OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/profiles/profile_io_data.h" | 5 #include "chrome/browser/profiles/profile_io_data.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
101 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings_android.h" | 101 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings_android.h" |
102 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings_factory_and
roid.h" | 102 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings_factory_and
roid.h" |
103 #include "components/data_reduction_proxy/common/data_reduction_proxy_switches.h
" | 103 #include "components/data_reduction_proxy/common/data_reduction_proxy_switches.h
" |
104 #endif // defined(OS_ANDROID) | 104 #endif // defined(OS_ANDROID) |
105 | 105 |
106 #if defined(OS_CHROMEOS) | 106 #if defined(OS_CHROMEOS) |
107 #include "chrome/browser/chromeos/drive/drive_protocol_handler.h" | 107 #include "chrome/browser/chromeos/drive/drive_protocol_handler.h" |
108 #include "chrome/browser/chromeos/login/startup_utils.h" | 108 #include "chrome/browser/chromeos/login/startup_utils.h" |
109 #include "chrome/browser/chromeos/login/users/user_manager.h" | 109 #include "chrome/browser/chromeos/login/users/user_manager.h" |
110 #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h" | 110 #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h" |
| 111 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
111 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | 112 #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
112 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | 113 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
113 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" | 114 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" |
114 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 115 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
115 #include "chrome/browser/chromeos/settings/cros_settings.h" | 116 #include "chrome/browser/chromeos/settings/cros_settings.h" |
| 117 #include "chrome/browser/net/nss_context.h" |
116 #include "chromeos/dbus/cryptohome_client.h" | 118 #include "chromeos/dbus/cryptohome_client.h" |
117 #include "chromeos/dbus/dbus_thread_manager.h" | 119 #include "chromeos/dbus/dbus_thread_manager.h" |
118 #include "chromeos/settings/cros_settings_names.h" | 120 #include "chromeos/settings/cros_settings_names.h" |
119 #include "components/user_manager/user.h" | 121 #include "components/user_manager/user.h" |
120 #include "crypto/nss_util.h" | 122 #include "crypto/nss_util.h" |
121 #include "crypto/nss_util_internal.h" | 123 #include "crypto/nss_util_internal.h" |
122 #include "net/cert/multi_threaded_cert_verifier.h" | 124 #include "net/cert/multi_threaded_cert_verifier.h" |
123 #include "net/ssl/client_cert_store_chromeos.h" | 125 #include "net/ssl/client_cert_store_chromeos.h" |
124 #endif // defined(OS_CHROMEOS) | 126 #endif // defined(OS_CHROMEOS) |
125 | 127 |
(...skipping 247 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
373 // user. | 375 // user. |
374 if (user && !user->username_hash().empty()) { | 376 if (user && !user->username_hash().empty()) { |
375 params->username_hash = user->username_hash(); | 377 params->username_hash = user->username_hash(); |
376 DCHECK(!params->username_hash.empty()); | 378 DCHECK(!params->username_hash.empty()); |
377 BrowserThread::PostTask(BrowserThread::IO, | 379 BrowserThread::PostTask(BrowserThread::IO, |
378 FROM_HERE, | 380 FROM_HERE, |
379 base::Bind(&StartNSSInitOnIOThread, | 381 base::Bind(&StartNSSInitOnIOThread, |
380 user->email(), | 382 user->email(), |
381 user->username_hash(), | 383 user->username_hash(), |
382 profile->GetPath())); | 384 profile->GetPath())); |
| 385 |
| 386 // Use the device-wide system key slot only if the user is of the same |
