOnIOThread, callback_on_io);

	75

	76 scoped_ptr<CertDatabaseService> service(new CertDatabaseService(

	77 content::BrowserThread::GetMessageLoopProxyForThread(

	78 content::BrowserThread::IO)));

	79

	80 // After this point, the IOPart must only be accessed from the IO thread!

	81 service->SetIOPart(io_part.Pass());

	82

	83 chromeos::TPMTokenLoader::TPMTokenStatus tpm_token_status =

	84 chromeos::TPMTokenLoader::Get()->IsTPMTokenEnabled(callback_on_ui);

	85 if (tpm_token_status !=

	86 chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED) {

	87 callback_on_ui.Run(tpm_token_status ==

	88 chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_ENABLED);

	89 }

	90

	91 // TODO(pneubeck): Integrate CertLoader into the CertDatabaseService so that

	92 // it can be used per user and not only for the primary user.

	93 user_manager::UserManager* user_manager = user_manager::UserManager::Get();

	94 bool is_primary_user = user_manager && user == user_manager->GetPrimaryUser();

	95 if (is_primary_user) {

	96 service->GetNSSCertDatabase(

	97 base::Bind(&chromeos::CertLoader::StartWithNSSDB,

	98 base::Unretained(chromeos::CertLoader::Get())));

	99 }

	100

	101 return service.release();

	102 }

	103

	104 } // namespace cert_database

OLD	NEW