Index: components/cert_database/chromeos/cert_database_service_io_part_chromeos.cc |
diff --git a/components/cert_database/chromeos/cert_database_service_io_part_chromeos.cc b/components/cert_database/chromeos/cert_database_service_io_part_chromeos.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..8462f574a6935148a84e899b4ce00206acd77f6b |
--- /dev/null |
+++ b/components/cert_database/chromeos/cert_database_service_io_part_chromeos.cc |
@@ -0,0 +1,339 @@ |
+// Copyright 2014 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "components/cert_database/public/chromeos/cert_database_service_io_part_chromeos.h" |
+ |
+#include "base/bind.h" |
+#include "base/bind_helpers.h" |
+#include "base/callback.h" |
+#include "base/location.h" |
+#include "base/single_thread_task_runner.h" |
+#include "base/thread_task_runner_handle.h" |
+#include "chromeos/dbus/cryptohome_client.h" |
+#include "crypto/nss_util.h" |
+#include "crypto/nss_util_internal.h" |
+#include "net/cert/nss_cert_database_chromeos.h" |
+ |
+namespace cert_database { |
+ |
+namespace { |
+ |
+void DidGetTPMInfoOnUICallBackToIO( |
+ const chromeos::CryptohomeClient::Pkcs11GetTpmTokenInfoCallback& callback, |
+ scoped_refptr<base::SingleThreadTaskRunner> origin_thread, |
+ chromeos::DBusMethodCallStatus call_status, |
+ const std::string& label, |
+ const std::string& user_pin, |
+ int slot_id) { |
+ DVLOG(1) << "Got TPM info for slot " << slot_id; |
+ origin_thread->PostTask( |
+ FROM_HERE, base::Bind(callback, call_status, label, user_pin, slot_id)); |
+} |
+ |
+void GetTPMInfoForUserOnUIThread( |
+ const std::string& user_email, |
+ const chromeos::CryptohomeClient::Pkcs11GetTpmTokenInfoCallback& callback, |
+ scoped_refptr<base::SingleThreadTaskRunner> origin_thread, |
+ chromeos::CryptohomeClient* cryptohome_client) { |
+ DVLOG(1) << "Getting TPM info from cryptohome for " |
+ << " " << user_email; |
+ cryptohome_client->Pkcs11GetTpmTokenInfoForUser( |
+ user_email, |
+ base::Bind(&DidGetTPMInfoOnUICallBackToIO, callback, origin_thread)); |
+} |
+ |
+void GetTPMInfoForUserOnIOThread( |
+ const std::string& user_email, |
+ const chromeos::CryptohomeClient::Pkcs11GetTpmTokenInfoCallback& callback, |
+ scoped_refptr<base::SequencedTaskRunner> dbus_task_runner, |
+ chromeos::CryptohomeClient* cryptohome_client) { |
+ dbus_task_runner->PostTask(FROM_HERE, |
+ base::Bind(&GetTPMInfoForUserOnUIThread, |
+ user_email, |
+ callback, |
+ base::ThreadTaskRunnerHandle::Get(), |
+ cryptohome_client)); |
+} |
+ |
+} // namespace |
+ |
+class CertDatabaseServiceIOPartChromeOS::Internal { |
+ public: |
+ enum SystemTPMTokenStatus { |
+ SYSTEM_TPM_TOKEN_STATUS_UNDETERMINED, |
+ SYSTEM_TPM_TOKEN_STATUS_ENABLED, |
+ SYSTEM_TPM_TOKEN_STATUS_DISABLED |
+ }; |
+ |
+ enum State { |
+ TPM_TOKEN_STATE_UNKNOWN, |
+ TPM_TOKEN_ENABLED_AND_READY, |
+ INITIALIZED_NSS_FOR_USER, |
+ GOT_PRIVATE_SLOT_FOR_USER, |
+ WAITING_FOR_SYSTEM_TPM_TOKEN, |
+ SYSTEM_TPM_TOKEN_READY, |
+ GOT_SYSTEM_SLOT, |
+ CREATED_NSS_CERTDB |
+ }; |
+ |
+ explicit Internal( |
+ const std::string& user_email, |
+ const std::string& username_hash, |
+ bool use_system_key_slot, |
+ const base::FilePath& path, |
