Initialize per-ChromeOS-user NSS slots and provide the functions to access them.

chrome/browser/profiles/profile_io_data.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/profiles/profile_io_data.h"
 
 #include <string>
 
 #include "base/basictypes.h"
 #include "base/bind.h"
@@ skipping 70 matching lines @@
 #include "net/url_request/url_request_job_factory_impl.h"
 
 #if defined(ENABLE_MANAGED_USERS)
 #include "chrome/browser/managed_mode/managed_mode_url_filter.h"
 #include "chrome/browser/managed_mode/managed_user_service.h"
 #include "chrome/browser/managed_mode/managed_user_service_factory.h"
 #endif
 
 #if defined(OS_CHROMEOS)
 #include "chrome/browser/chromeos/drive/drive_protocol_handler.h"
+#include "chrome/browser/chromeos/login/user.h"
+#include "chrome/browser/chromeos/login/user_manager.h"
 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
+#include "chromeos/dbus/cryptohome_client.h"
+#include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/settings/cros_settings_names.h"
+#include "crypto/nss_util.h"
+#include "crypto/nss_util_internal.h"
 #endif  // defined(OS_CHROMEOS)
 
 using content::BrowserContext;
 using content::BrowserThread;
 using content::ResourceContext;
 
 namespace {
 
 // ----------------------------------------------------------------------------
 // CookieMonster::Delegate implementation
@@ skipping 110 matching lines @@
           request, network_delegate, path,
           content::BrowserThread::GetBlockingPool()->
               GetTaskRunnerWithShutdownBehavior(
                   base::SequencedWorkerPool::SKIP_ON_SHUTDOWN));
 
     return NULL;
   }
 };
 #endif  // defined(DEBUG_DEVTOOLS)
 
+#if defined(OS_CHROMEOS)
+void DidGetTPMInfoForUserOnUIThread(const std::string& username_hash,

[Ryan Sleevi, 2013/11/27 00:24:11]

This is somewhat hard to follow, because it's in reverse chronological/execution
order (presumably because the need for symbols to be ins cope).

Would it make sense to include a detailed comment explaining this flow. This is
an area where some clear documentation can go a long way.

eg:
https://code.google.com/p/chromium/codesearch#chromium/src/net/socket/ssl_cli...
or
https://code.google.com/p/chromium/codesearch#chromium/src/net/cert/multi_thr...
(Yes, I'm biased, clearly)

[mattm, 2013/11/27 04:12:23]

Ok, I added some comments and ascii art.

+                                    chromeos::DBusMethodCallStatus call_status,
+                                    const std::string& label,
+                                    const std::string& user_pin,

[Ryan Sleevi, 2013/11/27 00:24:11]

user_pin was removed, right?

[mattm, 2013/11/27 04:12:23]

It was removed from nss_util and such, but cryptohome still has it.

+                                    int slot_id) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  if (call_status == chromeos::DBUS_METHOD_CALL_FAILURE) {
+    NOTREACHED() << "dbus error getting TPM info for " << username_hash;
+    return;
+  }
+  VLOG(1) << __func__ << " "<< username_hash << " " << slot_id;

[Ryan Sleevi, 2013/11/27 00:24:11]

Why VLOG __func__, when VLOG already includes the file and line #?

Also, are they all necessary? This is going to affect release code, it all
seems... overkill.

[mattm, 2013/11/27 04:12:23]

Just find it easier to read if you don't have to look up every file/line number
to see what is happening. Changed to use descriptive verbiage instead of the
function name.
Changed to DVLOG, and removed the one from StartTPMSlotInitializionOnIOThread
which didn't add much value.

+  BrowserThread::PostTask(
+      BrowserThread::IO,
+      FROM_HERE,
+      base::Bind(
+          &crypto::InitializeTPMForChromeOSUser, username_hash, slot_id));
+}
+
+void GetTPMInfoForUserOnUIThread(const std::string& username,
+                                 const std::string& username_hash) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  VLOG(1) << __func__ << " " << username << " " << username_hash;
+  chromeos::DBusThreadManager::Get()
+      ->GetCryptohomeClient()
+      ->Pkcs11GetTpmTokenInfoForUser(
+            username,
+            base::Bind(&DidGetTPMInfoForUserOnUIThread, username_hash));
+}
+
+void StartTPMSlotInitializionOnIOThread(const std::string& username,
+                                        const std::string& username_hash) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+  VLOG(1) << __func__ << " " << username << " " << username_hash;
+
+  BrowserThread::PostTask(
+      BrowserThread::UI,
+      FROM_HERE,
+      base::Bind(&GetTPMInfoForUserOnUIThread, username, username_hash));
+}
+
+void StartNSSInitOnIOThread(const std::string& username,
+                            const std::string& username_hash,
+                            const base::FilePath& path,
+                            bool is_primary_user) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+  VLOG(1) << "username:" << username << "  hash:" << username_hash
+          << "  is_primary_user:" << is_primary_user;
+
+  if (!crypto::InitializeNSSForChromeOSUser(
+      username, username_hash, is_primary_user, path))

