| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/profiles/profile_io_data.h" | 5 #include "chrome/browser/profiles/profile_io_data.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 101 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings_android.h" | 101 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings_android.h" |
| 102 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings_factory_and
roid.h" | 102 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings_factory_and
roid.h" |
| 103 #include "components/data_reduction_proxy/common/data_reduction_proxy_switches.h
" | 103 #include "components/data_reduction_proxy/common/data_reduction_proxy_switches.h
" |
| 104 #endif // defined(OS_ANDROID) | 104 #endif // defined(OS_ANDROID) |
| 105 | 105 |
| 106 #if defined(OS_CHROMEOS) | 106 #if defined(OS_CHROMEOS) |
| 107 #include "chrome/browser/chromeos/drive/drive_protocol_handler.h" | 107 #include "chrome/browser/chromeos/drive/drive_protocol_handler.h" |
| 108 #include "chrome/browser/chromeos/login/startup_utils.h" | 108 #include "chrome/browser/chromeos/login/startup_utils.h" |
| 109 #include "chrome/browser/chromeos/login/users/user_manager.h" | 109 #include "chrome/browser/chromeos/login/users/user_manager.h" |
| 110 #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h" | 110 #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h" |
| 111 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
| 111 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | 112 #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
| 112 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | 113 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
| 113 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" | 114 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" |
| 114 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 115 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 115 #include "chrome/browser/chromeos/settings/cros_settings.h" | 116 #include "chrome/browser/chromeos/settings/cros_settings.h" |
| 117 #include "chrome/browser/net/nss_context.h" |
| 116 #include "chromeos/dbus/cryptohome_client.h" | 118 #include "chromeos/dbus/cryptohome_client.h" |
| 117 #include "chromeos/dbus/dbus_thread_manager.h" | 119 #include "chromeos/dbus/dbus_thread_manager.h" |
| 118 #include "chromeos/settings/cros_settings_names.h" | 120 #include "chromeos/settings/cros_settings_names.h" |
| 119 #include "components/user_manager/user.h" | 121 #include "components/user_manager/user.h" |
| 120 #include "crypto/nss_util.h" | 122 #include "crypto/nss_util.h" |
| 121 #include "crypto/nss_util_internal.h" | 123 #include "crypto/nss_util_internal.h" |
| 122 #include "net/cert/multi_threaded_cert_verifier.h" | 124 #include "net/cert/multi_threaded_cert_verifier.h" |
| 123 #include "net/ssl/client_cert_store_chromeos.h" | 125 #include "net/ssl/client_cert_store_chromeos.h" |
| 124 #endif // defined(OS_CHROMEOS) | 126 #endif // defined(OS_CHROMEOS) |
| 125 | 127 |
| (...skipping 247 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 373 // user. | 375 // user. |
| 374 if (user && !user->username_hash().empty()) { | 376 if (user && !user->username_hash().empty()) { |
| 375 params->username_hash = user->username_hash(); | 377 params->username_hash = user->username_hash(); |
| 376 DCHECK(!params->username_hash.empty()); | 378 DCHECK(!params->username_hash.empty()); |
| 377 BrowserThread::PostTask(BrowserThread::IO, | 379 BrowserThread::PostTask(BrowserThread::IO, |
| 378 FROM_HERE, | 380 FROM_HERE, |
| 379 base::Bind(&StartNSSInitOnIOThread, | 381 base::Bind(&StartNSSInitOnIOThread, |
| 380 user->email(), | 382 user->email(), |
| 381 user->username_hash(), | 383 user->username_hash(), |
| 382 profile->GetPath())); | 384 profile->GetPath())); |
| 385 |
| 386 // Use the device-wide system key slot only if the user is of the same |
| 387 // domain as the device is registered to. |
