OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/net/cert_database_service_factory.h" | |
6 | |
7 #include "base/memory/scoped_ptr.h" | |
8 #include "chrome/browser/browser_process.h" | |
9 #include "chrome/browser/browser_process_platform_part.h" | |
10 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" | |
11 #include "chrome/browser/chromeos/profiles/profile_helper.h" | |
12 #include "chrome/browser/profiles/profile.h" | |
13 #include "chromeos/cert_loader.h" | |
14 #include "chromeos/dbus/dbus_thread_manager.h" | |
15 #include "chromeos/tpm_token_loader.h" | |
16 #include "components/cert_database/public/cert_database_service.h" | |
17 #include "components/cert_database/public/chromeos/cert_database_service_io_part _chromeos.h" | |
18 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | |
19 #include "components/user_manager/user.h" | |
20 #include "components/user_manager/user_manager.h" | |
21 #include "content/public/browser/browser_thread.h" | |
22 | |
23 namespace cert_database { | |
24 | |
25 namespace { | |
26 | |
27 void RunReadyCallbackOnIOThread( | |
28 const CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback& | |
29 callback, | |
30 bool system_tpm_token_enabled) { | |
31 content::BrowserThread::PostTask( | |
32 content::BrowserThread::IO, | |
33 FROM_HERE, | |
34 base::Bind(callback, system_tpm_token_enabled)); | |
35 } | |
36 | |
37 } // namespace | |
38 | |
39 KeyedService* CertDatabaseServiceFactory::BuildServiceInstanceFor( | |
40 content::BrowserContext* context) const { | |
41 Profile* profile = Profile::FromBrowserContext(context); | |
42 | |
43 // No cert database for the sign-in profile. | |
44 if (chromeos::ProfileHelper::IsSigninProfile(profile)) | |
45 return NULL; | |
46 | |
47 user_manager::User* user = | |
48 chromeos::ProfileHelper::Get()->GetUserByProfile(profile); | |
49 | |
50 // Use the device-wide system key slot only if the user is of the same | |
51 // domain as the device is registered to. | |
tbarzic
2014/10/22 20:38:19
why do we allow system key slot only in this case
pneubeck (no reviews)
2014/10/24 12:51:37
clarified the comment, so that other readers do no
| |
52 policy::BrowserPolicyConnectorChromeOS* connector = | |
53 g_browser_process->platform_part()->browser_policy_connector_chromeos(); | |
54 bool use_system_key_slot = connector->GetUserAffiliation(user->email()) == | |
55 policy::USER_AFFILIATION_MANAGED; | |
56 VLOG(1) << "Use system key slot " << use_system_key_slot; | |
57 | |
58 scoped_ptr<CertDatabaseServiceIOPartChromeOS> io_part( | |
59 new CertDatabaseServiceIOPartChromeOS( | |
60 user->email(), | |
61 user->username_hash(), | |
62 use_system_key_slot, | |
63 profile->GetPath(), | |
64 content::BrowserThread::GetMessageLoopProxyForThread( | |
65 content::BrowserThread::UI), // Thread for DBus calls | |
66 chromeos::DBusThreadManager::Get()->GetCryptohomeClient())); | |
67 | |
68 // This callback must be called on IO. | |
69 CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback | |
70 callback_on_io = io_part->GetSystemTPMTokenReadyCallback(); | |
71 | |
72 // Wrap it to be callable from the UI thread. | |
73 base::Callback<void(bool enabled)> callback_on_ui = | |
74 base::Bind(&RunReadyCallbackOnIOThread, callback_on_io); | |
75 | |
76 scoped_ptr<CertDatabaseService> service(new CertDatabaseService( | |
77 content::BrowserThread::GetMessageLoopProxyForThread( | |
78 content::BrowserThread::IO))); | |
79 | |
80 // After this point, the IOPart must only be accessed from the IO thread! | |
81 service->SetIOPart(io_part.Pass()); | |
82 | |
83 chromeos::TPMTokenLoader::TPMTokenStatus tpm_token_status = | |
84 chromeos::TPMTokenLoader::Get()->IsTPMTokenEnabled(callback_on_ui); | |
85 if (tpm_token_status != | |
86 chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED) { | |
87 callback_on_ui.Run(tpm_token_status == | |
88 chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_ENABLED); | |
89 } | |
90 | |
91 // TODO(pneubeck): Integrate CertLoader into the CertDatabaseService so that | |
92 // it can be used per user and not only for the primary user. | |
93 user_manager::UserManager* user_manager = user_manager::UserManager::Get(); | |
94 bool is_primary_user = user_manager && user == user_manager->GetPrimaryUser(); | |
95 if (is_primary_user) { | |
96 service->GetNSSCertDatabase( | |
97 base::Bind(&chromeos::CertLoader::StartWithNSSDB, | |
98 base::Unretained(chromeos::CertLoader::Get()))); | |
99 } | |
100 | |
101 return service.release(); | |
102 } | |
103 | |
104 } // namespace cert_database | |
OLD | NEW |