OLD | NEW |
(Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/net/cert_database_service_factory.h" |
| 6 |
| 7 #include "base/memory/scoped_ptr.h" |
| 8 #include "chrome/browser/browser_process.h" |
| 9 #include "chrome/browser/browser_process_platform_part.h" |
| 10 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
| 11 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 12 #include "chrome/browser/profiles/profile.h" |
| 13 #include "chromeos/cert_loader.h" |
| 14 #include "chromeos/dbus/dbus_thread_manager.h" |
| 15 #include "chromeos/tpm_token_loader.h" |
| 16 #include "components/cert_database/public/cert_database_service.h" |
| 17 #include "components/cert_database/public/chromeos/cert_database_service_io_part
_chromeos.h" |
| 18 #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
| 19 #include "components/user_manager/user.h" |
| 20 #include "components/user_manager/user_manager.h" |
| 21 #include "content/public/browser/browser_thread.h" |
| 22 |
| 23 namespace cert_database { |
| 24 |
| 25 namespace { |
| 26 |
| 27 void RunReadyCallbackOnIOThread( |
| 28 const CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback& |
| 29 callback, |
| 30 bool system_tpm_token_enabled) { |
| 31 content::BrowserThread::PostTask( |
| 32 content::BrowserThread::IO, |
| 33 FROM_HERE, |
| 34 base::Bind(callback, system_tpm_token_enabled)); |
| 35 } |
| 36 |
| 37 } // namespace |
| 38 |
| 39 KeyedService* CertDatabaseServiceFactory::BuildServiceInstanceFor( |
| 40 content::BrowserContext* context) const { |
| 41 Profile* profile = Profile::FromBrowserContext(context); |
| 42 |
| 43 // No cert database for the sign-in profile. |
| 44 if (chromeos::ProfileHelper::IsSigninProfile(profile)) |
| 45 return NULL; |
| 46 |
| 47 user_manager::User* user = |
| 48 chromeos::ProfileHelper::Get()->GetUserByProfile(profile); |
| 49 |
| 50 // Use the device-wide system key slot only if the user is of the same |
| 51 // domain as the device is registered to. We do this as the system key slot |
| 52 // allows affecting other users and this should not be the default for |
| 53 // unaffiliated regular users and guest sessions for privacy reasons and also |
| 54 // because the corporate credentials should probably not be useable by |
| 55 // unrelated users. |
| 56 policy::BrowserPolicyConnectorChromeOS* connector = |
| 57 g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
| 58 bool use_system_key_slot = connector->GetUserAffiliation(user->email()) == |
| 59 policy::USER_AFFILIATION_MANAGED; |
| 60 VLOG(1) << "Use system key slot " << use_system_key_slot; |
| 61 |
| 62 scoped_ptr<CertDatabaseServiceIOPartChromeOS> io_part( |
| 63 new CertDatabaseServiceIOPartChromeOS( |
| 64 user->email(), |
| 65 user->username_hash(), |
| 66 use_system_key_slot, |
| 67 profile->GetPath(), |
| 68 content::BrowserThread::GetMessageLoopProxyForThread( |
| 69 content::BrowserThread::UI), // Thread for DBus calls |
| 70 chromeos::DBusThreadManager::Get()->GetCryptohomeClient())); |
| 71 |
| 72 // This callback must be called on IO. |
| 73 CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback |
| 74 callback_on_io = io_part->GetSystemTPMTokenReadyCallback(); |
| 75 |
| 76 // Wrap it to be callable from the UI thread. |
| 77 base::Callback<void(bool enabled)> callback_on_ui = |
| 78 base::Bind(&RunReadyCallbackOnIOThread, callback_on_io); |
| 79 |
| 80 scoped_ptr<CertDatabaseService> service(new CertDatabaseService( |
| 81 content::BrowserThread::GetMessageLoopProxyForThread( |
| 82 content::BrowserThread::IO))); |
| 83 |
| 84 // After this point, the IOPart must only be accessed from the IO thread! |
| 85 service->SetIOPart(io_part.Pass()); |
| 86 |
| 87 chromeos::TPMTokenLoader::TPMTokenStatus tpm_token_status = |
| 88 chromeos::TPMTokenLoader::Get()->IsTPMTokenEnabled(callback_on_ui); |
| 89 if (tpm_token_status != |
| 90 chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED) { |
| 91 callback_on_ui.Run(tpm_token_status == |
| 92 chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_ENABLED); |
| 93 } |
| 94 |
| 95 // TODO(pneubeck): Integrate CertLoader into the CertDatabaseService so that |
| 96 // it can be used per user and not only for the primary user. |
| 97 user_manager::UserManager* user_manager = user_manager::UserManager::Get(); |
| 98 bool is_primary_user = user_manager && user == user_manager->GetPrimaryUser(); |
| 99 if (is_primary_user) { |
| 100 service->GetNSSCertDatabase( |
| 101 base::Bind(&chromeos::CertLoader::StartWithNSSDB, |
| 102 base::Unretained(chromeos::CertLoader::Get()))); |
| 103 } |
| 104 |
| 105 return service.release(); |
| 106 } |
| 107 |
| 108 } // namespace cert_database |
OLD | NEW |