OLD | NEW |
(Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/net/cert_database_service_factory.h" |
| 6 |
| 7 #include "base/memory/singleton.h" |
| 8 #include "chrome/browser/profiles/incognito_helpers.h" |
| 9 #include "chrome/browser/profiles/profile.h" |
| 10 #include "components/cert_database/public/cert_database_service.h" |
| 11 #include "components/keyed_service/content/browser_context_dependency_manager.h" |
| 12 #include "content/public/browser/browser_thread.h" |
| 13 |
| 14 #if defined(OS_CHROMEOS) |
| 15 #include "chrome/browser/browser_process.h" |
| 16 #include "chrome/browser/browser_process_platform_part.h" |
| 17 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
| 18 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 19 #include "chromeos/cert_loader.h" |
| 20 #include "chromeos/tpm_token_loader.h" |
| 21 #include "components/cert_database/public/chromeos/cert_database_service_io_part
_chromeos.h" |
| 22 #include "components/user_manager/user.h" |
| 23 #include "components/user_manager/user_manager.h" |
| 24 #else |
| 25 #include "components/cert_database/public/linux/cert_database_service_io_part_li
nux.h" |
| 26 #endif |
| 27 |
| 28 namespace { |
| 29 |
| 30 #if defined(OS_CHROMEOS) |
| 31 void OnSystemTPMTokenReady( |
| 32 const base::WeakPtr<CertDatabaseServiceIOPartChromeOS>& io_part, |
| 33 bool system_tpm_token_enabled) { |
| 34 content::BrowserThread::PostTask( |
| 35 content::BrowserThread::IO, |
| 36 FROM_HERE, |
| 37 base::Bind(&CertDatabaseServiceIOPartChromeOS::OnSystemTPMTokenReady, |
| 38 io_part, |
| 39 system_tpm_token_enabled)); |
| 40 } |
| 41 #endif |
| 42 |
| 43 } // namespace |
| 44 |
| 45 // static |
| 46 CertDatabaseService* CertDatabaseServiceFactory::GetForBrowserContext( |
| 47 content::BrowserContext* context) { |
| 48 return static_cast<CertDatabaseService*>( |
| 49 GetInstance()->GetServiceForBrowserContext(context, true)); |
| 50 } |
| 51 |
| 52 // static |
| 53 CertDatabaseServiceFactory* CertDatabaseServiceFactory::GetInstance() { |
| 54 return Singleton<CertDatabaseServiceFactory>::get(); |
| 55 } |
| 56 |
| 57 CertDatabaseServiceFactory::CertDatabaseServiceFactory() |
| 58 : BrowserContextKeyedServiceFactory( |
| 59 "CertDatabaseService", |
| 60 BrowserContextDependencyManager::GetInstance()) { |
| 61 } |
| 62 |
| 63 CertDatabaseServiceFactory::~CertDatabaseServiceFactory() { |
| 64 } |
| 65 |
| 66 content::BrowserContext* CertDatabaseServiceFactory::GetBrowserContextToUse( |
| 67 content::BrowserContext* context) const { |
| 68 // return chrome::GetBrowserContextOwnInstanceInIncognito(context); |
| 69 return chrome::GetBrowserContextRedirectedInIncognito(context); |
| 70 } |
| 71 |
| 72 bool CertDatabaseServiceFactory::ServiceIsCreatedWithBrowserContext() const { |
| 73 return true; |
| 74 } |
| 75 |
| 76 KeyedService* CertDatabaseServiceFactory::BuildServiceInstanceFor( |
| 77 content::BrowserContext* context) const { |
| 78 #if defined(OS_CHROMEOS) |
| 79 Profile* profile = static_cast<Profile*>(context); |
| 80 |
| 81 // No cert database for the sign-in profile. |
| 82 if (chromeos::ProfileHelper::IsSigninProfile(profile)) |
| 83 return NULL; |
| 84 |
| 85 user_manager::User* user = |
| 86 chromeos::ProfileHelper::Get()->GetUserByProfile(profile); |
| 87 |
| 88 // Use the device-wide system key slot only if the user is of the same |
| 89 // domain as the device is registered to. |
| 90 policy::BrowserPolicyConnectorChromeOS* connector = |
| 91 g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
| 92 bool use_system_key_slot = connector->GetUserAffiliation(user->email()) == |
| 93 policy::USER_AFFILIATION_MANAGED; |
| 94 VLOG(1) << "Use system key slot " << use_system_key_slot; |
| 95 |
| 96 scoped_ptr<CertDatabaseServiceIOPartChromeOS> io_part( |
| 97 new CertDatabaseServiceIOPartChromeOS( |
| 98 user->email(), |
| 99 user->username_hash(), |
| 100 use_system_key_slot, |
| 101 profile->GetPath(), |
| 102 content::BrowserThread::GetMessageLoopProxyForThread( |
| 103 content::BrowserThread::UI) // Thread for DBus calls |
| 104 )); |
| 105 #else |
| 106 scoped_ptr<CertDatabaseServiceIOPart> io_part( |
| 107 new CertDatabaseServiceIOPartLinux()); |
| 108 #endif |
| 109 |
| 110 scoped_ptr<CertDatabaseService> service(new CertDatabaseService( |
| 111 content::BrowserThread::GetMessageLoopProxyForThread( |
| 112 content::BrowserThread::IO))); |
| 113 service->SetIOPart(io_part.PassAs<CertDatabaseServiceIOPart>()); |
| 114 |
| 115 #if defined(OS_CHROMEOS) |
| 116 chromeos::TPMTokenLoader::TPMTokenStatus tpm_token_status = |
| 117 chromeos::TPMTokenLoader::Get()->IsTPMTokenEnabled( |
| 118 base::Bind(&OnSystemTPMTokenReady, service->GetIOPart())); |
| 119 if (tpm_token_status != |
| 120 chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED) { |
| 121 OnSystemTPMTokenReady( |
| 122 service->GetIOPart(), |
| 123 tpm_token_status == chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_ENABLED); |
| 124 } |
| 125 |
| 126 if (chromeos::CertLoader::IsInitialized()) { |
| 127 user_manager::UserManager* user_manager = user_manager::UserManager::Get(); |
| 128 bool is_primary_user = |
| 129 user_manager && user == user_manager->GetPrimaryUser(); |
| 130 if (is_primary_user) { |
| 131 service->GetNSSCertDatabase( |
| 132 base::Bind(&chromeos::CertLoader::StartWithNSSDB, |
| 133 base::Unretained(chromeos::CertLoader::Get()))); |
| 134 } |
| 135 } |
| 136 #endif |
| 137 |
| 138 return service.release(); |
| 139 } |
OLD | NEW |