| Index: components/cert_database/chromeos/cert_database_service_io_part_chromeos.cc
|
| diff --git a/components/cert_database/chromeos/cert_database_service_io_part_chromeos.cc b/components/cert_database/chromeos/cert_database_service_io_part_chromeos.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..91a0bea24b4ab058c98fdf05865159411bb68e71
|
| --- /dev/null
|
| +++ b/components/cert_database/chromeos/cert_database_service_io_part_chromeos.cc
|
| @@ -0,0 +1,324 @@
|
| +// Copyright 2014 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "components/cert_database/public/chromeos/cert_database_service_io_part_chromeos.h"
|
| +
|
| +#include "base/bind.h"
|
| +#include "base/bind_helpers.h"
|
| +#include "base/callback.h"
|
| +#include "base/location.h"
|
| +#include "base/single_thread_task_runner.h"
|
| +#include "base/thread_task_runner_handle.h"
|
| +#include "chromeos/dbus/cryptohome_client.h"
|
| +#include "chromeos/dbus/dbus_thread_manager.h"
|
| +#include "chromeos/tpm_token_loader.h"
|
| +#include "crypto/nss_util.h"
|
| +#include "crypto/nss_util_internal.h"
|
| +#include "net/cert/nss_cert_database_chromeos.h"
|
| +
|
| +namespace {
|
| +
|
| +void DidGetTPMInfoOnUICallBackToIO(
|
| + const chromeos::CryptohomeClient::Pkcs11GetTpmTokenInfoCallback& callback,
|
| + scoped_refptr<base::SingleThreadTaskRunner> origin_thread,
|
| + chromeos::DBusMethodCallStatus call_status,
|
| + const std::string& label,
|
| + const std::string& user_pin,
|
| + int slot_id) {
|
| + DVLOG(1) << "Got TPM info for slot " << slot_id;
|
| + origin_thread->PostTask(
|
| + FROM_HERE, base::Bind(callback, call_status, label, user_pin, slot_id));
|
| +}
|
| +
|
| +void GetTPMInfoForUserOnUIThread(
|
| + const std::string& user_email,
|
| + const chromeos::CryptohomeClient::Pkcs11GetTpmTokenInfoCallback& callback,
|
| + scoped_refptr<base::SingleThreadTaskRunner> origin_thread) {
|
| + DVLOG(1) << "Getting TPM info from cryptohome for "
|
| + << " " << user_email;
|
| + chromeos::DBusThreadManager::Get()
|
| + ->GetCryptohomeClient()
|
| + ->Pkcs11GetTpmTokenInfoForUser(
|
| + user_email,
|
| + base::Bind(&DidGetTPMInfoOnUICallBackToIO, callback, origin_thread));
|
| +}
|
| +
|
| +void GetTPMInfoForUserOnIOThread(
|
| + const std::string& user_email,
|
| + const chromeos::CryptohomeClient::Pkcs11GetTpmTokenInfoCallback& callback,
|
| + scoped_refptr<base::SequencedTaskRunner> dbus_task_runner) {
|
| + dbus_task_runner->PostTask(FROM_HERE,
|
| + base::Bind(&GetTPMInfoForUserOnUIThread,
|
| + user_email,
|
| + callback,
|
| + base::ThreadTaskRunnerHandle::Get()));
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +class CertDatabaseServiceIOPartChromeOS::Internal {
|
| + public:
|
| + enum SystemTPMTokenStatus {
|
| + SYSTEM_TPM_TOKEN_STATUS_UNDETERMINED,