| 388 policy::BrowserPolicyConnectorChromeOS* connector = |
| 389 g_browser_process->platform_part() |
| 390 ->browser_policy_connector_chromeos(); |
| 391 params->use_system_key_slot = |
| 392 connector->GetUserAffiliation(user->email()) == |
| 393 policy::USER_AFFILIATION_MANAGED; |
| 383 } | 394 } |
| 384 } | 395 } |
| 385 #endif | 396 #endif |
| 386 | 397 |
| 387 params->profile = profile; | 398 params->profile = profile; |
| 388 params->prerender_tracker = g_browser_process->prerender_tracker(); | 399 params->prerender_tracker = g_browser_process->prerender_tracker(); |
| 389 profile_params_.reset(params.release()); | 400 profile_params_.reset(params.release()); |
| 390 | 401 |
| 391 ChromeNetworkDelegate::InitializePrefsOnUIThread( | 402 ChromeNetworkDelegate::InitializePrefsOnUIThread( |
| 392 &enable_referrers_, | 403 &enable_referrers_, |
| (...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 565 scoped_ptr<net::URLRequestJobFactory> job_factory) { | 576 scoped_ptr<net::URLRequestJobFactory> job_factory) { |
| 566 job_factory_ = job_factory.Pass(); | 577 job_factory_ = job_factory.Pass(); |
| 567 set_job_factory(job_factory_.get()); | 578 set_job_factory(job_factory_.get()); |
| 568 } | 579 } |
| 569 | 580 |
| 570 ProfileIOData::AppRequestContext::~AppRequestContext() { | 581 ProfileIOData::AppRequestContext::~AppRequestContext() { |
| 571 AssertNoURLRequests(); | 582 AssertNoURLRequests(); |
| 572 } | 583 } |
| 573 | 584 |
| 574 ProfileIOData::ProfileParams::ProfileParams() | 585 ProfileIOData::ProfileParams::ProfileParams() |
| 575 : io_thread(NULL), | 586 : io_thread(NULL), use_system_key_slot(false), profile(NULL) { |
| 576 profile(NULL) { | |
| 577 } | 587 } |
| 578 | 588 |
| 579 ProfileIOData::ProfileParams::~ProfileParams() {} | 589 ProfileIOData::ProfileParams::~ProfileParams() {} |
| 580 | 590 |
| 581 ProfileIOData::ProfileIOData(Profile::ProfileType profile_type) | 591 ProfileIOData::ProfileIOData(Profile::ProfileType profile_type) |
| 582 : initialized_(false), | 592 : initialized_(false), |
| 593 use_system_key_slot_(false), |
| 583 resource_context_(new ResourceContext(this)), | 594 resource_context_(new ResourceContext(this)), |
| 584 initialized_on_UI_thread_(false), | 595 initialized_on_UI_thread_(false), |
| 585 profile_type_(profile_type) { | 596 profile_type_(profile_type) { |
| 586 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 597 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 587 } | 598 } |
| 588 | 599 |
| 589 ProfileIOData::~ProfileIOData() { | 600 ProfileIOData::~ProfileIOData() { |
| 590 if (BrowserThread::IsMessageLoopValid(BrowserThread::IO)) | 601 if (BrowserThread::IsMessageLoopValid(BrowserThread::IO)) |
| 591 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 602 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| 592 | 603 |
| (...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 893 DCHECK(io_data_->initialized_); | 904 DCHECK(io_data_->initialized_); |
| 894 return request_context_; | 905 return request_context_; |
| 895 } | 906 } |
| 896 | 907 |
| 897 scoped_ptr<net::ClientCertStore> | 908 scoped_ptr<net::ClientCertStore> |
| 898 ProfileIOData::ResourceContext::CreateClientCertStore() { | 909 ProfileIOData::ResourceContext::CreateClientCertStore() { |
| 899 if (!io_data_->client_cert_store_factory_.is_null()) | 910 if (!io_data_->client_cert_store_factory_.is_null()) |
| 900 return io_data_->client_cert_store_factory_.Run(); | 911 return io_data_->client_cert_store_factory_.Run(); |
| 901 #if defined(OS_CHROMEOS) | 912 #if defined(OS_CHROMEOS) |
| 902 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreChromeOS( | 913 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreChromeOS( |
| 914 io_data_->use_system_key_slot(), |
| 903 io_data_->username_hash(), | 915 io_data_->username_hash(), |
| 904 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, | 916 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, |
