Remove TPMTokenInfoDelegate

crypto/nss_util.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "crypto/nss_util.h"
 #include "crypto/nss_util_internal.h"
 
 #include <nss.h>
 #include <plarena.h>
 #include <prerror.h>
 #include <prinit.h>
 #include <prtime.h>
 #include <pk11pub.h>
 #include <secmod.h>
 
 #if defined(OS_LINUX)
 #include <linux/nfs_fs.h>
 #include <sys/vfs.h>
 #elif defined(OS_OPENBSD)
 #include <sys/mount.h>
 #include <sys/param.h>
 #endif
 
 #include <vector>
 
-#include "base/bind.h"
 #include "base/environment.h"
 #include "base/file_path.h"
 #include "base/file_util.h"
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
-#include "base/message_loop.h"
 #include "base/native_library.h"
 #include "base/scoped_temp_dir.h"
 #include "base/stringprintf.h"
 #include "base/threading/thread_restrictions.h"
 #include "build/build_config.h"
-#include "crypto/scoped_nss_types.h"
 
 #if defined(OS_CHROMEOS)
 #include "crypto/symmetric_key.h"
 #endif
 
 // USE_NSS means we use NSS for everything crypto-related.  If USE_NSS is not
 // defined, such as on Mac and Windows, we use NSS for SSL only -- we don't
 // use NSS for crypto or certificate verification, and we don't use the NSS
 // certificate and key databases.
 #if defined(USE_NSS)
@@ skipping 157 matching lines @@
   NSPRInitSingleton() {
     PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
   }
 
   // NOTE(willchan): We don't actually execute this code since we leak NSS to
   // prevent non-joinable threads from using NSS after it's already been shut
   // down.
   ~NSPRInitSingleton() {
     PL_ArenaFinish();
     PRStatus prstatus = PR_Cleanup();
-    if (prstatus != PR_SUCCESS) {
+    if (prstatus != PR_SUCCESS)
       LOG(ERROR) << "PR_Cleanup failed; was NSPR initialized on wrong thread?";
-    }
   }
 };
 
 base::LazyInstance<NSPRInitSingleton>::Leaky
     g_nspr_singleton = LAZY_INSTANCE_INITIALIZER;
 
 // This is a LazyInstance so that it will be deleted automatically when the
 // unittest exits.  NSSInitSingleton is a LeakySingleton, so it would not be
 // deleted if it were a regular member.
 base::LazyInstance<ScopedTempDir> g_test_nss_db_dir = LAZY_INSTANCE_INITIALIZER;
@@ skipping 10 matching lines @@
 
       // This creates another DB slot in NSS that is read/write, unlike
       // the fake root CA cert DB and the "default" crypto key
       // provider, which are still read-only (because we initialized
       // NSS before we had a cryptohome mounted).
       software_slot_ = OpenUserDB(GetDefaultConfigDirectory(),
                                   kNSSDatabaseName);
     }
   }
 
-  void EnableTPMTokenForNSS(TPMTokenInfoDelegate* info_delegate) {
-    CHECK(info_delegate);
-    tpm_token_info_delegate_.reset(info_delegate);
+  void EnableTPMTokenForNSS() {
+    tpm_token_enabled_for_nss_ = true;
   }
 
-  void InitializeTPMToken(InitializeTPMTokenCallback callback) {
-    // If EnableTPMTokenForNSS hasn't been called, run |callback| with false.
-    if (tpm_token_info_delegate_.get() == NULL) {
-      MessageLoop::current()->PostTask(FROM_HERE, base::Bind(callback, false));
-      return;
+  bool InitializeTPMToken(const std::string& token_name,
+                          const std::string& user_pin) {
+    // If EnableTPMTokenForNSS hasn't been called, return false.
+    if (!tpm_token_enabled_for_nss_)
+      return false;
+
+    // If everything is already initialized, then return true.
+    if (chaps_module_ && tpm_slot_)
+      return true;
+
+    tpm_token_name_ = token_name;
+    tpm_user_pin_ = user_pin;
+
+    // This tries to load the Chaps module so NSS can talk to the hardware
+    // TPM.
+    if (!chaps_module_) {
+      chaps_module_ = LoadModule(
+          kChapsModuleName,
+          kChapsPath,
+          // For more details on these parameters, see:
+          // https://developer.mozilla.org/en/PKCS11_Module_Specs
+          // slotFlags=[PublicCerts] -- Certificates and public keys can be
+          //   read from this slot without requiring a call to C_Login.
+          // askpw=only -- Only authenticate to the token when necessary.
+          "NSS=\"slotParams=(0={slotFlags=[PublicCerts] askpw=only})\"");
     }
+    if (chaps_module_){
+      // If this gets set, then we'll use the TPM for certs with
+      // private keys, otherwise we'll fall back to the software
+      // implementation.
+      tpm_slot_ = GetTPMSlot();
 