|
| + SYSTEM_TPM_TOKEN_STATUS_ENABLED,
|
| + SYSTEM_TPM_TOKEN_STATUS_DISABLED
|
| + };
|
| +
|
| + enum State {
|
| + TPM_TOKEN_STATE_UNKNOWN,
|
| + TPM_TOKEN_ENABLED_AND_READY,
|
| + INITIALIZED_NSS_FOR_USER,
|
| + GOT_PRIVATE_SLOT_FOR_USER,
|
| + WAITING_FOR_SYSTEM_TPM_TOKEN,
|
| + SYSTEM_TPM_TOKEN_READY,
|
| + GOT_SYSTEM_SLOT,
|
| + CREATED_NSS_CERTDB
|
| + };
|
| +
|
| + explicit Internal(
|
| + const std::string& user_email,
|
| + const std::string& username_hash,
|
| + bool use_system_key_slot,
|
| + const base::FilePath& path,
|
| + const scoped_refptr<base::SequencedTaskRunner>& dbus_task_runner,
|
| + CertDatabaseServiceIOPartChromeOS* io_part)
|
| + : user_email_(user_email),
|
| + username_hash_(username_hash),
|
| + use_system_key_slot_(use_system_key_slot),
|
| + path_(path),
|
| + dbus_task_runner_(dbus_task_runner),
|
| + state_(TPM_TOKEN_STATE_UNKNOWN),
|
| + system_tpm_token_status_(SYSTEM_TPM_TOKEN_STATUS_UNDETERMINED),
|
| + io_part_(io_part),
|
| + weak_ptr_factory_(this) {}
|
| +
|
| + void Run() {
|
| + DCHECK(thread_checker_.CalledOnValidThread());
|
| +
|
| + VLOG(1) << "Initialize NSS for chromeos user " << username_hash_;
|
| + crypto::InitializeNSSForChromeOSUser(username_hash_, path_);
|
| + RunNextStep(TPM_TOKEN_STATE_UNKNOWN);
|
| + }
|
| +
|
| + void RunNextStep(const State& next_state) {
|
| + DCHECK(thread_checker_.CalledOnValidThread());
|
| +
|
| + VLOG(1) << "State transition " << state_ << " -> " << next_state;
|
| + state_ = next_state;
|
| + switch (state_) {
|
| + case TPM_TOKEN_STATE_UNKNOWN:
|
| + CheckTPMTokenState();
|
| + break;
|
| + case TPM_TOKEN_ENABLED_AND_READY:
|
| + GetTPMTokenInfo();
|
| + break;
|
| + case INITIALIZED_NSS_FOR_USER:
|
| + GetPrivateSlot();
|
| + break;
|
| + case GOT_PRIVATE_SLOT_FOR_USER:
|
| + if (!use_system_key_slot_) {
|
| + RunNextStep(GOT_SYSTEM_SLOT);
|
| + } else if (system_tpm_token_status_ ==
|
| + SYSTEM_TPM_TOKEN_STATUS_UNDETERMINED) {
|
| + state_ = WAITING_FOR_SYSTEM_TPM_TOKEN;
|
| + } else {
|
| + RunNextStep(SYSTEM_TPM_TOKEN_READY);
|
| + }
|
| + break;
|
| + case WAITING_FOR_SYSTEM_TPM_TOKEN:
|
| + // This step is waiting for OnSystemTPMTokenReady to be called.
|
| + NOTREACHED();
|
| + break;
|
| + case SYSTEM_TPM_TOKEN_READY:
|
| + GetSystemSlot();
|
| + break;
|
| + case GOT_SYSTEM_SLOT:
|
| + CreateCertDatabase();
|
| + break;
|
| + case CREATED_NSS_CERTDB:
|
| + NOTREACHED();
|
| + }
|
| + }
|
| +
|
| + void FinishWithState(const State& state) {
|
| + VLOG(1) << "FinishWithState " << state;
|
| + state_ = state;
|
| + }
|
| +
|
| + void CheckTPMTokenState() {
|
| + // Check if it's OK to initialize TPM for the user before continuing. This
|
| + // may not be the case if the TPM slot initialization was previously
|
| + // requested for the same user.