| 387 // domain as the device is registered to. |
| 388 policy::BrowserPolicyConnectorChromeOS* connector = |
| 389 g_browser_process->platform_part() |
| 390 ->browser_policy_connector_chromeos(); |
| 391 params->use_system_key_slot = |
| 392 connector->GetUserAffiliation(user->email()) == |
| 393 policy::USER_AFFILIATION_MANAGED; |
383 } | 394 } |
384 } | 395 } |
385 #endif | 396 #endif |
386 | 397 |
387 params->profile = profile; | 398 params->profile = profile; |
388 params->prerender_tracker = g_browser_process->prerender_tracker(); | 399 params->prerender_tracker = g_browser_process->prerender_tracker(); |
389 profile_params_.reset(params.release()); | 400 profile_params_.reset(params.release()); |
390 | 401 |
391 ChromeNetworkDelegate::InitializePrefsOnUIThread( | 402 ChromeNetworkDelegate::InitializePrefsOnUIThread( |
392 &enable_referrers_, | 403 &enable_referrers_, |
(...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
565 scoped_ptr<net::URLRequestJobFactory> job_factory) { | 576 scoped_ptr<net::URLRequestJobFactory> job_factory) { |
566 job_factory_ = job_factory.Pass(); | 577 job_factory_ = job_factory.Pass(); |
567 set_job_factory(job_factory_.get()); | 578 set_job_factory(job_factory_.get()); |
568 } | 579 } |
569 | 580 |
570 ProfileIOData::AppRequestContext::~AppRequestContext() { | 581 ProfileIOData::AppRequestContext::~AppRequestContext() { |
571 AssertNoURLRequests(); | 582 AssertNoURLRequests(); |
572 } | 583 } |
573 | 584 |
574 ProfileIOData::ProfileParams::ProfileParams() | 585 ProfileIOData::ProfileParams::ProfileParams() |
575 : io_thread(NULL), | 586 : io_thread(NULL), use_system_key_slot(false), profile(NULL) { |
576 profile(NULL) { | |
577 } | 587 } |
578 | 588 |
579 ProfileIOData::ProfileParams::~ProfileParams() {} | 589 ProfileIOData::ProfileParams::~ProfileParams() {} |
580 | 590 |
581 ProfileIOData::ProfileIOData(Profile::ProfileType profile_type) | 591 ProfileIOData::ProfileIOData(Profile::ProfileType profile_type) |
582 : initialized_(false), | 592 : initialized_(false), |
| 593 use_system_key_slot_(false), |
583 resource_context_(new ResourceContext(this)), | 594 resource_context_(new ResourceContext(this)), |
584 initialized_on_UI_thread_(false), | 595 initialized_on_UI_thread_(false), |
585 profile_type_(profile_type) { | 596 profile_type_(profile_type) { |
586 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 597 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
587 } | 598 } |
588 | 599 |
589 ProfileIOData::~ProfileIOData() { | 600 ProfileIOData::~ProfileIOData() { |
590 if (BrowserThread::IsMessageLoopValid(BrowserThread::IO)) | 601 if (BrowserThread::IsMessageLoopValid(BrowserThread::IO)) |
591 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 602 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
592 | 603 |
(...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
893 DCHECK(io_data_->initialized_); | 904 DCHECK(io_data_->initialized_); |
894 return request_context_; | 905 return request_context_; |
895 } | 906 } |
896 | 907 |
897 scoped_ptr<net::ClientCertStore> | 908 scoped_ptr<net::ClientCertStore> |
898 ProfileIOData::ResourceContext::CreateClientCertStore() { | 909 ProfileIOData::ResourceContext::CreateClientCertStore() { |
899 if (!io_data_->client_cert_store_factory_.is_null()) | 910 if (!io_data_->client_cert_store_factory_.is_null()) |
900 return io_data_->client_cert_store_factory_.Run(); | 911 return io_data_->client_cert_store_factory_.Run(); |
901 #if defined(OS_CHROMEOS) | 912 #if defined(OS_CHROMEOS) |
902 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreChromeOS( | 913 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreChromeOS( |
| 914 io_data_->use_system_key_slot(), |
903 io_data_->username_hash(), | 915 io_data_->username_hash(), |
