| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROMEOS_NETWORK_CERT_LOADER_H_ | 5 #ifndef CHROMEOS_CERT_LOADER_H_ |
| 6 #define CHROMEOS_NETWORK_CERT_LOADER_H_ | 6 #define CHROMEOS_CERT_LOADER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/memory/ref_counted.h" | 10 #include "base/memory/ref_counted.h" |
| 11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "base/memory/weak_ptr.h" | 12 #include "base/memory/weak_ptr.h" |
| 13 #include "base/observer_list_threadsafe.h" | 13 #include "base/observer_list_threadsafe.h" |
| 14 #include "base/threading/thread_checker.h" | 14 #include "base/threading/thread_checker.h" |
| 15 #include "chromeos/chromeos_export.h" | 15 #include "chromeos/chromeos_export.h" |
| 16 #include "chromeos/dbus/dbus_method_call_status.h" | 16 #include "chromeos/dbus/dbus_method_call_status.h" |
| 17 #include "chromeos/login/login_state.h" | 17 #include "chromeos/login/login_state.h" |
| 18 #include "chromeos/network/network_handler.h" | |
| 19 #include "net/cert/cert_database.h" | 18 #include "net/cert/cert_database.h" |
| 20 #include "net/cert/x509_certificate.h" | 19 #include "net/cert/x509_certificate.h" |
| 21 | 20 |
| 21 namespace base { |
| 22 class SequencedTaskRunner; |
| 23 } |
| 24 |
| 22 namespace crypto { | 25 namespace crypto { |
| 23 class SymmetricKey; | 26 class SymmetricKey; |
| 24 } | 27 } |
| 25 | 28 |
| 26 namespace chromeos { | 29 namespace chromeos { |
| 27 | 30 |
| 28 // This class is responsible for initializing the TPM token and loading | 31 // This class is responsible for initializing the TPM token and loading |
| 29 // certificates once the TPM is initialized. It is expected to be constructed | 32 // certificates once the TPM is initialized. It is expected to be constructed |
| 30 // on the UI thread and public methods should all be called from the UI thread. | 33 // on the UI thread and public methods should all be called from the UI thread. |
| 31 // When certificates have been loaded (after login completes), or the cert | 34 // When certificates have been loaded (after login completes), or the cert |
| (...skipping 11 matching lines...) Expand all Loading... |
| 43 virtual void OnCertificatesLoaded(const net::CertificateList& cert_list, | 46 virtual void OnCertificatesLoaded(const net::CertificateList& cert_list, |
| 44 bool initial_load) = 0; | 47 bool initial_load) = 0; |
| 45 | 48 |
| 46 protected: | 49 protected: |
| 47 Observer() {} | 50 Observer() {} |
| 48 | 51 |
| 49 private: | 52 private: |
| 50 DISALLOW_COPY_AND_ASSIGN(Observer); | 53 DISALLOW_COPY_AND_ASSIGN(Observer); |
| 51 }; | 54 }; |
| 52 | 55 |
| 53 virtual ~CertLoader(); | 56 // Sets the global instance. Must be called before any calls to Get(). |
| 57 static void Initialize(); |
| 58 |
| 59 // Destroys the global instance. |
| 60 static void Shutdown(); |
| 61 |
| 62 // Gets the global instance. Initialize() must be called first. |
| 63 static CertLoader* Get(); |
| 64 |
| 65 // Returns true if the global instance has been initialized. |
| 66 static bool IsInitialized(); |
| 67 |
| 68 // |crypto_task_runner| is the task runner that any synchronous crypto calls |
| 69 // should be made from. e.g. in Chrome this is the IO thread. Must be called |
| 70 // after the thread is started. Certificate loading will not happen unless |
| 71 // this is set. |
| 72 void SetCryptoTaskRunner( |
| 73 const scoped_refptr<base::SequencedTaskRunner>& crypto_task_runner); |
| 54 | 74 |
| 55 void AddObserver(CertLoader::Observer* observer); | 75 void AddObserver(CertLoader::Observer* observer); |
| 56 void RemoveObserver(CertLoader::Observer* observer); | 76 void RemoveObserver(CertLoader::Observer* observer); |
| 57 | 77 |
| 58 // Returns true when the certificate list has been requested but not loaded. | 78 // Returns true when the certificate list has been requested but not loaded. |
| 59 bool CertificatesLoading() const; | 79 bool CertificatesLoading() const; |