|
| + if (!crypto::ShouldInitializeTPMForChromeOSUser(username_hash_)) {
|
| + RunNextStep(INITIALIZED_NSS_FOR_USER);
|
| + return;
|
| + }
|
| +
|
| + crypto::WillInitializeTPMForChromeOSUser(username_hash_);
|
| +
|
| + if (crypto::IsTPMTokenEnabledForNSS()) {
|
| + base::Closure tpm_token_ready_callback =
|
| + base::Bind(&Internal::RunNextStep,
|
| + weak_ptr_factory_.GetWeakPtr(),
|
| + TPM_TOKEN_ENABLED_AND_READY);
|
| + if (crypto::IsTPMTokenReady(tpm_token_ready_callback))
|
| + tpm_token_ready_callback.Run();
|
| + else
|
| + DVLOG(1) << "Waiting for tpm ready ...";
|
| + } else {
|
| + crypto::InitializePrivateSoftwareSlotForChromeOSUser(username_hash_);
|
| + RunNextStep(INITIALIZED_NSS_FOR_USER);
|
| + }
|
| + }
|
| +
|
| + void GetTPMTokenInfo() {
|
| + GetTPMInfoForUserOnIOThread(user_email_,
|
| + base::Bind(&Internal::GetTPMTokenInfoDONE,
|
| + weak_ptr_factory_.GetWeakPtr()),
|
| + dbus_task_runner_);
|
| + }
|
| +
|
| + void GetTPMTokenInfoDONE(chromeos::DBusMethodCallStatus call_status,
|
| + const std::string& label,
|
| + const std::string& user_pin,
|
| + int slot_id) {
|
| + DCHECK(thread_checker_.CalledOnValidThread());
|
| +
|
| + if (call_status == chromeos::DBUS_METHOD_CALL_FAILURE) {
|
| + LOG(ERROR) << "DBus error while getting TPM info for " << username_hash_;
|
| + crypto::InitializePrivateSoftwareSlotForChromeOSUser(username_hash_);
|
| + } else {
|
| + crypto::InitializeTPMForChromeOSUser(username_hash_, slot_id);
|
| + }
|
| + RunNextStep(INITIALIZED_NSS_FOR_USER);
|
| + }
|
| +
|
| + void GetPrivateSlot() {
|
| + base::Callback<void(crypto::ScopedPK11Slot)> callback = base::Bind(
|
| + &Internal::GetPrivateSlotDONE, weak_ptr_factory_.GetWeakPtr());
|
| +
|
| + crypto::ScopedPK11Slot private_slot(
|
| + crypto::GetPrivateSlotForChromeOSUser(username_hash_, callback));
|
| + if (private_slot)
|
| + callback.Run(private_slot.Pass());
|
| + }
|
| +
|
| + void GetPrivateSlotDONE(crypto::ScopedPK11Slot private_slot) {
|
| + DCHECK(thread_checker_.CalledOnValidThread());
|
| + DCHECK(private_slot);
|
| +
|
| + private_slot_ = private_slot.Pass();
|
| + RunNextStep(GOT_PRIVATE_SLOT_FOR_USER);
|
| + }
|
| +
|
| + void OnSystemTPMTokenReady(bool system_tpm_token_enabled) {
|
| + if (!use_system_key_slot_)
|
| + return;
|
| + if (system_tpm_token_enabled)
|
| + system_tpm_token_status_ = SYSTEM_TPM_TOKEN_STATUS_ENABLED;
|
| + else
|
| + system_tpm_token_status_ = SYSTEM_TPM_TOKEN_STATUS_DISABLED;
|
| + if (state_ == WAITING_FOR_SYSTEM_TPM_TOKEN)
|
| + RunNextStep(SYSTEM_TPM_TOKEN_READY);
|
| + }
|
| +
|
| + void GetSystemSlot() {
|
| + if (!use_system_key_slot_ ||
|
| + system_tpm_token_status_ == SYSTEM_TPM_TOKEN_STATUS_DISABLED) {
|
| + VLOG(2) << "Skip system key slot initialization";
|
| + RunNextStep(GOT_SYSTEM_SLOT);
|
| + return;
|
| + }
|
| +
|
| + base::Callback<void(crypto::ScopedPK11Slot)> callback = base::Bind(
|
| + &Internal::GetSystemSlotDONE, weak_ptr_factory_.GetWeakPtr());
|
| +
|
| + crypto::ScopedPK11Slot system_slot = crypto::GetSystemNSSKeySlot(callback);
|