[Ryan Sleevi, 2013/11/27 00:24:11]

Is this clang-format'd? Seems like this should have an extra four spaces.

[mattm, 2013/11/27 04:12:23]

Done.

+    return;
+
+  if (crypto::IsTPMTokenEnabledForNSS()) {
+    if (crypto::IsTPMTokenReady()) {
+      StartTPMSlotInitializionOnIOThread(username, username_hash);
+    } else {
+      VLOG(1) << "waiting for tpm ready ...";
+      crypto::OnTPMReady(base::Bind(
+          &StartTPMSlotInitializionOnIOThread, username, username_hash));
+    }
+  } else {
+    crypto::InitializePrivateSoftwareSlotForChromeOSUser(username_hash);
+  }
+}
+#endif  // defined(OS_CHROMEOS)
+
 }  // namespace
 
 void ProfileIOData::InitializeOnUIThread(Profile* profile) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   PrefService* pref_service = profile->GetPrefs();
   PrefService* local_state_pref_service = g_browser_process->local_state();
 
   scoped_ptr<ProfileParams> params(new ProfileParams);
   params->path = profile->GetPath();
 
@@ skipping 30 matching lines @@
 
   params->proxy_config_service
       .reset(ProxyServiceFactory::CreateProxyConfigService(
            profile->GetProxyConfigTracker()));
 #if defined(ENABLE_MANAGED_USERS)
   ManagedUserService* managed_user_service =
       ManagedUserServiceFactory::GetForProfile(profile);
   params->managed_mode_url_filter =
       managed_user_service->GetURLFilterForIOThread();
 #endif
+#if defined(OS_CHROMEOS)
+  chromeos::UserManager* user_manager = chromeos::UserManager::Get();
+  if (user_manager) {
+    chromeos::User* user = user_manager->GetUserByProfile(profile);
+    if (user) {
+      params->username_hash = user->username_hash();
+      bool is_primary_user = (user_manager->GetPrimaryUser() == user);
+      BrowserThread::PostTask(BrowserThread::IO,
+                              FROM_HERE,
+                              base::Bind(&StartNSSInitOnIOThread,
+                                         user->email(),
+                                         user->username_hash(),
+                                         profile->GetPath(),
+                                         is_primary_user));
+    }
+  }
+  if (params->username_hash.empty())
+    LOG(WARNING) << "no username_hash";
+#endif
 
   params->profile = profile;
   profile_params_.reset(params.release());
 
   ChromeNetworkDelegate::InitializePrefsOnUIThread(
       &enable_referrers_,
       &enable_do_not_track_,
       &force_safesearch_,
       pref_service);
 
@@ skipping 517 matching lines @@
 #endif
 
 #if defined(OS_CHROMEOS)
   if (cert_verifier_) {
     cert_verifier_->InitializeOnIOThread();
     main_request_context_->set_cert_verifier(cert_verifier_.get());
   } else {
     main_request_context_->set_cert_verifier(
         io_thread_globals->cert_verifier.get());
   }
+  username_hash_ = profile_params_->username_hash;
 #else
   main_request_context_->set_cert_verifier(
       io_thread_globals->cert_verifier.get());
 #endif
 
   InitializeInternal(profile_params_.get(), protocol_handlers);
 
   profile_params_.reset();
   initialized_ = true;
 }
@@ skipping 137 matching lines @@
 void ProfileIOData::SetCookieSettingsForTesting(
     CookieSettings* cookie_settings) {
   DCHECK(!cookie_settings_.get());
   cookie_settings_ = cookie_settings;
 }
 
 void ProfileIOData::set_signin_names_for_testing(
     SigninNamesOnIOThread* signin_names) {
   signin_names_.reset(signin_names);
 }