| 60 | 80 |
| 61 // Returns true if the TPM is available for hardware-backed certificates. | 81 // Returns true if the TPM is available for hardware-backed certificates. |
| 62 bool IsHardwareBacked() const; | 82 bool IsHardwareBacked() const; |
| 63 | 83 |
| 64 std::string GetPkcs11IdForCert(const net::X509Certificate& cert) const; | 84 std::string GetPkcs11IdForCert(const net::X509Certificate& cert) const; |
| 65 | 85 |
| 66 bool certificates_loaded() const { return certificates_loaded_; } | 86 bool certificates_loaded() const { return certificates_loaded_; } |
| 67 | 87 |
| 68 // TPM info is only valid once the TPM is available (IsHardwareBacked is | 88 // TPM info is only valid once the TPM is available (IsHardwareBacked is |
| 69 // true). Otherwise empty strings will be returned. | 89 // true). Otherwise empty strings will be returned. |
| 70 const std::string& tpm_token_name() const { return tpm_token_name_; } | 90 const std::string& tpm_token_name() const { return tpm_token_name_; } |
| 71 const std::string& tpm_token_slot() const { return tpm_token_slot_; } | 91 const std::string& tpm_token_slot() const { return tpm_token_slot_; } |
| 72 const std::string& tpm_user_pin() const { return tpm_user_pin_; } | 92 const std::string& tpm_user_pin() const { return tpm_user_pin_; } |
| 73 | 93 |
| 74 // This will be empty until certificates_loaded() is true. | 94 // This will be empty until certificates_loaded() is true. |
| 75 const net::CertificateList& cert_list() const { return cert_list_; } | 95 const net::CertificateList& cert_list() const { return cert_list_; } |
| 76 | 96 |
| 77 private: | 97 private: |
| 78 friend class NetworkHandler; | |
| 79 CertLoader(); | 98 CertLoader(); |
| 99 virtual ~CertLoader(); |
| 80 | 100 |
| 81 void RequestCertificates(); | 101 void Init(); |
| 102 void MaybeRequestCertificates(); |
| 82 | 103 |
| 83 // This is the cyclic chain of callbacks to initialize the TPM token and to | 104 // This is the cyclic chain of callbacks to initialize the TPM token and to |
| 84 // kick off the update of the certificate list. | 105 // kick off the update of the certificate list. |
| 85 void InitializeTokenAndLoadCertificates(); | 106 void InitializeTokenAndLoadCertificates(); |
| 86 void RetryTokenInitializationLater(); | 107 void RetryTokenInitializationLater(); |
| 108 void OnPersistentNSSDBOpened(); |
| 87 void OnTpmIsEnabled(DBusMethodCallStatus call_status, | 109 void OnTpmIsEnabled(DBusMethodCallStatus call_status, |
| 88 bool tpm_is_enabled); | 110 bool tpm_is_enabled); |
| 89 void OnPkcs11IsTpmTokenReady(DBusMethodCallStatus call_status, | 111 void OnPkcs11IsTpmTokenReady(DBusMethodCallStatus call_status, |
| 90 bool is_tpm_token_ready); | 112 bool is_tpm_token_ready); |
| 91 void OnPkcs11GetTpmTokenInfo(DBusMethodCallStatus call_status, | 113 void OnPkcs11GetTpmTokenInfo(DBusMethodCallStatus call_status, |
| 92 const std::string& token_name, | 114 const std::string& token_name, |
| 93 const std::string& user_pin); | 115 const std::string& user_pin); |
| 94 void InitializeNSSForTPMToken(); | 116 void OnTPMTokenInitialized(bool success); |
| 95 | 117 |
| 96 // These calls handle the updating of the certificate list after the TPM token | 118 // These calls handle the updating of the certificate list after the TPM token |
| 97 // was initialized. | 119 // was initialized. |
| 98 void StartLoadCertificates(); | 120 void StartLoadCertificates(); |
| 99 void UpdateCertificates(net::CertificateList* cert_list); | 121 void UpdateCertificates(net::CertificateList* cert_list); |
| 100 | 122 |
| 101 void NotifyCertificatesLoaded(bool initial_load); | 123 void NotifyCertificatesLoaded(bool initial_load); |
| 102 | 124 |
| 103 // net::CertDatabase::Observer | 125 // net::CertDatabase::Observer |
| 104 virtual void OnCertTrustChanged(const net::X509Certificate* cert) OVERRIDE; | 126 virtual void OnCertTrustChanged(const net::X509Certificate* cert) OVERRIDE; |
