| Index: chrome/browser/profiles/profile_io_data.cc
|
| diff --git a/chrome/browser/profiles/profile_io_data.cc b/chrome/browser/profiles/profile_io_data.cc
|
| index 482353d9b5fa39ea41ce4ab3d70e74467f228b5d..3535026f2d4c8a790487844f18c1c757b11190b2 100644
|
| --- a/chrome/browser/profiles/profile_io_data.cc
|
| +++ b/chrome/browser/profiles/profile_io_data.cc
|
| @@ -117,16 +117,13 @@
|
| #if defined(OS_CHROMEOS)
|
| #include "chrome/browser/chromeos/fileapi/external_file_protocol_handler.h"
|
| #include "chrome/browser/chromeos/login/startup_utils.h"
|
| +#include "chrome/browser/chromeos/net/cert_profile_filter.h"
|
| #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h"
|
| -#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
|
| #include "chrome/browser/chromeos/policy/policy_cert_service.h"
|
| #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
|
| #include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
|
| #include "chrome/browser/chromeos/profiles/profile_helper.h"
|
| #include "chrome/browser/chromeos/settings/cros_settings.h"
|
| -#include "chrome/browser/net/nss_context.h"
|
| -#include "chromeos/dbus/cryptohome_client.h"
|
| -#include "chromeos/dbus/dbus_thread_manager.h"
|
| #include "chromeos/settings/cros_settings_names.h"
|
| #include "components/user_manager/user.h"
|
| #include "components/user_manager/user_manager.h"
|
| @@ -138,7 +135,10 @@
|
| #endif // defined(OS_CHROMEOS)
|
|
|
| #if defined(USE_NSS)
|
| +#include "chrome/browser/net/cert_database_service_factory.h"
|
| #include "chrome/browser/ui/crypto_module_delegate_nss.h"
|
| +#include "components/cert_database/public/cert_database_service.h"
|
| +#include "components/cert_database/public/cert_database_service_io_part.h"
|
| #include "net/ssl/client_cert_store_nss.h"
|
| #endif
|
|
|
| @@ -227,114 +227,6 @@ class DebugDevToolsInterceptor : public net::URLRequestInterceptor {
|
| };
|
| #endif // defined(DEBUG_DEVTOOLS)
|
|
|
| -#if defined(OS_CHROMEOS)
|
| -// The following four functions are responsible for initializing NSS for each
|
| -// profile on ChromeOS, which has a separate NSS database and TPM slot
|
| -// per-profile.
|
| -//
|
| -// Initialization basically follows these steps:
|
| -// 1) Get some info from user_manager::UserManager about the User for this
|
| -// profile.
|
| -// 2) Tell nss_util to initialize the software slot for this profile.
|
| -// 3) Wait for the TPM module to be loaded by nss_util if it isn't already.
|
| -// 4) Ask CryptohomeClient which TPM slot id corresponds to this profile.
|
| -// 5) Tell nss_util to use that slot id on the TPM module.
|
| -//
|
| -// Some of these steps must happen on the UI thread, others must happen on the
|
| -// IO thread:
|
| -// UI thread IO Thread
|
| -//
|
| -// ProfileIOData::InitializeOnUIThread
|
| -// |
|
| -// ProfileHelper::Get()->GetUserByProfile()
|
| -// \---------------------------------------v
|
| -// StartNSSInitOnIOThread
|
| -// |
|
| -// crypto::InitializeNSSForChromeOSUser
|
| -// |
|
| -// crypto::IsTPMTokenReady
|
| -// |
|
| -// StartTPMSlotInitializationOnIOThread
|
| -// v---------------------------------------/
|
| -// GetTPMInfoForUserOnUIThread
|
| -// |
|
| -// CryptohomeClient::Pkcs11GetTpmTokenInfoForUser
|
| -// |
|
| -// DidGetTPMInfoForUserOnUIThread
|
| -// \---------------------------------------v
|
| -// crypto::InitializeTPMForChromeOSUser
|
| -
|
| -void DidGetTPMInfoForUserOnUIThread(const std::string& username_hash,
|
| - chromeos::DBusMethodCallStatus call_status,
|
| - const std::string& label,
|
| - const std::string& user_pin,
|
| - int slot_id) {
|
| - DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
|