+ const scoped_refptr<base::SequencedTaskRunner>& dbus_task_runner, |
+ chromeos::CryptohomeClient* cryptohome_client, |
+ CertDatabaseServiceIOPartChromeOS* io_part) |
+ : user_email_(user_email), |
+ username_hash_(username_hash), |
+ use_system_key_slot_(use_system_key_slot), |
+ path_(path), |
+ dbus_task_runner_(dbus_task_runner), |
+ state_(TPM_TOKEN_STATE_UNKNOWN), |
+ system_tpm_token_status_(SYSTEM_TPM_TOKEN_STATUS_UNDETERMINED), |
+ cryptohome_client_(cryptohome_client), |
+ io_part_(io_part), |
+ weak_ptr_factory_(this) { |
+ CHECK(dbus_task_runner_.get()); |
+ CHECK(cryptohome_client_); |
+ CHECK(io_part_); |
+ } |
+ |
+ void Run() { |
+ thread_checker_.DetachFromThread(); |
+ thread_checker_.CalledOnValidThread(); |
+ |
+ VLOG(1) << "Initialize NSS for chromeos user " << username_hash_; |
+ crypto::InitializeNSSForChromeOSUser(username_hash_, path_); |
+ RunNextStep(TPM_TOKEN_STATE_UNKNOWN); |
+ } |
+ |
+ void RunNextStep(const State& next_state) { |
mattm
2014/10/18 00:45:16
hm, not entirely sure about the state machine, esp
pneubeck (no reviews)
2014/10/21 09:22:09
What specific do you mean?
The fact that it's wait
mattm
2014/10/30 03:37:48
I dunno, just feels a little weird to me. But I do
|
+ DCHECK(thread_checker_.CalledOnValidThread()); |
+ |
+ VLOG(1) << "State transition " << state_ << " -> " << next_state; |
+ state_ = next_state; |
+ switch (state_) { |
+ case TPM_TOKEN_STATE_UNKNOWN: |
+ CheckTPMTokenState(); |
+ break; |
+ case TPM_TOKEN_ENABLED_AND_READY: |
+ GetTPMTokenInfo(); |
+ break; |
+ case INITIALIZED_NSS_FOR_USER: |
+ GetPrivateSlot(); |
+ break; |
+ case GOT_PRIVATE_SLOT_FOR_USER: |
+ if (!use_system_key_slot_) { |
+ RunNextStep(GOT_SYSTEM_SLOT); |
+ } else if (system_tpm_token_status_ == |
+ SYSTEM_TPM_TOKEN_STATUS_UNDETERMINED) { |
+ state_ = WAITING_FOR_SYSTEM_TPM_TOKEN; |
+ } else { |
+ RunNextStep(SYSTEM_TPM_TOKEN_READY); |
+ } |
+ break; |
+ case WAITING_FOR_SYSTEM_TPM_TOKEN: |
+ // This step is waiting for OnSystemTPMTokenReady to be called. |
+ NOTREACHED(); |
+ break; |
+ case SYSTEM_TPM_TOKEN_READY: |
+ GetSystemSlot(); |
+ break; |
+ case GOT_SYSTEM_SLOT: |
+ CreateCertDatabase(); |
+ break; |
+ case CREATED_NSS_CERTDB: |
+ NOTREACHED(); |
+ } |
+ } |
+ |
+ void FinishWithState(const State& state) { |
+ VLOG(1) << "FinishWithState " << state; |
+ state_ = state; |
+ } |
+ |
+ void CheckTPMTokenState() { |
+ // Check if it's OK to initialize TPM for the user before continuing. This |
+ // may not be the case if the TPM slot initialization was previously |
+ // requested for the same user. |
+ if (!crypto::ShouldInitializeTPMForChromeOSUser(username_hash_)) { |
+ RunNextStep(INITIALIZED_NSS_FOR_USER); |
+ return; |
+ } |
+ |
+ crypto::WillInitializeTPMForChromeOSUser(username_hash_); |
+ |
+ if (crypto::IsTPMTokenEnabledForNSS()) { |
+ base::Closure tpm_token_ready_callback = |
+ base::Bind(&Internal::RunNextStep, |
+ weak_ptr_factory_.GetWeakPtr(), |
+ TPM_TOKEN_ENABLED_AND_READY); |
+ if (crypto::IsTPMTokenReady(tpm_token_ready_callback)) |
+ tpm_token_ready_callback.Run(); |
+ else |
+ DVLOG(1) << "Waiting for tpm ready ..."; |
+ } else { |
+ crypto::InitializePrivateSoftwareSlotForChromeOSUser(username_hash_); |
