Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2558)

Unified Diff: chrome/browser/profiles/profile_io_data.cc

Issue 419013003: Replace c/b/nss_context by a KeyedService. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Flattened components/cert_database folders. Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/profiles/profile_io_data.h ('k') | chrome/browser/ssl/ssl_browser_tests.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/profiles/profile_io_data.cc
diff --git a/chrome/browser/profiles/profile_io_data.cc b/chrome/browser/profiles/profile_io_data.cc
index 1b7979bb0a0aa3e79ca90d4d32c994962a770ea3..d3fdcc9f7832598b5b804753a74ade0df923cd13 100644
--- a/chrome/browser/profiles/profile_io_data.cc
+++ b/chrome/browser/profiles/profile_io_data.cc
@@ -119,15 +119,11 @@
#include "chrome/browser/chromeos/login/startup_utils.h"
#include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h"
#include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h"
-#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
#include "chrome/browser/chromeos/policy/policy_cert_service.h"
#include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
#include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
#include "chrome/browser/chromeos/profiles/profile_helper.h"
#include "chrome/browser/chromeos/settings/cros_settings.h"
-#include "chrome/browser/net/nss_context.h"
-#include "chromeos/dbus/cryptohome_client.h"
-#include "chromeos/dbus/dbus_thread_manager.h"
#include "chromeos/settings/cros_settings_names.h"
#include "components/user_manager/user.h"
#include "components/user_manager/user_manager.h"
@@ -139,7 +135,10 @@
#endif // defined(OS_CHROMEOS)
#if defined(USE_NSS)
+#include "chrome/browser/net/cert_database_service_factory.h"
#include "chrome/browser/ui/crypto_module_delegate_nss.h"
+#include "components/cert_database/cert_database_service.h"
+#include "components/cert_database/cert_database_service_io_part.h"
#include "net/ssl/client_cert_store_nss.h"
#endif
@@ -228,114 +227,6 @@ class DebugDevToolsInterceptor : public net::URLRequestInterceptor {
};
#endif // defined(DEBUG_DEVTOOLS)
-#if defined(OS_CHROMEOS)
-// The following four functions are responsible for initializing NSS for each
-// profile on ChromeOS, which has a separate NSS database and TPM slot
-// per-profile.
-//
-// Initialization basically follows these steps:
-// 1) Get some info from user_manager::UserManager about the User for this
-// profile.
-// 2) Tell nss_util to initialize the software slot for this profile.
-// 3) Wait for the TPM module to be loaded by nss_util if it isn't already.
-// 4) Ask CryptohomeClient which TPM slot id corresponds to this profile.
-// 5) Tell nss_util to use that slot id on the TPM module.
-//
-// Some of these steps must happen on the UI thread, others must happen on the
-// IO thread:
-// UI thread IO Thread
-//
-// ProfileIOData::InitializeOnUIThread
-// |
-// ProfileHelper::Get()->GetUserByProfile()
-// \---------------------------------------v
-// StartNSSInitOnIOThread
-// |
-// crypto::InitializeNSSForChromeOSUser
-// |
-// crypto::IsTPMTokenReady
-// |
-// StartTPMSlotInitializationOnIOThread
-// v---------------------------------------/
-// GetTPMInfoForUserOnUIThread
-// |
-// CryptohomeClient::Pkcs11GetTpmTokenInfoForUser
-// |
-// DidGetTPMInfoForUserOnUIThread
-// \---------------------------------------v
-// crypto::InitializeTPMForChromeOSUser
-
-void DidGetTPMInfoForUserOnUIThread(const std::string& username_hash,
- chromeos::DBusMethodCallStatus call_status,
- const std::string& label,
- const std::string& user_pin,
- int slot_id) {
- DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
- if (call_status == chromeos::DBUS_METHOD_CALL_FAILURE) {
- NOTREACHED() << "dbus error getting TPM info for " << username_hash;
- return;
- }
- DVLOG(1) << "Got TPM slot for " << username_hash << ": " << slot_id;
- BrowserThread::PostTask(
- BrowserThread::IO,
- FROM_HERE,
- base::Bind(
- &crypto::InitializeTPMForChromeOSUser, username_hash, slot_id));
-}
-
-void GetTPMInfoForUserOnUIThread(const std::string& username,
- const std::string& username_hash) {
- DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
- DVLOG(1) << "Getting TPM info from cryptohome for "
- << " " << username << " " << username_hash;
- chromeos::DBusThreadManager::Get()
- ->GetCryptohomeClient()
- ->Pkcs11GetTpmTokenInfoForUser(
- username,
- base::Bind(&DidGetTPMInfoForUserOnUIThread, username_hash));
-}
-
-void StartTPMSlotInitializationOnIOThread(const std::string& username,
- const std::string& username_hash) {
- DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
-
- BrowserThread::PostTask(
- BrowserThread::UI,
- FROM_HERE,
- base::Bind(&GetTPMInfoForUserOnUIThread, username, username_hash));
-}
-
-void StartNSSInitOnIOThread(const std::string& username,
- const std::string& username_hash,
- const base::FilePath& path) {
- DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
- DVLOG(1) << "Starting NSS init for " << username
- << " hash:" << username_hash;
-
- // Make sure NSS is initialized for the user.
- crypto::InitializeNSSForChromeOSUser(username_hash, path);
-
- // Check if it's OK to initialize TPM for the user before continuing. This
- // may not be the case if the TPM slot initialization was previously
- // requested for the same user.