| - if (call_status == chromeos::DBUS_METHOD_CALL_FAILURE) {
|
| - NOTREACHED() << "dbus error getting TPM info for " << username_hash;
|
| - return;
|
| - }
|
| - DVLOG(1) << "Got TPM slot for " << username_hash << ": " << slot_id;
|
| - BrowserThread::PostTask(
|
| - BrowserThread::IO,
|
| - FROM_HERE,
|
| - base::Bind(
|
| - &crypto::InitializeTPMForChromeOSUser, username_hash, slot_id));
|
| -}
|
| -
|
| -void GetTPMInfoForUserOnUIThread(const std::string& username,
|
| - const std::string& username_hash) {
|
| - DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
|
| - DVLOG(1) << "Getting TPM info from cryptohome for "
|
| - << " " << username << " " << username_hash;
|
| - chromeos::DBusThreadManager::Get()
|
| - ->GetCryptohomeClient()
|
| - ->Pkcs11GetTpmTokenInfoForUser(
|
| - username,
|
| - base::Bind(&DidGetTPMInfoForUserOnUIThread, username_hash));
|
| -}
|
| -
|
| -void StartTPMSlotInitializationOnIOThread(const std::string& username,
|
| - const std::string& username_hash) {
|
| - DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
|
| -
|
| - BrowserThread::PostTask(
|
| - BrowserThread::UI,
|
| - FROM_HERE,
|
| - base::Bind(&GetTPMInfoForUserOnUIThread, username, username_hash));
|
| -}
|
| -
|
| -void StartNSSInitOnIOThread(const std::string& username,
|
| - const std::string& username_hash,
|
| - const base::FilePath& path) {
|
| - DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
|
| - DVLOG(1) << "Starting NSS init for " << username
|
| - << " hash:" << username_hash;
|
| -
|
| - // Make sure NSS is initialized for the user.
|
| - crypto::InitializeNSSForChromeOSUser(username_hash, path);
|
| -
|
| - // Check if it's OK to initialize TPM for the user before continuing. This
|
| - // may not be the case if the TPM slot initialization was previously
|
| - // requested for the same user.
|
| - if (!crypto::ShouldInitializeTPMForChromeOSUser(username_hash))
|
| - return;
|
| -
|
| - crypto::WillInitializeTPMForChromeOSUser(username_hash);
|
| -
|
| - if (crypto::IsTPMTokenEnabledForNSS()) {
|
| - if (crypto::IsTPMTokenReady(base::Bind(
|
| - &StartTPMSlotInitializationOnIOThread, username, username_hash))) {
|
| - StartTPMSlotInitializationOnIOThread(username, username_hash);
|
| - } else {
|
| - DVLOG(1) << "Waiting for tpm ready ...";
|
| - }
|
| - } else {
|
| - crypto::InitializePrivateSoftwareSlotForChromeOSUser(username_hash);
|
| - }
|
| -}
|
| -#endif // defined(OS_CHROMEOS)
|
| -
|
| #if defined(USE_NSS)
|
| void InitializeAndPassKeygenHandler(
|
| scoped_ptr<net::KeygenHandler> keygen_handler,
|
| @@ -404,33 +296,15 @@ void ProfileIOData::InitializeOnUIThread(Profile* profile) {
|
| params->supervised_user_url_filter =
|
| supervised_user_service->GetURLFilterForIOThread();
|
| #endif
|
| +
|
| #if defined(OS_CHROMEOS)
|
| user_manager::UserManager* user_manager = user_manager::UserManager::Get();
|
| if (user_manager) {
|
| user_manager::User* user =
|
| chromeos::ProfileHelper::Get()->GetUserByProfile(profile);
|
| - // No need to initialize NSS for users with empty username hash:
|
| - // Getters for a user's NSS slots always return NULL slot if the user's
|
| - // username hash is empty, even when the NSS is not initialized for the
|
| - // user.
|
| if (user && !user->username_hash().empty()) {
|
| params->username_hash = user->username_hash();
|
| DCHECK(!params->username_hash.empty());
|
| - BrowserThread::PostTask(BrowserThread::IO,
|
| - FROM_HERE,
|
| - base::Bind(&StartNSSInitOnIOThread,
|
| - user->email(),
|
| - user->username_hash(),
|
| - profile->GetPath()));
|
| -
|
| - // Use the device-wide system key slot only if the user is of the same
|
| - // domain as the device is registered to.
