| Index: chrome/browser/net/cert_database_service_factory_chromeos.cc
|
| diff --git a/chrome/browser/net/cert_database_service_factory_chromeos.cc b/chrome/browser/net/cert_database_service_factory_chromeos.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..329152bf3b2571226475a8de2eb647fdace0c3a4
|
| --- /dev/null
|
| +++ b/chrome/browser/net/cert_database_service_factory_chromeos.cc
|
| @@ -0,0 +1,108 @@
|
| +// Copyright 2014 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "chrome/browser/net/cert_database_service_factory.h"
|
| +
|
| +#include "base/memory/scoped_ptr.h"
|
| +#include "chrome/browser/browser_process.h"
|
| +#include "chrome/browser/browser_process_platform_part.h"
|
| +#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
|
| +#include "chrome/browser/chromeos/profiles/profile_helper.h"
|
| +#include "chrome/browser/profiles/profile.h"
|
| +#include "chromeos/cert_loader.h"
|
| +#include "chromeos/dbus/dbus_thread_manager.h"
|
| +#include "chromeos/tpm_token_loader.h"
|
| +#include "components/cert_database/cert_database_service.h"
|
| +#include "components/cert_database/cert_database_service_io_part_chromeos.h"
|
| +#include "components/policy/core/common/cloud/cloud_policy_constants.h"
|
| +#include "components/user_manager/user.h"
|
| +#include "components/user_manager/user_manager.h"
|
| +#include "content/public/browser/browser_thread.h"
|
| +
|
| +namespace cert_database {
|
| +
|
| +namespace {
|
| +
|
| +void RunReadyCallbackOnIOThread(
|
| + const CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback&
|
| + callback,
|
| + bool system_tpm_token_enabled) {
|
| + content::BrowserThread::PostTask(
|
| + content::BrowserThread::IO,
|
| + FROM_HERE,
|
| + base::Bind(callback, system_tpm_token_enabled));
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +KeyedService* CertDatabaseServiceFactory::BuildServiceInstanceFor(
|
| + content::BrowserContext* context) const {
|
| + Profile* profile = Profile::FromBrowserContext(context);
|
| +
|
| + // No cert database for the sign-in profile.
|
| + if (chromeos::ProfileHelper::IsSigninProfile(profile))
|
| + return NULL;
|
| +
|
| + user_manager::User* user =
|
| + chromeos::ProfileHelper::Get()->GetUserByProfile(profile);
|
| +
|
| + // Use the device-wide system key slot only if the user is of the same
|
| + // domain as the device is registered to. We do this as the system key slot
|
| + // allows affecting other users and this should not be the default for
|
| + // unaffiliated regular users and guest sessions for privacy reasons and also
|
| + // because the corporate credentials should probably not be useable by
|
| + // unrelated users.
|
| + policy::BrowserPolicyConnectorChromeOS* connector =
|
| + g_browser_process->platform_part()->browser_policy_connector_chromeos();
|
| + bool use_system_key_slot = connector->GetUserAffiliation(user->email()) ==
|
| + policy::USER_AFFILIATION_MANAGED;
|
| + VLOG(1) << "Use system key slot " << use_system_key_slot;
|
| +
|
| + scoped_ptr<CertDatabaseServiceIOPartChromeOS> io_part(
|
| + new CertDatabaseServiceIOPartChromeOS(
|
| + user->email(),
|
| + user->username_hash(),
|
| + use_system_key_slot,
|
| + profile->GetPath(),
|
| + content::BrowserThread::GetMessageLoopProxyForThread(
|
| + content::BrowserThread::UI), // Thread for DBus calls
|
| + chromeos::DBusThreadManager::Get()->GetCryptohomeClient()));
|
| +
|
| + // This callback must be called on IO.
|
| + CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback
|
| + callback_on_io = io_part->GetSystemTPMTokenReadyCallback();
|
| +
|
| + // Wrap it to be callable from the UI thread.
|
| + base::Callback<void(bool enabled)> callback_on_ui =
|
| + base::Bind(&RunReadyCallbackOnIOThread, callback_on_io);
|
| +
|
| + scoped_ptr<CertDatabaseService> service(new CertDatabaseService(
|
| + content::BrowserThread::GetMessageLoopProxyForThread(
|
| + content::BrowserThread::IO)));
|
| +
|
| + // After this point, the IOPart must only be accessed from the IO thread!
|
| + service->SetIOPart(io_part.Pass());
|
| +
|
| + chromeos::TPMTokenLoader::TPMTokenStatus tpm_token_status =
|
| + chromeos::TPMTokenLoader::Get()->IsTPMTokenEnabled(callback_on_ui);
|
| + if (tpm_token_status !=
|
| + chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED) {
|
| + callback_on_ui.Run(tpm_token_status ==
|
| + chromeos::TPMTokenLoader::TPM_TOKEN_STATUS_ENABLED);
|
| + }
|
| +
|
| + // TODO(pneubeck): Integrate CertLoader into the CertDatabaseService so that
|
| + // it can be used per user and not only for the primary user.
|
| + user_manager::UserManager* user_manager = user_manager::UserManager::Get();
|
| + bool is_primary_user = user_manager && user == user_manager->GetPrimaryUser();
|
| + if (is_primary_user) {
|
| + service->GetNSSCertDatabase(
|
| + base::Bind(&chromeos::CertLoader::StartWithNSSDB,
|
| + base::Unretained(chromeos::CertLoader::Get())));
|
| + }
|
| +
|
| + return service.release();
|
| +}
|
| +
|
| +} // namespace cert_database
|
|
|
Chromium Code Reviews
Issue 419013003:
Replace c/b/nss_context by a KeyedService. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src