+ RunNextStep(INITIALIZED_NSS_FOR_USER); |
+ } |
+ } |
+ |
+ void GetTPMTokenInfo() { |
+ GetTPMInfoForUserOnIOThread(user_email_, |
+ base::Bind(&Internal::GetTPMTokenInfoDONE, |
+ weak_ptr_factory_.GetWeakPtr()), |
+ dbus_task_runner_, |
+ cryptohome_client_); |
+ } |
+ |
+ void GetTPMTokenInfoDONE(chromeos::DBusMethodCallStatus call_status, |
+ const std::string& label, |
+ const std::string& user_pin, |
+ int slot_id) { |
+ DCHECK(thread_checker_.CalledOnValidThread()); |
+ |
+ if (call_status == chromeos::DBUS_METHOD_CALL_FAILURE) { |
+ LOG(ERROR) << "DBus error while getting TPM info for " << username_hash_; |
+ crypto::InitializePrivateSoftwareSlotForChromeOSUser(username_hash_); |
+ } else { |
+ crypto::InitializeTPMForChromeOSUser(username_hash_, slot_id); |
+ } |
+ RunNextStep(INITIALIZED_NSS_FOR_USER); |
+ } |
+ |
+ void GetPrivateSlot() { |
+ base::Callback<void(crypto::ScopedPK11Slot)> callback = base::Bind( |
+ &Internal::GetPrivateSlotDONE, weak_ptr_factory_.GetWeakPtr()); |
+ |
+ crypto::ScopedPK11Slot private_slot( |
+ crypto::GetPrivateSlotForChromeOSUser(username_hash_, callback)); |
+ if (private_slot) |
+ callback.Run(private_slot.Pass()); |
+ } |
+ |
+ void GetPrivateSlotDONE(crypto::ScopedPK11Slot private_slot) { |
mattm
2014/10/18 00:45:16
Name style. Maybe GotPrivateSlot or DidGetPrivateS
pneubeck (no reviews)
2014/10/21 09:22:09
Done.
|
+ DCHECK(thread_checker_.CalledOnValidThread()); |
+ DCHECK(private_slot); |
+ |
+ private_slot_ = private_slot.Pass(); |
+ RunNextStep(GOT_PRIVATE_SLOT_FOR_USER); |
+ } |
+ |
+ void OnSystemTPMTokenReady(bool system_tpm_token_enabled) { |
+ if (!use_system_key_slot_) |
+ return; |
+ if (system_tpm_token_enabled) |
+ system_tpm_token_status_ = SYSTEM_TPM_TOKEN_STATUS_ENABLED; |
+ else |
+ system_tpm_token_status_ = SYSTEM_TPM_TOKEN_STATUS_DISABLED; |
+ if (state_ == WAITING_FOR_SYSTEM_TPM_TOKEN) |
+ RunNextStep(SYSTEM_TPM_TOKEN_READY); |
+ } |
+ |
+ void GetSystemSlot() { |
+ if (!use_system_key_slot_ || |
+ system_tpm_token_status_ == SYSTEM_TPM_TOKEN_STATUS_DISABLED) { |
+ VLOG(2) << "Skip system key slot initialization"; |
+ RunNextStep(GOT_SYSTEM_SLOT); |
+ return; |
+ } |
+ |
+ base::Callback<void(crypto::ScopedPK11Slot)> callback = base::Bind( |
+ &Internal::GetSystemSlotDONE, weak_ptr_factory_.GetWeakPtr()); |
+ |
+ crypto::ScopedPK11Slot system_slot = crypto::GetSystemNSSKeySlot(callback); |
+ if (system_slot) |
+ callback.Run(system_slot.Pass()); |
+ } |
+ |
+ void GetSystemSlotDONE(crypto::ScopedPK11Slot system_slot) { |
+ if (!system_slot) |
+ LOG(ERROR) << "Could not get the system key slot."; |
+ system_slot_ = system_slot.Pass(); |
+ RunNextStep(GOT_SYSTEM_SLOT); |
+ } |
+ |
+ void CreateCertDatabase() { |
+ crypto::ScopedPK11Slot public_slot = |
+ crypto::GetPublicSlotForChromeOSUser(username_hash_); |
+ |
+ scoped_ptr<net::NSSCertDatabaseChromeOS> db( |
+ new net::NSSCertDatabaseChromeOS(public_slot.Pass(), |
+ private_slot_.Pass())); |
+ if (system_slot_) |
+ db->SetSystemSlot(system_slot_.Pass()); |
+ |
+ io_part_->DidCreateNSSCertDatabase(db.PassAs<net::NSSCertDatabase>()); |
mattm
2014/10/18 00:45:16
can use Pass() now
pneubeck (no reviews)
2014/10/21 09:22:09
Done.
