| Index: chrome/browser/profiles/profile_io_data.cc
|
| diff --git a/chrome/browser/profiles/profile_io_data.cc b/chrome/browser/profiles/profile_io_data.cc
|
| index fe5e784848be11dc751cbca52f6ab15f4dc2f1cd..245c44fa31aaef18b2772be00f0631eea9036818 100644
|
| --- a/chrome/browser/profiles/profile_io_data.cc
|
| +++ b/chrome/browser/profiles/profile_io_data.cc
|
| @@ -109,11 +109,13 @@
|
| #include "chrome/browser/chromeos/login/startup_utils.h"
|
| #include "chrome/browser/chromeos/login/users/user_manager.h"
|
| #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h"
|
| +#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
|
| #include "chrome/browser/chromeos/policy/policy_cert_service.h"
|
| #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
|
| #include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
|
| #include "chrome/browser/chromeos/profiles/profile_helper.h"
|
| #include "chrome/browser/chromeos/settings/cros_settings.h"
|
| +#include "chrome/browser/net/nss_context.h"
|
| #include "chromeos/dbus/cryptohome_client.h"
|
| #include "chromeos/dbus/dbus_thread_manager.h"
|
| #include "chromeos/settings/cros_settings_names.h"
|
| @@ -381,6 +383,15 @@ void ProfileIOData::InitializeOnUIThread(Profile* profile) {
|
| user->email(),
|
| user->username_hash(),
|
| profile->GetPath()));
|
| +
|
| + // Use the device-wide system key slot only if the user is of the same
|
| + // domain as the device is registered to.
|
| + policy::BrowserPolicyConnectorChromeOS* connector =
|
| + g_browser_process->platform_part()
|
| + ->browser_policy_connector_chromeos();
|
| + params->use_system_key_slot =
|
| + connector->GetUserAffiliation(user->email()) ==
|
| + policy::USER_AFFILIATION_MANAGED;
|
| }
|
| }
|
| #endif
|
| @@ -576,6 +587,9 @@ ProfileIOData::AppRequestContext::~AppRequestContext() {
|
|
|
| ProfileIOData::ProfileParams::ProfileParams()
|
| : io_thread(NULL),
|
| +#if defined(OS_CHROMEOS)
|
| + use_system_key_slot(false),
|
| +#endif
|
| profile(NULL) {
|
| }
|
|
|
| @@ -583,6 +597,9 @@ ProfileIOData::ProfileParams::~ProfileParams() {}
|
|
|
| ProfileIOData::ProfileIOData(Profile::ProfileType profile_type)
|
| : initialized_(false),
|
| +#if defined(OS_CHROMEOS)
|
| + use_system_key_slot_(false),
|
| +#endif
|
| resource_context_(new ResourceContext(this)),
|
| initialized_on_UI_thread_(false),
|
| profile_type_(profile_type) {
|
| @@ -903,6 +920,7 @@ ProfileIOData::ResourceContext::CreateClientCertStore() {
|
| return io_data_->client_cert_store_factory_.Run();
|
| #if defined(OS_CHROMEOS)
|
| return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreChromeOS(
|
| + io_data_->use_system_key_slot(),
|
| io_data_->username_hash(),
|
| base::Bind(&CreateCryptoModuleBlockingPasswordDelegate,
|
| chrome::kCryptoModulePasswordClientAuth)));
|
| @@ -1090,6 +1108,10 @@ void ProfileIOData::Init(
|
|
|
| #if defined(OS_CHROMEOS)
|
| username_hash_ = profile_params_->username_hash;
|
| + use_system_key_slot_ = profile_params_->use_system_key_slot;
|
| + if (use_system_key_slot_)
|
| + EnableNSSSystemKeySlotForResourceContext(resource_context_.get());
|
| +
|
| scoped_refptr<net::CertVerifyProc> verify_proc;
|
| crypto::ScopedPK11Slot public_slot =
|
| crypto::GetPublicSlotForChromeOSUser(username_hash_);
|
|
|
Chromium Code Reviews
Issue 424523002:
Enable system NSS key slot. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src