| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/profiles/profile_io_data.h" | 5 #include "chrome/browser/profiles/profile_io_data.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 102 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_chrome_settings.h" | 102 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_chrome_settings.h" |
| 103 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_chrome_settings_fact
ory.h" | 103 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_chrome_settings_fact
ory.h" |
| 104 #include "components/data_reduction_proxy/common/data_reduction_proxy_switches.h
" | 104 #include "components/data_reduction_proxy/common/data_reduction_proxy_switches.h
" |
| 105 #endif // defined(OS_ANDROID) | 105 #endif // defined(OS_ANDROID) |
| 106 | 106 |
| 107 #if defined(OS_CHROMEOS) | 107 #if defined(OS_CHROMEOS) |
| 108 #include "chrome/browser/chromeos/drive/drive_protocol_handler.h" | 108 #include "chrome/browser/chromeos/drive/drive_protocol_handler.h" |
| 109 #include "chrome/browser/chromeos/login/startup_utils.h" | 109 #include "chrome/browser/chromeos/login/startup_utils.h" |
| 110 #include "chrome/browser/chromeos/login/users/user_manager.h" | 110 #include "chrome/browser/chromeos/login/users/user_manager.h" |
| 111 #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h" | 111 #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h" |
| 112 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
| 112 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | 113 #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
| 113 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | 114 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
| 114 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" | 115 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" |
| 115 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 116 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 116 #include "chrome/browser/chromeos/settings/cros_settings.h" | 117 #include "chrome/browser/chromeos/settings/cros_settings.h" |
| 118 #include "chrome/browser/net/nss_context.h" |
| 117 #include "chromeos/dbus/cryptohome_client.h" | 119 #include "chromeos/dbus/cryptohome_client.h" |
| 118 #include "chromeos/dbus/dbus_thread_manager.h" | 120 #include "chromeos/dbus/dbus_thread_manager.h" |
| 119 #include "chromeos/settings/cros_settings_names.h" | 121 #include "chromeos/settings/cros_settings_names.h" |
| 120 #include "components/user_manager/user.h" | 122 #include "components/user_manager/user.h" |
| 121 #include "crypto/nss_util.h" | 123 #include "crypto/nss_util.h" |
| 122 #include "crypto/nss_util_internal.h" | 124 #include "crypto/nss_util_internal.h" |
| 123 #include "net/cert/multi_threaded_cert_verifier.h" | 125 #include "net/cert/multi_threaded_cert_verifier.h" |
| 124 #include "net/ssl/client_cert_store_chromeos.h" | 126 #include "net/ssl/client_cert_store_chromeos.h" |
| 125 #endif // defined(OS_CHROMEOS) | 127 #endif // defined(OS_CHROMEOS) |
| 126 | 128 |
| (...skipping 247 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 374 // user. | 376 // user. |
| 375 if (user && !user->username_hash().empty()) { | 377 if (user && !user->username_hash().empty()) { |
| 376 params->username_hash = user->username_hash(); | 378 params->username_hash = user->username_hash(); |
| 377 DCHECK(!params->username_hash.empty()); | 379 DCHECK(!params->username_hash.empty()); |
| 378 BrowserThread::PostTask(BrowserThread::IO, | 380 BrowserThread::PostTask(BrowserThread::IO, |
| 379 FROM_HERE, | 381 FROM_HERE, |
| 380 base::Bind(&StartNSSInitOnIOThread, | 382 base::Bind(&StartNSSInitOnIOThread, |
| 381 user->email(), | 383 user->email(), |
| 382 user->username_hash(), | 384 user->username_hash(), |
| 383 profile->GetPath())); | 385 profile->GetPath())); |
| 386 |
| 387 // Use the device-wide system key slot only if the user is of the same |
