OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h" | 5 #include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "crypto/nss_util_internal.h" | 8 #include "components/cert_database/public/cert_database_service_io_part.h" |
| 9 #include "net/cert/nss_cert_database.h" |
9 #include "net/cert/x509_certificate.h" | 10 #include "net/cert/x509_certificate.h" |
10 | 11 |
11 namespace chromeos { | 12 namespace chromeos { |
12 | 13 |
13 ClientCertFilterChromeOS::ClientCertFilterChromeOS( | 14 ClientCertFilterChromeOS::ClientCertFilterChromeOS( |
14 bool use_system_slot, | 15 const base::WeakPtr<cert_database::CertDatabaseServiceIOPart>& cert_db_io) |
15 const std::string& username_hash) | 16 : init_called_(false), cert_db_io_(cert_db_io), weak_ptr_factory_(this) { |
16 : init_called_(false), | |
17 use_system_slot_(use_system_slot), | |
18 username_hash_(username_hash), | |
19 weak_ptr_factory_(this) { | |
20 } | 17 } |
21 | 18 |
22 ClientCertFilterChromeOS::~ClientCertFilterChromeOS() { | 19 ClientCertFilterChromeOS::~ClientCertFilterChromeOS() { |
23 } | 20 } |
24 | 21 |
25 bool ClientCertFilterChromeOS::Init(const base::Closure& callback) { | 22 bool ClientCertFilterChromeOS::Init(const base::Closure& callback) { |
26 DCHECK(!init_called_); | 23 DCHECK(!init_called_); |
27 init_called_ = true; | 24 init_called_ = true; |
28 | 25 |
29 init_callback_ = callback; | 26 init_callback_ = callback; |
30 if (use_system_slot_) { | 27 |
31 system_slot_ = crypto::GetSystemNSSKeySlot( | 28 if (!cert_db_io_) { |
32 base::Bind(&ClientCertFilterChromeOS::GotSystemSlot, | 29 LOG(WARNING) << "Certificate database already shutdown."; |
33 weak_ptr_factory_.GetWeakPtr())).Pass(); | 30 // Do not call back if we initialized synchronously. |
| 31 return true; |
34 } | 32 } |
35 private_slot_ = | |
36 crypto::GetPrivateSlotForChromeOSUser( | |
37 username_hash_, base::Bind(&ClientCertFilterChromeOS::GotPrivateSlot, | |
38 weak_ptr_factory_.GetWeakPtr())).Pass(); | |
39 | 33 |
40 // Do not call back if we initialized synchronously. | 34 net::NSSCertDatabase* cert_db = cert_db_io_->GetNSSCertDatabase( |
41 return InitIfSlotsAvailable(); | 35 base::Bind(&ClientCertFilterChromeOS::GotNSSCertDatabase, |
| 36 weak_ptr_factory_.GetWeakPtr())); |
| 37 if (cert_db) { |
| 38 InitNSSProfileFilter(cert_db); |
| 39 // Do not call back if we initialized synchronously. |
| 40 return true; |
| 41 } |
| 42 |
| 43 return false; |
42 } | 44 } |
43 | 45 |
44 bool ClientCertFilterChromeOS::IsCertAllowed( | 46 bool ClientCertFilterChromeOS::IsCertAllowed( |
45 const scoped_refptr<net::X509Certificate>& cert) const { | 47 const scoped_refptr<net::X509Certificate>& cert) const { |
46 return nss_profile_filter_.IsCertAllowed(cert->os_cert_handle()); | 48 return nss_profile_filter_.IsCertAllowed(cert->os_cert_handle()); |
47 } | 49 } |
48 | 50 |
49 void ClientCertFilterChromeOS::GotSystemSlot( | 51 void ClientCertFilterChromeOS::GotNSSCertDatabase( |
50 crypto::ScopedPK11Slot system_slot) { | 52 net::NSSCertDatabase* nss_cert_db) { |
51 system_slot_ = system_slot.Pass(); | 53 InitNSSProfileFilter(nss_cert_db); |
52 if (InitIfSlotsAvailable() && !init_callback_.is_null()) | 54 if (!init_callback_.is_null()) |
53 init_callback_.Run(); | 55 init_callback_.Run(); |
54 } | 56 } |
55 | 57 |
56 void ClientCertFilterChromeOS::GotPrivateSlot( | 58 void ClientCertFilterChromeOS::InitNSSProfileFilter( |
57 crypto::ScopedPK11Slot private_slot) { | 59 net::NSSCertDatabase* nss_cert_db) { |
58 private_slot_ = private_slot.Pass(); | 60 if (!nss_cert_db) { |
59 if (InitIfSlotsAvailable() && !init_callback_.is_null()) | 61 LOG(WARNING) << "No NSSCertDatabase available."; |
60 init_callback_.Run(); | 62 return; |
61 } | 63 } |
62 | 64 nss_profile_filter_.Init(nss_cert_db->GetPublicSlot(), |
63 bool ClientCertFilterChromeOS::InitIfSlotsAvailable() { | 65 nss_cert_db->GetPrivateSlot(), |
64 if ((use_system_slot_ && !system_slot_) || !private_slot_) | 66 nss_cert_db->GetSystemSlot()); |
65 return false; | |
66 nss_profile_filter_.Init(crypto::GetPublicSlotForChromeOSUser(username_hash_), | |
67 private_slot_.Pass(), | |
68 system_slot_.Pass()); | |
69 return true; | |
70 } | 67 } |
71 | 68 |
72 } // namespace chromeos | 69 } // namespace chromeos |
OLD | NEW |