| + if (system_slot)
|
| + callback.Run(system_slot.Pass());
|
| + }
|
| +
|
| + void GetSystemSlotDONE(crypto::ScopedPK11Slot system_slot) {
|
| + if (!system_slot)
|
| + LOG(ERROR) << "Could not get the system key slot.";
|
| + system_slot_ = system_slot.Pass();
|
| + RunNextStep(GOT_SYSTEM_SLOT);
|
| + }
|
| +
|
| + void CreateCertDatabase() {
|
| + crypto::ScopedPK11Slot public_slot =
|
| + crypto::GetPublicSlotForChromeOSUser(username_hash_);
|
| +
|
| + scoped_ptr<net::NSSCertDatabaseChromeOS> db(
|
| + new net::NSSCertDatabaseChromeOS(public_slot.Pass(),
|
| + private_slot_.Pass()));
|
| + if (system_slot_)
|
| + db->SetSystemSlot(system_slot_.Pass());
|
| +
|
| + io_part_->DidCreateNSSCertDatabase(db.PassAs<net::NSSCertDatabase>());
|
| + FinishWithState(CREATED_NSS_CERTDB);
|
| + }
|
| +
|
| + const std::string user_email_;
|
| + const std::string username_hash_;
|
| + bool use_system_key_slot_;
|
| + const base::FilePath path_;
|
| + scoped_refptr<base::SequencedTaskRunner> dbus_task_runner_;
|
| + State state_;
|
| + crypto::ScopedPK11Slot private_slot_;
|
| + SystemTPMTokenStatus system_tpm_token_status_;
|
| + crypto::ScopedPK11Slot system_slot_;
|
| + CertDatabaseServiceIOPartChromeOS* io_part_;
|
| + base::ThreadChecker thread_checker_;
|
| + base::WeakPtrFactory<Internal> weak_ptr_factory_;
|
| +
|
| + DISALLOW_COPY_AND_ASSIGN(Internal);
|
| +};
|
| +
|
| +CertDatabaseServiceIOPartChromeOS::CertDatabaseServiceIOPartChromeOS(
|
| + const std::string& user_email,
|
| + const std::string& username_hash,
|
| + bool use_system_key_slot,
|
| + const base::FilePath& path,
|
| + const scoped_refptr<base::SequencedTaskRunner>& dbus_task_runner)
|
| + : internal_(new Internal(user_email,
|
| + username_hash,
|
| + use_system_key_slot,
|
| + path,
|
| + dbus_task_runner,
|
| + this)) {
|
| +}
|
| +
|
| +CertDatabaseServiceIOPartChromeOS::~CertDatabaseServiceIOPartChromeOS() {
|
| + DCHECK(thread_checker_.CalledOnValidThread());
|
| +}
|
| +
|
| +void CertDatabaseServiceIOPartChromeOS::Init() {
|
| + CertDatabaseServiceIOPart::Init();
|
| +
|
| + internal_->Run();
|
| +}
|
| +
|
| +void CertDatabaseServiceIOPartChromeOS::DidCreateNSSCertDatabase(
|
| + scoped_ptr<net::NSSCertDatabase> db) {
|
| + internal_.reset();
|
| + CertDatabaseServiceIOPart::DidCreateNSSCertDatabase(db.Pass());
|
| +}
|
| +
|
| +CertDatabaseServiceIOPartChromeOS::SystemTPMTokenReadyCallback
|
| +CertDatabaseServiceIOPartChromeOS::GetSystemTPMTokenReadyCallback() {
|
| + return base::Bind(
|
| + &OnSystemTPMTokenReady, GetWeakPtr(), base::Unretained(this));
|
| +}
|
| +
|
| +// static
|
| +void OnSystemTPMTokenReady(
|
| + const base::WeakPtr<CertDatabaseServiceIOPartChromeOS>& weak_ptr,
|
| + CertDatabaseServiceIOPartChromeOS* io_part,
|
| + bool system_tpm_token_enabled) {
|
| + if (!weak_ptr)
|
| + return;
|
| +
|
| + io_part->internal_->OnSystemTPMTokenReady(system_tpm_token_enabled);
|
| +}
|
|
|
Chromium Code Reviews
Issue 419013003:
Replace c/b/nss_context by a KeyedService. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src