904 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, | 916 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, |
905 chrome::kCryptoModulePasswordClientAuth))); | 917 chrome::kCryptoModulePasswordClientAuth))); |
906 #elif defined(USE_NSS) | 918 #elif defined(USE_NSS) |
907 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreNSS( | 919 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreNSS( |
908 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, | 920 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, |
909 chrome::kCryptoModulePasswordClientAuth))); | 921 chrome::kCryptoModulePasswordClientAuth))); |
910 #elif defined(OS_WIN) | 922 #elif defined(OS_WIN) |
911 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreWin()); | 923 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreWin()); |
912 #elif defined(OS_MACOSX) | 924 #elif defined(OS_MACOSX) |
(...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1080 | 1092 |
1081 resource_context_->host_resolver_ = io_thread_globals->host_resolver.get(); | 1093 resource_context_->host_resolver_ = io_thread_globals->host_resolver.get(); |
1082 resource_context_->request_context_ = main_request_context_.get(); | 1094 resource_context_->request_context_ = main_request_context_.get(); |
1083 | 1095 |
1084 #if defined(ENABLE_MANAGED_USERS) | 1096 #if defined(ENABLE_MANAGED_USERS) |
1085 supervised_user_url_filter_ = profile_params_->supervised_user_url_filter; | 1097 supervised_user_url_filter_ = profile_params_->supervised_user_url_filter; |
1086 #endif | 1098 #endif |
1087 | 1099 |
1088 #if defined(OS_CHROMEOS) | 1100 #if defined(OS_CHROMEOS) |
1089 username_hash_ = profile_params_->username_hash; | 1101 username_hash_ = profile_params_->username_hash; |
| 1102 use_system_key_slot_ = profile_params_->use_system_key_slot; |
| 1103 if (use_system_key_slot_) |
| 1104 EnableNSSSystemKeySlotForResourceContext(resource_context_.get()); |
| 1105 |
1090 scoped_refptr<net::CertVerifyProc> verify_proc; | 1106 scoped_refptr<net::CertVerifyProc> verify_proc; |
1091 crypto::ScopedPK11Slot public_slot = | 1107 crypto::ScopedPK11Slot public_slot = |
1092 crypto::GetPublicSlotForChromeOSUser(username_hash_); | 1108 crypto::GetPublicSlotForChromeOSUser(username_hash_); |
1093 // The private slot won't be ready by this point. It shouldn't be necessary | 1109 // The private slot won't be ready by this point. It shouldn't be necessary |
1094 // for cert trust purposes anyway. | 1110 // for cert trust purposes anyway. |
1095 verify_proc = new chromeos::CertVerifyProcChromeOS(public_slot.Pass()); | 1111 verify_proc = new chromeos::CertVerifyProcChromeOS(public_slot.Pass()); |
1096 if (cert_verifier_) { | 1112 if (cert_verifier_) { |
1097 cert_verifier_->InitializeOnIOThread(verify_proc); | 1113 cert_verifier_->InitializeOnIOThread(verify_proc); |
1098 main_request_context_->set_cert_verifier(cert_verifier_.get()); | 1114 main_request_context_->set_cert_verifier(cert_verifier_.get()); |
1099 } else { | 1115 } else { |
(...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1290 void ProfileIOData::SetCookieSettingsForTesting( | 1306 void ProfileIOData::SetCookieSettingsForTesting( |
1291 CookieSettings* cookie_settings) { | 1307 CookieSettings* cookie_settings) { |
1292 DCHECK(!cookie_settings_.get()); | 1308 DCHECK(!cookie_settings_.get()); |
1293 cookie_settings_ = cookie_settings; | 1309 cookie_settings_ = cookie_settings; |
1294 } | 1310 } |
1295 | 1311 |
1296 void ProfileIOData::set_signin_names_for_testing( | 1312 void ProfileIOData::set_signin_names_for_testing( |
1297 SigninNamesOnIOThread* signin_names) { | 1313 SigninNamesOnIOThread* signin_names) { |
1298 signin_names_.reset(signin_names); | 1314 signin_names_.reset(signin_names); |
1299 } | 1315 } |
OLD | NEW |