| 388 // domain as the device is registered to. |
| 389 policy::BrowserPolicyConnectorChromeOS* connector = |
| 390 g_browser_process->platform_part() |
| 391 ->browser_policy_connector_chromeos(); |
| 392 params->use_system_key_slot = |
| 393 connector->GetUserAffiliation(user->email()) == |
| 394 policy::USER_AFFILIATION_MANAGED; |
| 384 } | 395 } |
| 385 } | 396 } |
| 386 #endif | 397 #endif |
| 387 | 398 |
| 388 params->profile = profile; | 399 params->profile = profile; |
| 389 params->prerender_tracker = g_browser_process->prerender_tracker(); | 400 params->prerender_tracker = g_browser_process->prerender_tracker(); |
| 390 profile_params_.reset(params.release()); | 401 profile_params_.reset(params.release()); |
| 391 | 402 |
| 392 ChromeNetworkDelegate::InitializePrefsOnUIThread( | 403 ChromeNetworkDelegate::InitializePrefsOnUIThread( |
| 393 &enable_referrers_, | 404 &enable_referrers_, |
| (...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 569 job_factory_ = job_factory.Pass(); | 580 job_factory_ = job_factory.Pass(); |
| 570 set_job_factory(job_factory_.get()); | 581 set_job_factory(job_factory_.get()); |
| 571 } | 582 } |
| 572 | 583 |
| 573 ProfileIOData::AppRequestContext::~AppRequestContext() { | 584 ProfileIOData::AppRequestContext::~AppRequestContext() { |
| 574 AssertNoURLRequests(); | 585 AssertNoURLRequests(); |
| 575 } | 586 } |
| 576 | 587 |
| 577 ProfileIOData::ProfileParams::ProfileParams() | 588 ProfileIOData::ProfileParams::ProfileParams() |
| 578 : io_thread(NULL), | 589 : io_thread(NULL), |
| 590 #if defined(OS_CHROMEOS) |
| 591 use_system_key_slot(false), |
| 592 #endif |
| 579 profile(NULL) { | 593 profile(NULL) { |
| 580 } | 594 } |
| 581 | 595 |
| 582 ProfileIOData::ProfileParams::~ProfileParams() {} | 596 ProfileIOData::ProfileParams::~ProfileParams() {} |
| 583 | 597 |
| 584 ProfileIOData::ProfileIOData(Profile::ProfileType profile_type) | 598 ProfileIOData::ProfileIOData(Profile::ProfileType profile_type) |
| 585 : initialized_(false), | 599 : initialized_(false), |
| 600 #if defined(OS_CHROMEOS) |
| 601 use_system_key_slot_(false), |
| 602 #endif |
| 586 resource_context_(new ResourceContext(this)), | 603 resource_context_(new ResourceContext(this)), |
| 587 initialized_on_UI_thread_(false), | 604 initialized_on_UI_thread_(false), |
| 588 profile_type_(profile_type) { | 605 profile_type_(profile_type) { |
| 589 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 606 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 590 } | 607 } |
| 591 | 608 |
| 592 ProfileIOData::~ProfileIOData() { | 609 ProfileIOData::~ProfileIOData() { |
| 593 if (BrowserThread::IsMessageLoopValid(BrowserThread::IO)) | 610 if (BrowserThread::IsMessageLoopValid(BrowserThread::IO)) |
| 594 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 611 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| 595 | 612 |
| (...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 896 DCHECK(io_data_->initialized_); | 913 DCHECK(io_data_->initialized_); |
| 897 return request_context_; | 914 return request_context_; |
| 898 } | 915 } |
| 899 | 916 |
| 900 scoped_ptr<net::ClientCertStore> | 917 scoped_ptr<net::ClientCertStore> |
| 901 ProfileIOData::ResourceContext::CreateClientCertStore() { | 918 ProfileIOData::ResourceContext::CreateClientCertStore() { |
| 902 if (!io_data_->client_cert_store_factory_.is_null()) | 919 if (!io_data_->client_cert_store_factory_.is_null()) |
| 903 return io_data_->client_cert_store_factory_.Run(); | 920 return io_data_->client_cert_store_factory_.Run(); |
| 904 #if defined(OS_CHROMEOS) | 921 #if defined(OS_CHROMEOS) |
| 905 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreChromeOS( | 922 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreChromeOS( |
| 923 io_data_->use_system_key_slot(), |
| 906 io_data_->username_hash(), | 924 io_data_->username_hash(), |
| 907 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, | 925 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, |
