OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/profiles/profile_io_data.h" | 5 #include "chrome/browser/profiles/profile_io_data.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
102 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_chrome_settings.h" | 102 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_chrome_settings.h" |
103 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_chrome_settings_fact
ory.h" | 103 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_chrome_settings_fact
ory.h" |
104 #include "components/data_reduction_proxy/common/data_reduction_proxy_switches.h
" | 104 #include "components/data_reduction_proxy/common/data_reduction_proxy_switches.h
" |
105 #endif // defined(OS_ANDROID) | 105 #endif // defined(OS_ANDROID) |
106 | 106 |
107 #if defined(OS_CHROMEOS) | 107 #if defined(OS_CHROMEOS) |
108 #include "chrome/browser/chromeos/drive/drive_protocol_handler.h" | 108 #include "chrome/browser/chromeos/drive/drive_protocol_handler.h" |
109 #include "chrome/browser/chromeos/login/startup_utils.h" | 109 #include "chrome/browser/chromeos/login/startup_utils.h" |
110 #include "chrome/browser/chromeos/login/users/user_manager.h" | 110 #include "chrome/browser/chromeos/login/users/user_manager.h" |
111 #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h" | 111 #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h" |
| 112 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
112 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | 113 #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
113 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | 114 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
114 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" | 115 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" |
115 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 116 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
116 #include "chrome/browser/chromeos/settings/cros_settings.h" | 117 #include "chrome/browser/chromeos/settings/cros_settings.h" |
| 118 #include "chrome/browser/net/nss_context.h" |
117 #include "chromeos/dbus/cryptohome_client.h" | 119 #include "chromeos/dbus/cryptohome_client.h" |
118 #include "chromeos/dbus/dbus_thread_manager.h" | 120 #include "chromeos/dbus/dbus_thread_manager.h" |
119 #include "chromeos/settings/cros_settings_names.h" | 121 #include "chromeos/settings/cros_settings_names.h" |
120 #include "components/user_manager/user.h" | 122 #include "components/user_manager/user.h" |
121 #include "crypto/nss_util.h" | 123 #include "crypto/nss_util.h" |
122 #include "crypto/nss_util_internal.h" | 124 #include "crypto/nss_util_internal.h" |
123 #include "net/cert/multi_threaded_cert_verifier.h" | 125 #include "net/cert/multi_threaded_cert_verifier.h" |
124 #include "net/ssl/client_cert_store_chromeos.h" | 126 #include "net/ssl/client_cert_store_chromeos.h" |
125 #endif // defined(OS_CHROMEOS) | 127 #endif // defined(OS_CHROMEOS) |
126 | 128 |
(...skipping 247 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
374 // user. | 376 // user. |
375 if (user && !user->username_hash().empty()) { | 377 if (user && !user->username_hash().empty()) { |
376 params->username_hash = user->username_hash(); | 378 params->username_hash = user->username_hash(); |
377 DCHECK(!params->username_hash.empty()); | 379 DCHECK(!params->username_hash.empty()); |
378 BrowserThread::PostTask(BrowserThread::IO, | 380 BrowserThread::PostTask(BrowserThread::IO, |
379 FROM_HERE, | 381 FROM_HERE, |
380 base::Bind(&StartNSSInitOnIOThread, | 382 base::Bind(&StartNSSInitOnIOThread, |
381 user->email(), | 383 user->email(), |
382 user->username_hash(), | 384 user->username_hash(), |
383 profile->GetPath())); | 385 profile->GetPath())); |
| 386 |
| 387 // Use the device-wide system key slot only if the user is of the same |
