Chromium Code Reviews Chromium Code Reviews
Issue 53763003:
Initialize per-ChromeOS-user NSS slots and provide the functions to access them. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/browser/profiles/profile_io_data.cc |
| diff --git a/chrome/browser/profiles/profile_io_data.cc b/chrome/browser/profiles/profile_io_data.cc |
| index 4d8610e44bc8d48cd9087f9409e1e42c346b3748..6a3ddc8f083090eb39b1738640569c986eb00444 100644 |
| --- a/chrome/browser/profiles/profile_io_data.cc |
| +++ b/chrome/browser/profiles/profile_io_data.cc |
| @@ -88,11 +88,17 @@ |
| #if defined(OS_CHROMEOS) |
| #include "chrome/browser/chromeos/drive/drive_protocol_handler.h" |
| +#include "chrome/browser/chromeos/login/user.h" |
| +#include "chrome/browser/chromeos/login/user_manager.h" |
| #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
| #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
| #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" |
| #include "chrome/browser/chromeos/settings/cros_settings.h" |
| +#include "chromeos/dbus/cryptohome_client.h" |
| +#include "chromeos/dbus/dbus_thread_manager.h" |
| #include "chromeos/settings/cros_settings_names.h" |
| +#include "crypto/nss_util.h" |
| +#include "crypto/nss_util_internal.h" |
| #endif // defined(OS_CHROMEOS) |
| using content::BrowserContext; |
| @@ -223,6 +229,73 @@ class DebugDevToolsInterceptor |
| }; |
| #endif // defined(DEBUG_DEVTOOLS) |
| +#if defined(OS_CHROMEOS) |
| +void DidGetTPMInfoForUserOnUIThread(const std::string& username_hash, |
|
Ryan Sleevi
2013/11/27 00:24:11
This is somewhat hard to follow, because it's in r
mattm
2013/11/27 04:12:23
Ok, I added some comments and ascii art.
|
| + chromeos::DBusMethodCallStatus call_status, |
| + const std::string& label, |
| + const std::string& user_pin, |
|
Ryan Sleevi
2013/11/27 00:24:11
user_pin was removed, right?
mattm
2013/11/27 04:12:23
It was removed from nss_util and such, but cryptoh
|
| + int slot_id) { |
| + DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| + if (call_status == chromeos::DBUS_METHOD_CALL_FAILURE) { |
| + NOTREACHED() << "dbus error getting TPM info for " << username_hash; |
| + return; |
| + } |
| + VLOG(1) << __func__ << " "<< username_hash << " " << slot_id; |
|
Ryan Sleevi
2013/11/27 00:24:11
Why VLOG __func__, when VLOG already includes the
mattm
2013/11/27 04:12:23
Just find it easier to read if you don't have to l
|
| + BrowserThread::PostTask( |
| + BrowserThread::IO, |
| + FROM_HERE, |
| + base::Bind( |
| + &crypto::InitializeTPMForChromeOSUser, username_hash, slot_id)); |
| +} |
| + |
| +void GetTPMInfoForUserOnUIThread(const std::string& username, |
| + const std::string& username_hash) { |
| + DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| + VLOG(1) << __func__ << " " << username << " " << username_hash; |
| + chromeos::DBusThreadManager::Get() |
| + ->GetCryptohomeClient() |
| + ->Pkcs11GetTpmTokenInfoForUser( |
| + username, |
| + base::Bind(&DidGetTPMInfoForUserOnUIThread, username_hash)); |
| +} |
| + |
| +void StartTPMSlotInitializionOnIOThread(const std::string& username, |
| + const std::string& username_hash) { |
| + DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| + VLOG(1) << __func__ << " " << username << " " << username_hash; |
| + |
| + BrowserThread::PostTask( |
| + BrowserThread::UI, |
| + FROM_HERE, |
| + base::Bind(&GetTPMInfoForUserOnUIThread, username, username_hash)); |
| +} |
| + |
| +void StartNSSInitOnIOThread(const std::string& username, |
| + const std::string& username_hash, |
| + const base::FilePath& path, |
| + bool is_primary_user) { |
| + DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| + VLOG(1) << "username:" << username << " hash:" << username_hash |
| + << " is_primary_user:" << is_primary_user; |
| + |
| + if (!crypto::InitializeNSSForChromeOSUser( |
| + username, username_hash, is_primary_user, path)) |
|
Ryan Sleevi
2013/11/27 00:24:11
Is this clang-format'd? Seems like this should hav
mattm
2013/11/27 04:12:23
Done.
|
| + return; |
| + |
| + if (crypto::IsTPMTokenEnabledForNSS()) { |
| + if (crypto::IsTPMTokenReady()) { |
| + StartTPMSlotInitializionOnIOThread(username, username_hash); |
| + } else { |
| + VLOG(1) << "waiting for tpm ready ..."; |
| + crypto::OnTPMReady(base::Bind( |
| + &StartTPMSlotInitializionOnIOThread, username, username_hash)); |
| + } |
| + } else { |
| + crypto::InitializePrivateSoftwareSlotForChromeOSUser(username_hash); |
| + } |
| +} |
| +#endif // defined(OS_CHROMEOS) |
| + |
| } // namespace |
| void ProfileIOData::InitializeOnUIThread(Profile* profile) { |
| @@ -273,6 +346,25 @@ void ProfileIOData::InitializeOnUIThread(Profile* profile) { |
| params->managed_mode_url_filter = |
| managed_user_service->GetURLFilterForIOThread(); |
| #endif |
| +#if defined(OS_CHROMEOS) |
| + chromeos::UserManager* user_manager = chromeos::UserManager::Get(); |
| + if (user_manager) { |
| + chromeos::User* user = user_manager->GetUserByProfile(profile); |
| + if (user) { |
| + params->username_hash = user->username_hash(); |
| + bool is_primary_user = (user_manager->GetPrimaryUser() == user); |
| + BrowserThread::PostTask(BrowserThread::IO, |
| + FROM_HERE, |
| + base::Bind(&StartNSSInitOnIOThread, |
| + user->email(), |
| + user->username_hash(), |
| + profile->GetPath(), |
| + is_primary_user)); |
| + } |
| + } |
| + if (params->username_hash.empty()) |
| + LOG(WARNING) << "no username_hash"; |
| +#endif |
| params->profile = profile; |
| profile_params_.reset(params.release()); |
| @@ -810,6 +902,7 @@ void ProfileIOData::Init(content::ProtocolHandlerMap* protocol_handlers) const { |
| main_request_context_->set_cert_verifier( |
| io_thread_globals->cert_verifier.get()); |
| } |
| + username_hash_ = profile_params_->username_hash; |
| #else |
| main_request_context_->set_cert_verifier( |
| io_thread_globals->cert_verifier.get()); |