| 905 chrome::kCryptoModulePasswordClientAuth))); | 917 chrome::kCryptoModulePasswordClientAuth))); |
| 906 #elif defined(USE_NSS) | 918 #elif defined(USE_NSS) |
| 907 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreNSS( | 919 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreNSS( |
| 908 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, | 920 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, |
| 909 chrome::kCryptoModulePasswordClientAuth))); | 921 chrome::kCryptoModulePasswordClientAuth))); |
| 910 #elif defined(OS_WIN) | 922 #elif defined(OS_WIN) |
| 911 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreWin()); | 923 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreWin()); |
| 912 #elif defined(OS_MACOSX) | 924 #elif defined(OS_MACOSX) |
| (...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1080 | 1092 |
| 1081 resource_context_->host_resolver_ = io_thread_globals->host_resolver.get(); | 1093 resource_context_->host_resolver_ = io_thread_globals->host_resolver.get(); |
| 1082 resource_context_->request_context_ = main_request_context_.get(); | 1094 resource_context_->request_context_ = main_request_context_.get(); |
| 1083 | 1095 |
| 1084 #if defined(ENABLE_MANAGED_USERS) | 1096 #if defined(ENABLE_MANAGED_USERS) |
| 1085 supervised_user_url_filter_ = profile_params_->supervised_user_url_filter; | 1097 supervised_user_url_filter_ = profile_params_->supervised_user_url_filter; |
| 1086 #endif | 1098 #endif |
| 1087 | 1099 |
| 1088 #if defined(OS_CHROMEOS) | 1100 #if defined(OS_CHROMEOS) |
| 1089 username_hash_ = profile_params_->username_hash; | 1101 username_hash_ = profile_params_->username_hash; |
| 1102 use_system_key_slot_ = profile_params_->use_system_key_slot; |
| 1103 if (use_system_key_slot_) |
| 1104 EnableNSSSystemKeySlotForResourceContext(resource_context_.get()); |
| 1105 |
| 1090 scoped_refptr<net::CertVerifyProc> verify_proc; | 1106 scoped_refptr<net::CertVerifyProc> verify_proc; |
| 1091 crypto::ScopedPK11Slot public_slot = | 1107 crypto::ScopedPK11Slot public_slot = |
| 1092 crypto::GetPublicSlotForChromeOSUser(username_hash_); | 1108 crypto::GetPublicSlotForChromeOSUser(username_hash_); |
| 1093 // The private slot won't be ready by this point. It shouldn't be necessary | 1109 // The private slot won't be ready by this point. It shouldn't be necessary |
| 1094 // for cert trust purposes anyway. | 1110 // for cert trust purposes anyway. |
| 1095 verify_proc = new chromeos::CertVerifyProcChromeOS(public_slot.Pass()); | 1111 verify_proc = new chromeos::CertVerifyProcChromeOS(public_slot.Pass()); |
| 1096 if (cert_verifier_) { | 1112 if (cert_verifier_) { |
| 1097 cert_verifier_->InitializeOnIOThread(verify_proc); | 1113 cert_verifier_->InitializeOnIOThread(verify_proc); |
| 1098 main_request_context_->set_cert_verifier(cert_verifier_.get()); | 1114 main_request_context_->set_cert_verifier(cert_verifier_.get()); |
| 1099 } else { | 1115 } else { |
| (...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1290 void ProfileIOData::SetCookieSettingsForTesting( | 1306 void ProfileIOData::SetCookieSettingsForTesting( |
| 1291 CookieSettings* cookie_settings) { | 1307 CookieSettings* cookie_settings) { |
| 1292 DCHECK(!cookie_settings_.get()); | 1308 DCHECK(!cookie_settings_.get()); |
| 1293 cookie_settings_ = cookie_settings; | 1309 cookie_settings_ = cookie_settings; |
| 1294 } | 1310 } |
| 1295 | 1311 |
| 1296 void ProfileIOData::set_signin_names_for_testing( | 1312 void ProfileIOData::set_signin_names_for_testing( |
| 1297 SigninNamesOnIOThread* signin_names) { | 1313 SigninNamesOnIOThread* signin_names) { |
| 1298 signin_names_.reset(signin_names); | 1314 signin_names_.reset(signin_names); |
| 1299 } | 1315 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 424523002:
Enable system NSS key slot. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src