-    // If everything is already initialized, then run |callback| with true.
-    if (chaps_module_ && tpm_slot_) {
-      MessageLoop::current()->PostTask(FROM_HERE, base::Bind(callback, true));
-      return;
+      return tpm_slot_ != NULL;
     }
-    tpm_token_info_delegate_->RequestIsTokenReady(
-        base::Bind(&NSSInitSingleton::InitializeTPMTokenInternal,
-                   weak_ptr_factory_.GetWeakPtr(),
-                   callback));
+    return false;
   }
 
   void GetTPMTokenInfo(std::string* token_name, std::string* user_pin) {
-    if (tpm_token_info_delegate_.get() == NULL) {
+    if (!tpm_token_enabled_for_nss_) {
       LOG(ERROR) << "GetTPMTokenInfo called before TPM Token is ready.";
       return;
     }
-    tpm_token_info_delegate_->GetTokenInfo(token_name, user_pin);
+    if (token_name)
+      *token_name = tpm_token_name_;
+    if (user_pin)
+      *user_pin = tpm_user_pin_;
   }
 
   bool IsTPMTokenReady() {
     return tpm_slot_ != NULL;
   }
 
   PK11SlotInfo* GetTPMSlot() {
     std::string token_name;
     GetTPMTokenInfo(&token_name, NULL);
     return FindSlotWithTokenName(token_name);
@@ skipping 62 matching lines @@
     if (software_slot_)
       return PK11_ReferenceSlot(software_slot_);
     return PK11_GetInternalKeySlot();
   }
 
   PK11SlotInfo* GetPrivateNSSKeySlot() {
     if (test_slot_)
       return PK11_ReferenceSlot(test_slot_);
 
 #if defined(OS_CHROMEOS)
-    if (tpm_token_info_delegate_.get() != NULL) {
+    if (tpm_token_enabled_for_nss_) {
       if (IsTPMTokenReady()) {
         return PK11_ReferenceSlot(tpm_slot_);
       } else {
         // If we were supposed to get the hardware token, but were
         // unable to, return NULL rather than fall back to sofware.
         return NULL;
       }
     }
 #endif
     // If we weren't supposed to enable the TPM for NSS, then return
@@ skipping 12 matching lines @@
   // This method is used to force NSS to be initialized without a DB.
   // Call this method before NSSInitSingleton() is constructed.
   static void ForceNoDBInit() {
     force_nodb_init_ = true;
   }
 
  private:
   friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>;
 
   NSSInitSingleton()
-      : chaps_module_(NULL),
+      : tpm_token_enabled_for_nss_(false),
+        chaps_module_(NULL),
         software_slot_(NULL),
         test_slot_(NULL),
         tpm_slot_(NULL),
         root_(NULL),
-        chromeos_user_logged_in_(false),
-        ALLOW_THIS_IN_INITIALIZER_LIST(weak_ptr_factory_(this)) {
+        chromeos_user_logged_in_(false) {
     EnsureNSPRInit();
 
     // We *must* have NSS >= 3.12.3.  See bug 26448.
     COMPILE_ASSERT(
         (NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH >= 3) ||
         (NSS_VMAJOR == 3 && NSS_VMINOR > 12) ||
         (NSS_VMAJOR > 3),
         nss_version_check_failed);
     // Also check the run-time NSS version.
     // NSS_VersionCheck is a >= check, not strict equality.
@@ skipping 103 matching lines @@
     }
 
     SECStatus status = NSS_Shutdown();
     if (status != SECSuccess) {
       // We VLOG(1) because this failure is relatively harmless (leaking, but
       // we're shutting down anyway).
       VLOG(1) << "NSS_Shutdown failed; see http://crbug.com/4609";
     }
   }
 
