Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1126)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/net/cert_database_service_factory_chromeos.cc

Issue 419013003: Replace c/b/nss_context by a KeyedService. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase, format. Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/net/cert_database_service_factory.cc ('k') | chrome/browser/net/cert_database_service_factory_linux.cc » ('j') | chrome/browser/ui/crypto_module_delegate_nss.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/net/cert_database_service_factory_chromeos.cc
diff --git a/chrome/browser/net/cert_database_service_factory_chromeos.cc b/chrome/browser/net/cert_database_service_factory_chromeos.cc
new file mode 100644
index 0000000000000000000000000000000000000000..3e0e8de90f6c18b655e6f40ea9db61ac959d9673
--- /dev/null
+++ b/chrome/browser/net/cert_database_service_factory_chromeos.cc
@@ -0,0 +1,104 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/net/cert_database_service_factory.h"
+
+#include "base/memory/scoped_ptr.h"
+#include "chrome/browser/browser_process.h"
+#include "chrome/browser/browser_process_platform_part.h"
+#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chromeos/cert_loader.h"
+#include "chromeos/dbus/dbus_thread_manager.h"
+#include "chromeos/tpm_token_loader.h"
+#include "components/cert_database/public/cert_database_service.h"
+#include "components/cert_database/public/chromeos/cert_database_service_io_part_chromeos.h"
+#include "components/policy/core/common/cloud/cloud_policy_constants.h"
+#include "components/user_manager/user.h"
+#include "components/user_manager/user_manager.h"
+#include "content/public/browser/browser_thread.h"
+
+namespace cert_database {
+
+namespace {
+
+void RunReadyCallbackOnIOThread(
+ const CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback&
+ callback,
+ bool system_tpm_token_enabled) {
+ content::BrowserThread::PostTask(
+ content::BrowserThread::IO,
+ FROM_HERE,
+ base::Bind(callback, system_tpm_token_enabled));
+}
+
+} // namespace
+
+KeyedService* CertDatabaseServiceFactory::BuildServiceInstanceFor(
+ content::BrowserContext* context) const {
+ Profile* profile = Profile::FromBrowserContext(context);
+
+ // No cert database for the sign-in profile.
+ if (chromeos::ProfileHelper::IsSigninProfile(profile))
+ return NULL;
+
+ user_manager::User* user =
+ chromeos::ProfileHelper::Get()->GetUserByProfile(profile);
+
+ // Use the device-wide system key slot only if the user is of the same
+ // domain as the device is registered to.
tbarzic 2014/10/22 20:38:19 why do we allow system key slot only in this case
pneubeck (no reviews) 2014/10/24 12:51:37 clarified the comment, so that other readers do no
+ policy::BrowserPolicyConnectorChromeOS* connector =
+ g_browser_process->platform_part()->browser_policy_connector_chromeos();
+ bool use_system_key_slot = connector->GetUserAffiliation(user->email()) ==
+ policy::USER_AFFILIATION_MANAGED;
+ VLOG(1) << "Use system key slot " << use_system_key_slot;
+
+ scoped_ptr<CertDatabaseServiceIOPartChromeOS> io_part(
+ new CertDatabaseServiceIOPartChromeOS(
+ user->email(),
+ user->username_hash(),
+ use_system_key_slot,
+ profile->GetPath(),
+ content::BrowserThread::GetMessageLoopProxyForThread(
+ content::BrowserThread::UI), // Thread for DBus calls
+ chromeos::DBusThreadManager::Get()->GetCryptohomeClient()));
+
+ // This callback must be called on IO.
+ CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback
+ callback_on_io = io_part->GetSystemTPMTokenReadyCallback();
+
+ // Wrap it to be callable from the UI thread.
+ base::Callback<void(bool enabled)> callback_on_ui =
+ base::Bind(&RunReadyCallbackOnIOThread, callback_on_io);
+
+ scoped_ptr<CertDatabaseService> service(new CertDatabaseService(
+ content::BrowserThread::GetMessageLoopProxyForThread(
+ content::BrowserThread::IO)));
+
+ // After this point, the IOPart must only be accessed from the IO thread!
+ service->SetIOPart(io_part.Pass());
+
+ chromeos::TPMTokenLoader::TPMTokenStatus tpm_token_status =
+ chromeos::TPMTokenLoader::Get()->IsTPMTokenEnabled(callback_on_ui);
+ if (tpm_token_status !=
+ chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED) {
+ callback_on_ui.Run(tpm_token_status ==
+ chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_ENABLED);
+ }
+
+ // TODO(pneubeck): Integrate CertLoader into the CertDatabaseService so that
+ // it can be used per user and not only for the primary user.
+ user_manager::UserManager* user_manager = user_manager::UserManager::Get();
+ bool is_primary_user = user_manager && user == user_manager->GetPrimaryUser();
+ if (is_primary_user) {
+ service->GetNSSCertDatabase(
+ base::Bind(&chromeos::CertLoader::StartWithNSSDB,
+ base::Unretained(chromeos::CertLoader::Get())));
+ }
+
+ return service.release();
+}
+
+} // namespace cert_database
« no previous file with comments | « chrome/browser/net/cert_database_service_factory.cc ('k') | chrome/browser/net/cert_database_service_factory_linux.cc » ('j') | chrome/browser/ui/crypto_module_delegate_nss.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698