|
| - policy::BrowserPolicyConnectorChromeOS* connector =
|
| - g_browser_process->platform_part()
|
| - ->browser_policy_connector_chromeos();
|
| - params->use_system_key_slot =
|
| - connector->GetUserAffiliation(user->email()) ==
|
| - policy::USER_AFFILIATION_MANAGED;
|
| }
|
| }
|
| #endif
|
| @@ -498,6 +372,13 @@ void ProfileIOData::InitializeOnUIThread(Profile* profile) {
|
|
|
| network_prediction_options_.MoveToThread(io_message_loop_proxy);
|
|
|
| +#if defined(USE_NSS)
|
| + cert_database::CertDatabaseService* service =
|
| + cert_database::CertDatabaseServiceFactory::GetForBrowserContext(profile);
|
| + if (service)
|
| + cert_db_io_ = service->GetIOPart();
|
| +#endif
|
| +
|
| #if defined(OS_CHROMEOS)
|
| scoped_ptr<policy::PolicyCertVerifier> verifier =
|
| policy::PolicyCertServiceFactory::CreateForProfile(profile);
|
| @@ -587,9 +468,6 @@ ProfileIOData::AppRequestContext::~AppRequestContext() {
|
|
|
| ProfileIOData::ProfileParams::ProfileParams()
|
| : io_thread(NULL),
|
| -#if defined(OS_CHROMEOS)
|
| - use_system_key_slot(false),
|
| -#endif
|
| profile(NULL) {
|
| }
|
|
|
| @@ -599,7 +477,6 @@ ProfileIOData::ProfileIOData(Profile::ProfileType profile_type)
|
| : initialized_(false),
|
| #if defined(OS_CHROMEOS)
|
| policy_cert_verifier_(NULL),
|
| - use_system_key_slot_(false),
|
| #endif
|
| resource_context_(new ResourceContext(this)),
|
| initialized_on_UI_thread_(false),
|
| @@ -917,8 +794,7 @@ ProfileIOData::ResourceContext::CreateClientCertStore() {
|
| return io_data_->client_cert_store_factory_.Run();
|
| #if defined(OS_CHROMEOS)
|
| return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreChromeOS(
|
| - io_data_->use_system_key_slot(),
|
| - io_data_->username_hash(),
|
| + chromeos::CreateProfileFilterFactoryAcceptAllSlots(io_data_->cert_db_io_),
|
| base::Bind(&CreateCryptoModuleBlockingPasswordDelegate,
|
| chrome::kCryptoModulePasswordClientAuth)));
|
| #elif defined(USE_NSS)
|
| @@ -954,10 +830,17 @@ void ProfileIOData::ResourceContext::CreateKeygenHandler(
|
| base::Passed(&keygen_handler),
|
| callback);
|
|
|
| - ChromeNSSCryptoModuleDelegate::CreateForResourceContext(
|
| + // If |cert_db_io_| is not available, we're shutting down already. Return the
|
| + // KeygenHandler without ChromeNSSCryptoModuleDelegate.
|
| + if (!io_data_->cert_db_io_) {
|
| + got_delegate_callback.Run(scoped_ptr<ChromeNSSCryptoModuleDelegate>());
|
| + return;
|
| + }
|
| +
|
| + ChromeNSSCryptoModuleDelegate::CreateForCertDatabase(
|
| chrome::kCryptoModulePasswordKeygen,
|
| net::HostPortPair::FromURL(url),
|
| - this,
|
| + io_data_->cert_db_io_.get(),
|
| got_delegate_callback);
|
| #else
|
| callback.Run(make_scoped_ptr(
|
| @@ -1074,13 +957,8 @@ void ProfileIOData::Init(
|
| #endif
|
|
|
| #if defined(OS_CHROMEOS)
|
| - username_hash_ = profile_params_->username_hash;
|
| - use_system_key_slot_ = profile_params_->use_system_key_slot;
|
| - if (use_system_key_slot_)
|
| - EnableNSSSystemKeySlotForResourceContext(resource_context_.get());
|
| -
|
| crypto::ScopedPK11Slot public_slot =
|
| - crypto::GetPublicSlotForChromeOSUser(username_hash_);
|
| + crypto::GetPublicSlotForChromeOSUser(profile_params_->username_hash);
|
| // The private slot won't be ready by this point. It shouldn't be necessary
|
| // for cert trust purposes anyway.
|
| scoped_refptr<net::CertVerifyProc> verify_proc(
|
|
|
Chromium Code Reviews
Issue 419013003:
Replace c/b/nss_context by a KeyedService. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src