Index: chrome/browser/net/cert_database_service_factory_chromeos.cc |
diff --git a/chrome/browser/net/cert_database_service_factory_chromeos.cc b/chrome/browser/net/cert_database_service_factory_chromeos.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..07c46852c0ca2f2a54d5a6ada6ccf70c2ec7b61c |
--- /dev/null |
+++ b/chrome/browser/net/cert_database_service_factory_chromeos.cc |
@@ -0,0 +1,108 @@ |
+// Copyright 2014 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "chrome/browser/net/cert_database_service_factory.h" |
+ |
+#include "base/memory/scoped_ptr.h" |
+#include "chrome/browser/browser_process.h" |
+#include "chrome/browser/browser_process_platform_part.h" |
+#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
+#include "chrome/browser/chromeos/profiles/profile_helper.h" |
+#include "chrome/browser/profiles/profile.h" |
+#include "chromeos/cert_loader.h" |
+#include "chromeos/dbus/dbus_thread_manager.h" |
+#include "chromeos/tpm_token_loader.h" |
+#include "components/cert_database/public/cert_database_service.h" |
+#include "components/cert_database/public/chromeos/cert_database_service_io_part_chromeos.h" |
+#include "components/policy/core/common/cloud/cloud_policy_constants.h" |
+#include "components/user_manager/user.h" |
+#include "components/user_manager/user_manager.h" |
+#include "content/public/browser/browser_thread.h" |
+ |
+namespace cert_database { |
+ |
+namespace { |
+ |
+void RunReadyCallbackOnIOThread( |
+ const CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback& |
+ callback, |
+ bool system_tpm_token_enabled) { |
+ content::BrowserThread::PostTask( |
+ content::BrowserThread::IO, |
+ FROM_HERE, |
+ base::Bind(callback, system_tpm_token_enabled)); |
+} |
+ |
+} // namespace |
+ |
+KeyedService* CertDatabaseServiceFactory::BuildServiceInstanceFor( |
+ content::BrowserContext* context) const { |
+ Profile* profile = Profile::FromBrowserContext(context); |
+ |
+ // No cert database for the sign-in profile. |
+ if (chromeos::ProfileHelper::IsSigninProfile(profile)) |
+ return NULL; |
+ |
+ user_manager::User* user = |
+ chromeos::ProfileHelper::Get()->GetUserByProfile(profile); |
+ |
+ // Use the device-wide system key slot only if the user is of the same |
+ // domain as the device is registered to. We do this as the system key slot |
+ // allows affecting other users and this should not be the default for |
+ // unaffiliated regular users and guest sessions for privacy reasons and also |
+ // because the corporate credentials should probably not be useable by |
+ // unrelated users. |
+ policy::BrowserPolicyConnectorChromeOS* connector = |
+ g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
+ bool use_system_key_slot = connector->GetUserAffiliation(user->email()) == |
+ policy::USER_AFFILIATION_MANAGED; |
+ VLOG(1) << "Use system key slot " << use_system_key_slot; |
+ |
+ scoped_ptr<CertDatabaseServiceIOPartChromeOS> io_part( |
+ new CertDatabaseServiceIOPartChromeOS( |
+ user->email(), |
+ user->username_hash(), |
+ use_system_key_slot, |
+ profile->GetPath(), |
+ content::BrowserThread::GetMessageLoopProxyForThread( |
+ content::BrowserThread::UI), // Thread for DBus calls |
+ chromeos::DBusThreadManager::Get()->GetCryptohomeClient())); |
+ |
+ // This callback must be called on IO. |
+ CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback |
+ callback_on_io = io_part->GetSystemTPMTokenReadyCallback(); |
+ |
+ // Wrap it to be callable from the UI thread. |
+ base::Callback<void(bool enabled)> callback_on_ui = |
+ base::Bind(&RunReadyCallbackOnIOThread, callback_on_io); |
+ |
+ scoped_ptr<CertDatabaseService> service(new CertDatabaseService( |
+ content::BrowserThread::GetMessageLoopProxyForThread( |
+ content::BrowserThread::IO))); |
+ |
+ // After this point, the IOPart must only be accessed from the IO thread! |
+ service->SetIOPart(io_part.Pass()); |
+ |
+ chromeos::TPMTokenLoader::TPMTokenStatus tpm_token_status = |
+ chromeos::TPMTokenLoader::Get()->IsTPMTokenEnabled(callback_on_ui); |
+ if (tpm_token_status != |
+ chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED) { |
+ callback_on_ui.Run(tpm_token_status == |
+ chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_ENABLED); |
+ } |
+ |
+ // TODO(pneubeck): Integrate CertLoader into the CertDatabaseService so that |
+ // it can be used per user and not only for the primary user. |
+ user_manager::UserManager* user_manager = user_manager::UserManager::Get(); |
+ bool is_primary_user = user_manager && user == user_manager->GetPrimaryUser(); |
+ if (is_primary_user) { |
+ service->GetNSSCertDatabase( |
+ base::Bind(&chromeos::CertLoader::StartWithNSSDB, |
+ base::Unretained(chromeos::CertLoader::Get()))); |
+ } |
+ |
+ return service.release(); |
+} |
+ |
+} // namespace cert_database |