|
+ FinishWithState(CREATED_NSS_CERTDB); |
+ } |
+ |
+ const std::string user_email_; |
+ const std::string username_hash_; |
+ bool use_system_key_slot_; |
+ const base::FilePath path_; |
+ scoped_refptr<base::SequencedTaskRunner> dbus_task_runner_; |
+ State state_; |
+ crypto::ScopedPK11Slot private_slot_; |
+ SystemTPMTokenStatus system_tpm_token_status_; |
+ crypto::ScopedPK11Slot system_slot_; |
+ chromeos::CryptohomeClient* cryptohome_client_; |
+ CertDatabaseServiceIOPartChromeOS* io_part_; |
+ base::ThreadChecker thread_checker_; |
+ base::WeakPtrFactory<Internal> weak_ptr_factory_; |
+ |
+ DISALLOW_COPY_AND_ASSIGN(Internal); |
+}; |
+ |
+CertDatabaseServiceIOPartChromeOS::CertDatabaseServiceIOPartChromeOS( |
+ const std::string& user_email, |
+ const std::string& username_hash, |
+ bool use_system_key_slot, |
+ const base::FilePath& path, |
+ const scoped_refptr<base::SequencedTaskRunner>& dbus_task_runner, |
+ chromeos::CryptohomeClient* cryptohome_client) |
+ : internal_(new Internal(user_email, |
+ username_hash, |
+ use_system_key_slot, |
+ path, |
+ dbus_task_runner, |
+ cryptohome_client, |
+ this)) { |
+} |
+ |
+CertDatabaseServiceIOPartChromeOS::~CertDatabaseServiceIOPartChromeOS() { |
+ DCHECK(thread_checker_.CalledOnValidThread()); |
+} |
+ |
+void CertDatabaseServiceIOPartChromeOS::Init() { |
+ CertDatabaseServiceIOPart::Init(); |
+ |
+ internal_->Run(); |
+} |
+ |
+void CertDatabaseServiceIOPartChromeOS::DidCreateNSSCertDatabase( |
+ scoped_ptr<net::NSSCertDatabase> db) { |
+ internal_.reset(); |
+ CertDatabaseServiceIOPart::DidCreateNSSCertDatabase(db.Pass()); |
+} |
+ |
+CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback |
+CertDatabaseServiceIOPartChromeOS::GetSystemTPMTokenReadyCallback() { |
+ return base::Bind( |
+ &OnSystemTPMTokenReady, GetWeakPtr(), base::Unretained(this)); |
+} |
+ |
+// static |
+void CertDatabaseServiceIOPartChromeOS::OnSystemTPMTokenReady( |
+ const base::WeakPtr<CertDatabaseServiceIOPart>& weak_ptr, |
+ CertDatabaseServiceIOPartChromeOS* io_part, |
+ bool system_tpm_token_enabled) { |
+ if (!weak_ptr) |
+ return; |
+ CHECK_EQ(io_part, weak_ptr.get()); |
+ |
+ io_part->internal_->OnSystemTPMTokenReady(system_tpm_token_enabled); |
+} |
+ |
+} // namespace cert_database |