| 105 virtual void OnCertAdded(const net::X509Certificate* cert) OVERRIDE; | 127 virtual void OnCertAdded(const net::X509Certificate* cert) OVERRIDE; |
| 106 virtual void OnCertRemoved(const net::X509Certificate* cert) OVERRIDE; | 128 virtual void OnCertRemoved(const net::X509Certificate* cert) OVERRIDE; |
| 107 | 129 |
| 108 // LoginState::Observer | 130 // LoginState::Observer |
| 109 virtual void LoggedInStateChanged(LoginState::LoggedInState state) OVERRIDE; | 131 virtual void LoggedInStateChanged(LoginState::LoggedInState state) OVERRIDE; |
| 110 | 132 |
| 111 ObserverList<Observer> observers_; | 133 ObserverList<Observer> observers_; |
| 112 | 134 |
| 113 bool certificates_requested_; | 135 bool certificates_requested_; |
| 114 bool certificates_loaded_; | 136 bool certificates_loaded_; |
| 115 bool certificates_update_required_; | 137 bool certificates_update_required_; |
| 116 bool certificates_update_running_; | 138 bool certificates_update_running_; |
| 117 | 139 |
| 118 // The states are traversed in this order but some might get omitted or never | 140 // The states are traversed in this order but some might get omitted or never |
| 119 // be left. | 141 // be left. |
| 120 enum TPMTokenState { | 142 enum TPMTokenState { |
| 121 TPM_STATE_UNKNOWN, | 143 TPM_STATE_UNKNOWN, |
| 144 TPM_DB_OPENED, |
| 122 TPM_DISABLED, | 145 TPM_DISABLED, |
| 123 TPM_ENABLED, | 146 TPM_ENABLED, |
| 124 TPM_TOKEN_READY, | 147 TPM_TOKEN_READY, |
| 125 TPM_TOKEN_INFO_RECEIVED, | 148 TPM_TOKEN_INFO_RECEIVED, |
| 126 TPM_TOKEN_NSS_INITIALIZED, | 149 TPM_TOKEN_INITIALIZED, |
| 127 }; | 150 }; |
| 128 TPMTokenState tpm_token_state_; | 151 TPMTokenState tpm_token_state_; |
| 129 | 152 |
| 130 // The current request delay before the next attempt to initialize the | 153 // The current request delay before the next attempt to initialize the |
| 131 // TPM. Will be adapted after each attempt. | 154 // TPM. Will be adapted after each attempt. |
| 132 base::TimeDelta tpm_request_delay_; | 155 base::TimeDelta tpm_request_delay_; |
| 133 | 156 |
| 134 // Cached TPM token info. | 157 // Cached TPM token info. |
| 135 std::string tpm_token_name_; | 158 std::string tpm_token_name_; |
| 136 std::string tpm_token_slot_; | 159 std::string tpm_token_slot_; |
| 137 std::string tpm_user_pin_; | 160 std::string tpm_user_pin_; |
| 138 | 161 |
| 139 // Cached Certificates. | 162 // Cached Certificates. |
| 140 net::CertificateList cert_list_; | 163 net::CertificateList cert_list_; |
| 141 | 164 |
| 142 base::ThreadChecker thread_checker_; | 165 base::ThreadChecker thread_checker_; |
| 143 | 166 |
| 167 // TaskRunner for crypto calls. |
| 168 scoped_refptr<base::SequencedTaskRunner> crypto_task_runner_; |
| 169 |
| 144 // This factory should be used only for callbacks during TPMToken | 170 // This factory should be used only for callbacks during TPMToken |
| 145 // initialization. | 171 // initialization. |
| 146 base::WeakPtrFactory<CertLoader> initialize_token_factory_; | 172 base::WeakPtrFactory<CertLoader> initialize_token_factory_; |
| 147 | 173 |
| 148 // This factory should be used only for callbacks during updating the | 174 // This factory should be used only for callbacks during updating the |
| 149 // certificate list. | 175 // certificate list. |
| 150 base::WeakPtrFactory<CertLoader> update_certificates_factory_; | 176 base::WeakPtrFactory<CertLoader> update_certificates_factory_; |
| 151 | 177 |
| 152 DISALLOW_COPY_AND_ASSIGN(CertLoader); | 178 DISALLOW_COPY_AND_ASSIGN(CertLoader); |
| 153 }; | 179 }; |
| 154 | 180 |
| 155 } // namespace chromeos | 181 } // namespace chromeos |
| 156 | 182 |
| 157 #endif // CHROMEOS_NETWORK_CERT_LOADER_H_ | 183 #endif // CHROMEOS_CERT_LOADER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 20130002:
Call crypto::InitializeTPMToken on the IO thread (Take 2) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src