| 908 chrome::kCryptoModulePasswordClientAuth))); | 926 chrome::kCryptoModulePasswordClientAuth))); |
| 909 #elif defined(USE_NSS) | 927 #elif defined(USE_NSS) |
| 910 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreNSS( | 928 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreNSS( |
| 911 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, | 929 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, |
| 912 chrome::kCryptoModulePasswordClientAuth))); | 930 chrome::kCryptoModulePasswordClientAuth))); |
| 913 #elif defined(OS_WIN) | 931 #elif defined(OS_WIN) |
| 914 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreWin()); | 932 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreWin()); |
| 915 #elif defined(OS_MACOSX) | 933 #elif defined(OS_MACOSX) |
| (...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1083 | 1101 |
| 1084 resource_context_->host_resolver_ = io_thread_globals->host_resolver.get(); | 1102 resource_context_->host_resolver_ = io_thread_globals->host_resolver.get(); |
| 1085 resource_context_->request_context_ = main_request_context_.get(); | 1103 resource_context_->request_context_ = main_request_context_.get(); |
| 1086 | 1104 |
| 1087 #if defined(ENABLE_MANAGED_USERS) | 1105 #if defined(ENABLE_MANAGED_USERS) |
| 1088 supervised_user_url_filter_ = profile_params_->supervised_user_url_filter; | 1106 supervised_user_url_filter_ = profile_params_->supervised_user_url_filter; |
| 1089 #endif | 1107 #endif |
| 1090 | 1108 |
| 1091 #if defined(OS_CHROMEOS) | 1109 #if defined(OS_CHROMEOS) |
| 1092 username_hash_ = profile_params_->username_hash; | 1110 username_hash_ = profile_params_->username_hash; |
| 1111 use_system_key_slot_ = profile_params_->use_system_key_slot; |
| 1112 if (use_system_key_slot_) |
| 1113 EnableNSSSystemKeySlotForResourceContext(resource_context_.get()); |
| 1114 |
| 1093 scoped_refptr<net::CertVerifyProc> verify_proc; | 1115 scoped_refptr<net::CertVerifyProc> verify_proc; |
| 1094 crypto::ScopedPK11Slot public_slot = | 1116 crypto::ScopedPK11Slot public_slot = |
| 1095 crypto::GetPublicSlotForChromeOSUser(username_hash_); | 1117 crypto::GetPublicSlotForChromeOSUser(username_hash_); |
| 1096 // The private slot won't be ready by this point. It shouldn't be necessary | 1118 // The private slot won't be ready by this point. It shouldn't be necessary |
| 1097 // for cert trust purposes anyway. | 1119 // for cert trust purposes anyway. |
| 1098 verify_proc = new chromeos::CertVerifyProcChromeOS(public_slot.Pass()); | 1120 verify_proc = new chromeos::CertVerifyProcChromeOS(public_slot.Pass()); |
| 1099 if (cert_verifier_) { | 1121 if (cert_verifier_) { |
| 1100 cert_verifier_->InitializeOnIOThread(verify_proc); | 1122 cert_verifier_->InitializeOnIOThread(verify_proc); |
| 1101 main_request_context_->set_cert_verifier(cert_verifier_.get()); | 1123 main_request_context_->set_cert_verifier(cert_verifier_.get()); |
| 1102 } else { | 1124 } else { |
| (...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1293 void ProfileIOData::SetCookieSettingsForTesting( | 1315 void ProfileIOData::SetCookieSettingsForTesting( |
| 1294 CookieSettings* cookie_settings) { | 1316 CookieSettings* cookie_settings) { |
| 1295 DCHECK(!cookie_settings_.get()); | 1317 DCHECK(!cookie_settings_.get()); |
| 1296 cookie_settings_ = cookie_settings; | 1318 cookie_settings_ = cookie_settings; |
| 1297 } | 1319 } |
| 1298 | 1320 |
| 1299 void ProfileIOData::set_signin_names_for_testing( | 1321 void ProfileIOData::set_signin_names_for_testing( |
| 1300 SigninNamesOnIOThread* signin_names) { | 1322 SigninNamesOnIOThread* signin_names) { |
| 1301 signin_names_.reset(signin_names); | 1323 signin_names_.reset(signin_names); |
| 1302 } | 1324 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 424523002:
Enable system NSS key slot. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src