-#if defined(OS_CHROMEOS)
-  // This method is used to implement InitializeTPMToken.
-  void InitializeTPMTokenInternal(InitializeTPMTokenCallback callback,
-                                  bool is_token_ready) {
-    if (is_token_ready) {
-      // This tries to load the Chaps module so NSS can talk to the hardware
-      // TPM.
-      if (!chaps_module_) {
-        chaps_module_ = LoadModule(
-            kChapsModuleName,
-            kChapsPath,
-            // For more details on these parameters, see:
-            // https://developer.mozilla.org/en/PKCS11_Module_Specs
-            // slotFlags=[PublicCerts] -- Certificates and public keys can be
-            //   read from this slot without requiring a call to C_Login.
-            // askpw=only -- Only authenticate to the token when necessary.
-            "NSS=\"slotParams=(0={slotFlags=[PublicCerts] askpw=only})\"");
-      }
-      if (chaps_module_) {
-        // If this gets set, then we'll use the TPM for certs with
-        // private keys, otherwise we'll fall back to the software
-        // implementation.
-        tpm_slot_ = GetTPMSlot();
-
-        callback.Run(tpm_slot_ != NULL);
-        return;
-      }
-    }
-    callback.Run(false);
-  }
-#endif  // defined(OS_CHROMEOS)
-
 #if defined(USE_NSS)
   // Load nss's built-in root certs.
   SECMODModule* InitDefaultRootCerts() {
     SECMODModule* root = LoadModule("Root Certs", "libnssckbi.so", NULL);
     if (root)
       return root;
 
     // Aw, snap.  Can't find/load root cert shared library.
     // This will make it hard to talk to anybody via https.
     NOTREACHED();
@@ skipping 36 matching lines @@
     else {
       LOG(ERROR) << "Error opening persistent database (" << modspec
                  << "): " << GetNSSErrorMessage();
     }
     return db_slot;
   }
 
   // If this is set to true NSS is forced to be initialized without a DB.
   static bool force_nodb_init_;
 
-#if defined(OS_CHROMEOS)
-  scoped_ptr<TPMTokenInfoDelegate> tpm_token_info_delegate_;
-#endif
-
+  bool tpm_token_enabled_for_nss_;
+  std::string tpm_token_name_;
+  std::string tpm_user_pin_;
   SECMODModule* chaps_module_;
   PK11SlotInfo* software_slot_;
   PK11SlotInfo* test_slot_;
   PK11SlotInfo* tpm_slot_;
   SECMODModule* root_;
   bool chromeos_user_logged_in_;
-  base::WeakPtrFactory<NSSInitSingleton> weak_ptr_factory_;
 #if defined(USE_NSS)
   // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011
   // is fixed, we will no longer need the lock.
   base::Lock write_lock_;
 #endif  // defined(USE_NSS)
 };
 
 // static
 bool NSSInitSingleton::force_nodb_init_ = false;
 
@@ skipping 113 matching lines @@
   SECMOD_ReleaseReadLock(lock_);
 }
 
 #endif  // defined(USE_NSS)
 
 #if defined(OS_CHROMEOS)
 void OpenPersistentNSSDB() {
   g_nss_singleton.Get().OpenPersistentNSSDB();
 }
 
-TPMTokenInfoDelegate::TPMTokenInfoDelegate() {}
-TPMTokenInfoDelegate::~TPMTokenInfoDelegate() {}
-
-void EnableTPMTokenForNSS(TPMTokenInfoDelegate* info_delegate) {
-  g_nss_singleton.Get().EnableTPMTokenForNSS(info_delegate);
+void EnableTPMTokenForNSS() {
+  g_nss_singleton.Get().EnableTPMTokenForNSS();
 }
 
 void GetTPMTokenInfo(std::string* token_name, std::string* user_pin) {
   g_nss_singleton.Get().GetTPMTokenInfo(token_name, user_pin);
 }
 
 bool IsTPMTokenReady() {
   return g_nss_singleton.Get().IsTPMTokenReady();
 }
 
-void InitializeTPMToken(InitializeTPMTokenCallback callback) {
-  g_nss_singleton.Get().InitializeTPMToken(callback);
+bool InitializeTPMToken(const std::string& token_name,
+                        const std::string& user_pin) {
+  return g_nss_singleton.Get().InitializeTPMToken(token_name, user_pin);
 }
 
 SymmetricKey* GetSupplementalUserKey() {
   return g_nss_singleton.Get().GetSupplementalUserKey();
 }
 #endif  // defined(OS_CHROMEOS)
 
 base::Time PRTimeToBaseTime(PRTime prtime) {
   return base::Time::FromInternalValue(
       prtime + base::Time::UnixEpoch().ToInternalValue());
 }
 
 PRTime BaseTimeToPRTime(base::Time time) {
   return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue();
 }
 
 PK11SlotInfo* GetPublicNSSKeySlot() {
   return g_nss_singleton.Get().GetPublicNSSKeySlot();
 }
 
 PK11SlotInfo* GetPrivateNSSKeySlot() {
   return g_nss_singleton.Get().GetPrivateNSSKeySlot();
 }
 
 }  // namespace crypto