- if (!crypto::ShouldInitializeTPMForChromeOSUser(username_hash))
- return;
-
- crypto::WillInitializeTPMForChromeOSUser(username_hash);
-
- if (crypto::IsTPMTokenEnabledForNSS()) {
- if (crypto::IsTPMTokenReady(base::Bind(
- &StartTPMSlotInitializationOnIOThread, username, username_hash))) {
- StartTPMSlotInitializationOnIOThread(username, username_hash);
- } else {
- DVLOG(1) << "Waiting for tpm ready ...";
- }
- } else {
- crypto::InitializePrivateSoftwareSlotForChromeOSUser(username_hash);
- }
-}
-#endif // defined(OS_CHROMEOS)
-
#if defined(USE_NSS)
void InitializeAndPassKeygenHandler(
scoped_ptr<net::KeygenHandler> keygen_handler,
@@ -408,28 +299,9 @@ void ProfileIOData::InitializeOnUIThread(Profile* profile) {
if (user_manager) {
user_manager::User* user =
chromeos::ProfileHelper::Get()->GetUserByProfile(profile);
- // No need to initialize NSS for users with empty username hash:
- // Getters for a user's NSS slots always return NULL slot if the user's
- // username hash is empty, even when the NSS is not initialized for the
- // user.
if (user && !user->username_hash().empty()) {
params->username_hash = user->username_hash();
DCHECK(!params->username_hash.empty());
- BrowserThread::PostTask(BrowserThread::IO,
- FROM_HERE,
- base::Bind(&StartNSSInitOnIOThread,
- user->email(),
- user->username_hash(),
- profile->GetPath()));
-
- // Use the device-wide system key slot only if the user is of the same
- // domain as the device is registered to.
- policy::BrowserPolicyConnectorChromeOS* connector =
- g_browser_process->platform_part()
- ->browser_policy_connector_chromeos();
- params->use_system_key_slot =
- connector->GetUserAffiliation(user->email()) ==
- policy::USER_AFFILIATION_MANAGED;
}
}
#endif
@@ -497,6 +369,13 @@ void ProfileIOData::InitializeOnUIThread(Profile* profile) {
network_prediction_options_.MoveToThread(io_message_loop_proxy);
+#if defined(USE_NSS)
+ cert_database::CertDatabaseService* service =
+ cert_database::CertDatabaseServiceFactory::GetForBrowserContext(profile);
+ if (service)
+ cert_db_io_ = service->GetIOPart();
+#endif
+
#if defined(OS_CHROMEOS)
scoped_ptr<policy::PolicyCertVerifier> verifier =
policy::PolicyCertServiceFactory::CreateForProfile(profile);
@@ -586,9 +465,6 @@ ProfileIOData::AppRequestContext::~AppRequestContext() {
ProfileIOData::ProfileParams::ProfileParams()
: io_thread(NULL),
-#if defined(OS_CHROMEOS)
- use_system_key_slot(false),
-#endif
profile(NULL) {
}
@@ -598,7 +474,6 @@ ProfileIOData::ProfileIOData(Profile::ProfileType profile_type)
: initialized_(false),
#if defined(OS_CHROMEOS)
policy_cert_verifier_(NULL),
- use_system_key_slot_(false),
#endif
resource_context_(new ResourceContext(this)),
initialized_on_UI_thread_(false),
@@ -916,8 +791,8 @@ ProfileIOData::ResourceContext::CreateClientCertStore() {
return io_data_->client_cert_store_factory_.Run();
#if defined(OS_CHROMEOS)
return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreChromeOS(
- make_scoped_ptr(new chromeos::ClientCertFilterChromeOS(
- io_data_->use_system_key_slot(), io_data_->username_hash())),
+ make_scoped_ptr(
+ new chromeos::ClientCertFilterChromeOS(io_data_->cert_db_io_)),
base::Bind(&CreateCryptoModuleBlockingPasswordDelegate,
chrome::kCryptoModulePasswordClientAuth)));
#elif defined(USE_NSS)
@@ -953,10 +828,17 @@ void ProfileIOData::ResourceContext::CreateKeygenHandler(
base::Passed(&keygen_handler),
callback);
- ChromeNSSCryptoModuleDelegate::CreateForResourceContext(
+ // If |cert_db_io_| is not available, the process is shutting down already.
+ // Return the KeygenHandler without ChromeNSSCryptoModuleDelegate.
+ if (!io_data_->cert_db_io_) {
+ got_delegate_callback.Run(scoped_ptr<ChromeNSSCryptoModuleDelegate>());
+ return;
+ }
+
+ ChromeNSSCryptoModuleDelegate::CreateForCertDatabase(
chrome::kCryptoModulePasswordKeygen,
net::HostPortPair::FromURL(url),
- this,
+ io_data_->cert_db_io_.get(),
got_delegate_callback);
#else
callback.Run(make_scoped_ptr(
@@ -1073,13 +955,8 @@ void ProfileIOData::Init(
#endif
#if defined(OS_CHROMEOS)
- username_hash_ = profile_params_->username_hash;
- use_system_key_slot_ = profile_params_->use_system_key_slot;
- if (use_system_key_slot_)
- EnableNSSSystemKeySlotForResourceContext(resource_context_.get());
-
crypto::ScopedPK11Slot public_slot =
- crypto::GetPublicSlotForChromeOSUser(username_hash_);
+ crypto::GetPublicSlotForChromeOSUser(profile_params_->username_hash);
// The private slot won't be ready by this point. It shouldn't be necessary
// for cert trust purposes anyway.
scoped_refptr<net::CertVerifyProc> verify_proc(
« no previous file with comments | « chrome/browser/profiles/profile_io_data.h ('k') | chrome/browser/ssl/ssl_browser_tests.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698