chrome/browser/net/cert_database_service_factory_chromeos.cc - Issue 419013003: Replace c/b/nss_context by a KeyedService.

Side by Side Diff: chrome/browser/net/cert_database_service_factory_chromeos.cc

Issue 419013003: Replace c/b/nss_context by a KeyedService. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Separated out ClientCertStoreChromeOS change. Created 6 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« chrome/browser/net/cert_database_service_factory.cc ('K') | « chrome/browser/net/cert_database_service_factory.cc ('k') | chrome/browser/net/cert_database_service_factory_linux.cc » ('j') | chrome/browser/ssl/ssl_browser_tests.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2014 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/browser/net/cert_database_service_factory.h"

	6

	7 #include "base/memory/scoped_ptr.h"

	8 #include "chrome/browser/browser_process.h"

	9 #include "chrome/browser/browser_process_platform_part.h"

	10 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"

	11 #include "chrome/browser/chromeos/profiles/profile_helper.h"

	12 #include "chrome/browser/profiles/profile.h"

	13 #include "chromeos/cert_loader.h"

	14 #include "chromeos/dbus/dbus_thread_manager.h"

	15 #include "chromeos/tpm_token_loader.h"

	16 #include "components/cert_database/public/cert_database_service.h"

	17 #include "components/cert_database/public/chromeos/cert_database_service_io_part _chromeos.h"

	18 #include "components/policy/core/common/cloud/cloud_policy_constants.h"

	19 #include "components/user_manager/user.h"

	20 #include "components/user_manager/user_manager.h"

	21 #include "content/public/browser/browser_thread.h"

	22

	23 namespace cert_database {

	24

	25 namespace {

	26

	27 void RunReadyCallbackOnIOThread(

	28 const CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback&

	29 callback,

	30 bool system_tpm_token_enabled) {

	31 content::BrowserThread::PostTask(

	32 content::BrowserThread::IO,

	33 FROM_HERE,

	34 base::Bind(callback, system_tpm_token_enabled));

	35 }

	36

	37 } // namespace

	38

	39 KeyedService* CertDatabaseServiceFactory::BuildServiceInstanceFor(

	40 content::BrowserContext* context) const {

	41 Profile* profile = Profile::FromBrowserContext(context);

	42

	43 // No cert database for the sign-in profile.

	44 if (chromeos::ProfileHelper::IsSigninProfile(profile))

	45 return NULL;

	46

	47 user_manager::User* user =

	48 chromeos::ProfileHelper::Get()->GetUserByProfile(profile);

	49

	50 // Use the device-wide system key slot only if the user is of the same

	51 // domain as the device is registered to. We do this as the system key slot

	52 // allows affecting other users and this should not be the default for

	53 // unaffiliated regular users and guest sessions for privacy reasons and also

	54 // because the corporate credentials should probably not be useable by

	55 // unrelated users.

	56 policy::BrowserPolicyConnectorChromeOS* connector =

	57 g_browser_process->platform_part()->browser_policy_connector_chromeos();

	58 bool use_system_key_slot = connector->GetUserAffiliation(user->email()) ==

	59 policy::USER_AFFILIATION_MANAGED;

	60 VLOG(1) << "Use system key slot " << use_system_key_slot;

	61

	62 scoped_ptr<CertDatabaseServiceIOPartChromeOS> io_part(

	63 new CertDatabaseServiceIOPartChromeOS(

	64 user->email(),

	65 user->username_hash(),

	66 use_system_key_slot,

	67 profile->GetPath(),

	68 content::BrowserThread::GetMessageLoopProxyForThread(

	69 content::BrowserThread::UI), // Thread for DBus calls

	70 chromeos::DBusThreadManager::Get()->GetCryptohomeClient()));

	71

	72 // This callback must be called on IO.

	73 CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback

	74 callback_on_io = io_part->GetSystemTPMTokenReadyCallback();

	75

	76 // Wrap it to be callable from the UI thread.

	77 base::Callback<void(bool enabled)> callback_on_ui =

	78 base::Bind(&RunReadyCallbackOnIOThread, callback_on_io);

	79

	80 scoped_ptr<CertDatabaseService> service(new CertDatabaseService(

	81 content::BrowserThread::GetMessageLoopProxyForThread(

	82 content::BrowserThread::IO)));

	83

	84 // After this point, the IOPart must only be accessed from the IO thread!

	85 service->SetIOPart(io_part.Pass());

	86

	87 chromeos::TPMTokenLoader::TPMTokenStatus tpm_token_status =

	88 chromeos::TPMTokenLoader::Get()->IsTPMTokenEnabled(callback_on_ui);

	89 if (tpm_token_status !=

	90 chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED) {

	91 callback_on_ui.Run(tpm_token_status ==

	92 chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_ENABLED);

	93 }

	94

	95 // TODO(pneubeck): Integrate CertLoader into the CertDatabaseService so that

	96 // it can be used per user and not only for the primary user.

	97 user_manager::UserManager* user_manager = user_manager::UserManager::Get();

	98 bool is_primary_user = user_manager && user == user_manager->GetPrimaryUser();

	99 if (is_primary_user) {

	100 service->GetNSSCertDatabase(

	101 base::Bind(&chromeos::CertLoader::StartWithNSSDB,

	102 base::Unretained(chromeos::CertLoader::Get())));

	103 }

	104

	105 return service.release();

	106 }

	107

	108 } // namespace cert_database

OLD	NEW