Do Keychain reauthorization at update time

chrome/browser/chrome_browser_main_mac.mm

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chrome_browser_main_mac.h"
 
 #import <Cocoa/Cocoa.h>
 
 #include "base/command_line.h"
 #include "base/debug/debugger.h"
@@ skipping 10 matching lines @@
 #import "chrome/browser/mac/keystone_glue.h"
 #include "chrome/browser/metrics/metrics_service.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
 #include "content/public/common/main_function_params.h"
 #include "content/public/common/result_codes.h"
 #include "ui/base/l10n/l10n_util_mac.h"
 #include "ui/base/resource/resource_bundle.h"
 #include "ui/base/resource/resource_handle.h"
 
+namespace {
+
+// This preference is used to track whether the KeychainReauthorize operation
+// has occurred at launch. This operation only makes sense while the
+// application continues to be signed by the old certificate.
+NSString* const kKeychainReauthorizeAtLaunchPref =
+    @"KeychainReauthorizeInAppMay2012";
+const int kKeychainReauthorizeAtLaunchMaxTries = 2;
+
+// Some users rarely restart Chrome, so they might never get a chance to run
+// the at-launch KeychainReauthorize. To account for them, there's also an
+// at-update KeychainReauthorize option, which runs from .keystone_install for
+// users on a user Keystone ticket. This operation may make sense for a period
+// of time after the application switches to being signed by the new
+// certificate, as long as the at-update stub executable is still signed by
+// the old one.
+NSString* const kKeychainReauthorizeAtUpdatePref =
+    @"KeychainReauthorizeAtUpdateMay2012";
+const int kKeychainReauthorizeAtUpdateMaxTries = 3;
+
+}  // namespace
+
 void RecordBreakpadStatusUMA(MetricsService* metrics) {
   metrics->RecordBreakpadRegistration(IsCrashReporterEnabled());
   metrics->RecordBreakpadHasDebugger(base::debug::BeingDebugged());
 }
 
 void RecordBrowserStartupTime() {
   // Not implemented on Mac for now.
 }
 
 void WarnAboutMinimumSystemRequirements() {
   // Nothing to check for on Mac right now.
 }
 
 // From browser_main_win.h, stubs until we figure out the right thing...
 
 int DoUninstallTasks(bool chrome_still_running) {
   return content::RESULT_CODE_NORMAL_EXIT;
 }
 
 // ChromeBrowserMainPartsMac ---------------------------------------------------
 
 ChromeBrowserMainPartsMac::ChromeBrowserMainPartsMac(
     const content::MainFunctionParams& parameters)
     : ChromeBrowserMainPartsPosix(parameters) {
 }
 
 void ChromeBrowserMainPartsMac::PreEarlyInitialization() {
+  if (parsed_command_line().HasSwitch(switches::kKeychainReauthorize)) {
+    if (base::mac::AmIBundled()) {
+      LOG(FATAL) << "Inappropriate process type for Keychain reauthorization";
+    }
+
+    // Do Keychain reauthorization at the time of update installation. This
+    // gets three chances to run. If the first or second try doesn't complete
+    // successfully (crashes or is interrupted for any reason), there will be
+    // another chance. Once this step completes successfully, it should never
+    // have to run again.
+    //
+    // This is kicked off by a special stub executable during an automatic
+    // update. See chrome/installer/mac/keychain_reauthorize_main.cc. This is
+    // done during update installation in additon to browser app launch to
+    // help reauthorize Keychain items for users who never restart Chrome.
+    chrome::browser::mac::KeychainReauthorizeIfNeeded(
+        kKeychainReauthorizeAtUpdatePref, kKeychainReauthorizeAtUpdateMaxTries);
+
+    exit(0);
+  }
+
   ChromeBrowserMainPartsPosix::PreEarlyInitialization();
 
   if (base::mac::WasLaunchedAsHiddenLoginItem()) {
     CommandLine* singleton_command_line = CommandLine::ForCurrentProcess();
     singleton_command_line->AppendSwitch(switches::kNoStartupWindow);
   }
 }
 
 void ChromeBrowserMainPartsMac::PreMainMessageLoopStart() {
   ChromeBrowserMainPartsPosix::PreMainMessageLoopStart();
@@ skipping 62 matching lines @@
   // change this, you'll probably need to change the Valgrind suppression.
   [nib instantiateNibWithOwner:NSApp topLevelObjects:nil];
   // Make sure the app controller has been created.
   DCHECK([NSApp delegate]);
 
   // Prevent Cocoa from turning command-line arguments into
   // |-application:openFiles:|, since we already handle them directly.
   [[NSUserDefaults standardUserDefaults]
       setObject:@"NO" forKey:@"NSTreatUnknownArgumentsAsOpen"];
 
-  // Do Keychain reauthorization. This gets two chances to run. If the first
-  // try doesn't complete successfully (crashes or is interrupted for any
-  // reason), there will be a second chance. Once this step completes
-  // successfully, it should never have to run again.
-  NSString* const keychain_reauthorize_pref =
-      @"KeychainReauthorizeInAppMay2012";
-  const int kKeychainReauthorizeMaxTries = 2;
-
+  // Do Keychain reauthorization at browser app launch. This gets two chances
+  // to run. If the first try doesn't complete successfully (crashes or is
+  // interrupted for any reason), there will be a second chance. Once this
+  // step completes successfully, it should never have to run again.
   chrome::browser::mac::KeychainReauthorizeIfNeeded(
-      keychain_reauthorize_pref, kKeychainReauthorizeMaxTries);
+      kKeychainReauthorizeAtLaunchPref, kKeychainReauthorizeAtLaunchMaxTries);
 }
 
 void ChromeBrowserMainPartsMac::DidEndMainMessageLoop() {
   AppController* appController = [NSApp delegate];
   [appController didEndMainMessageLoop];
 }