| 388 // domain as the device is registered to. |
| 389 policy::BrowserPolicyConnectorChromeOS* connector = |
| 390 g_browser_process->platform_part() |
| 391 ->browser_policy_connector_chromeos(); |
| 392 params->use_system_key_slot = |
| 393 connector->GetUserAffiliation(user->email()) == |
| 394 policy::USER_AFFILIATION_MANAGED; |
384 } | 395 } |
385 } | 396 } |
386 #endif | 397 #endif |
387 | 398 |
388 params->profile = profile; | 399 params->profile = profile; |
389 params->prerender_tracker = g_browser_process->prerender_tracker(); | 400 params->prerender_tracker = g_browser_process->prerender_tracker(); |
390 profile_params_.reset(params.release()); | 401 profile_params_.reset(params.release()); |
391 | 402 |
392 ChromeNetworkDelegate::InitializePrefsOnUIThread( | 403 ChromeNetworkDelegate::InitializePrefsOnUIThread( |
393 &enable_referrers_, | 404 &enable_referrers_, |
(...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
569 job_factory_ = job_factory.Pass(); | 580 job_factory_ = job_factory.Pass(); |
570 set_job_factory(job_factory_.get()); | 581 set_job_factory(job_factory_.get()); |
571 } | 582 } |
572 | 583 |
573 ProfileIOData::AppRequestContext::~AppRequestContext() { | 584 ProfileIOData::AppRequestContext::~AppRequestContext() { |
574 AssertNoURLRequests(); | 585 AssertNoURLRequests(); |
575 } | 586 } |
576 | 587 |
577 ProfileIOData::ProfileParams::ProfileParams() | 588 ProfileIOData::ProfileParams::ProfileParams() |
578 : io_thread(NULL), | 589 : io_thread(NULL), |
| 590 #if defined(OS_CHROMEOS) |
| 591 use_system_key_slot(false), |
| 592 #endif |
579 profile(NULL) { | 593 profile(NULL) { |
580 } | 594 } |
581 | 595 |
582 ProfileIOData::ProfileParams::~ProfileParams() {} | 596 ProfileIOData::ProfileParams::~ProfileParams() {} |
583 | 597 |
584 ProfileIOData::ProfileIOData(Profile::ProfileType profile_type) | 598 ProfileIOData::ProfileIOData(Profile::ProfileType profile_type) |
585 : initialized_(false), | 599 : initialized_(false), |
| 600 #if defined(OS_CHROMEOS) |
| 601 use_system_key_slot_(false), |
| 602 #endif |
586 resource_context_(new ResourceContext(this)), | 603 resource_context_(new ResourceContext(this)), |
587 initialized_on_UI_thread_(false), | 604 initialized_on_UI_thread_(false), |
588 profile_type_(profile_type) { | 605 profile_type_(profile_type) { |
589 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 606 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
590 } | 607 } |
591 | 608 |
592 ProfileIOData::~ProfileIOData() { | 609 ProfileIOData::~ProfileIOData() { |
593 if (BrowserThread::IsMessageLoopValid(BrowserThread::IO)) | 610 if (BrowserThread::IsMessageLoopValid(BrowserThread::IO)) |
594 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 611 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
595 | 612 |
(...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
896 DCHECK(io_data_->initialized_); | 913 DCHECK(io_data_->initialized_); |
897 return request_context_; | 914 return request_context_; |
898 } | 915 } |
899 | 916 |
900 scoped_ptr<net::ClientCertStore> | 917 scoped_ptr<net::ClientCertStore> |
901 ProfileIOData::ResourceContext::CreateClientCertStore() { | 918 ProfileIOData::ResourceContext::CreateClientCertStore() { |
902 if (!io_data_->client_cert_store_factory_.is_null()) | 919 if (!io_data_->client_cert_store_factory_.is_null()) |
903 return io_data_->client_cert_store_factory_.Run(); | 920 return io_data_->client_cert_store_factory_.Run(); |
904 #if defined(OS_CHROMEOS) | 921 #if defined(OS_CHROMEOS) |
905 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreChromeOS( | 922 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreChromeOS( |
| 923 io_data_->use_system_key_slot(), |
906 io_data_->username_hash(), | 924 io_data_->username_hash(), |
907 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, | 925 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, |
908 chrome::kCryptoModulePasswordClientAuth))); | 926 chrome::kCryptoModulePasswordClientAuth))); |
909 #elif defined(USE_NSS) | 927 #elif defined(USE_NSS) |
910 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreNSS( | 928 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreNSS( |
911 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, | 929 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, |
912 chrome::kCryptoModulePasswordClientAuth))); | 930 chrome::kCryptoModulePasswordClientAuth))); |
913 #elif defined(OS_WIN) | 931 #elif defined(OS_WIN) |
914 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreWin()); | 932 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreWin()); |
915 #elif defined(OS_MACOSX) | 933 #elif defined(OS_MACOSX) |
(...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1083 | 1101 |
1084 resource_context_->host_resolver_ = io_thread_globals->host_resolver.get(); | 1102 resource_context_->host_resolver_ = io_thread_globals->host_resolver.get(); |
1085 resource_context_->request_context_ = main_request_context_.get(); | 1103 resource_context_->request_context_ = main_request_context_.get(); |
1086 | 1104 |
1087 #if defined(ENABLE_MANAGED_USERS) | 1105 #if defined(ENABLE_MANAGED_USERS) |
1088 supervised_user_url_filter_ = profile_params_->supervised_user_url_filter; | 1106 supervised_user_url_filter_ = profile_params_->supervised_user_url_filter; |
1089 #endif | 1107 #endif |
1090 | 1108 |
1091 #if defined(OS_CHROMEOS) | 1109 #if defined(OS_CHROMEOS) |
1092 username_hash_ = profile_params_->username_hash; | 1110 username_hash_ = profile_params_->username_hash; |
| 1111 use_system_key_slot_ = profile_params_->use_system_key_slot; |
| 1112 if (use_system_key_slot_) |
| 1113 EnableNSSSystemKeySlotForResourceContext(resource_context_.get()); |
| 1114 |
1093 scoped_refptr<net::CertVerifyProc> verify_proc; | 1115 scoped_refptr<net::CertVerifyProc> verify_proc; |
1094 crypto::ScopedPK11Slot public_slot = | 1116 crypto::ScopedPK11Slot public_slot = |
1095 crypto::GetPublicSlotForChromeOSUser(username_hash_); | 1117 crypto::GetPublicSlotForChromeOSUser(username_hash_); |
1096 // The private slot won't be ready by this point. It shouldn't be necessary | 1118 // The private slot won't be ready by this point. It shouldn't be necessary |
1097 // for cert trust purposes anyway. | 1119 // for cert trust purposes anyway. |
1098 verify_proc = new chromeos::CertVerifyProcChromeOS(public_slot.Pass()); | 1120 verify_proc = new chromeos::CertVerifyProcChromeOS(public_slot.Pass()); |
1099 if (cert_verifier_) { | 1121 if (cert_verifier_) { |
1100 cert_verifier_->InitializeOnIOThread(verify_proc); | 1122 cert_verifier_->InitializeOnIOThread(verify_proc); |
1101 main_request_context_->set_cert_verifier(cert_verifier_.get()); | 1123 main_request_context_->set_cert_verifier(cert_verifier_.get()); |
1102 } else { | 1124 } else { |
(...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1293 void ProfileIOData::SetCookieSettingsForTesting( | 1315 void ProfileIOData::SetCookieSettingsForTesting( |
1294 CookieSettings* cookie_settings) { | 1316 CookieSettings* cookie_settings) { |
1295 DCHECK(!cookie_settings_.get()); | 1317 DCHECK(!cookie_settings_.get()); |
1296 cookie_settings_ = cookie_settings; | 1318 cookie_settings_ = cookie_settings; |
1297 } | 1319 } |
1298 | 1320 |
1299 void ProfileIOData::set_signin_names_for_testing( | 1321 void ProfileIOData::set_signin_names_for_testing( |
1300 SigninNamesOnIOThread* signin_names) { | 1322 SigninNamesOnIOThread* signin_names) { |
1301 signin_names_.reset(signin_names); | 1323 signin_names_.reset(signin_names); |
1302 } | 1324 } |
OLD | NEW |