| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/cert_loader.h" | 5 #include "chromeos/cert_loader.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/chromeos/chromeos_version.h" | 9 #include "base/chromeos/chromeos_version.h" |
| 10 #include "base/message_loop/message_loop_proxy.h" | 10 #include "base/message_loop/message_loop_proxy.h" |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 45 | 45 |
| 46 void LoadNSSCertificates(net::CertificateList* cert_list) { | 46 void LoadNSSCertificates(net::CertificateList* cert_list) { |
| 47 net::NSSCertDatabase::GetInstance()->ListCerts(cert_list); | 47 net::NSSCertDatabase::GetInstance()->ListCerts(cert_list); |
| 48 } | 48 } |
| 49 | 49 |
| 50 void CallOpenPersistentNSSDB() { | 50 void CallOpenPersistentNSSDB() { |
| 51 // Called from crypto_task_runner_. | 51 // Called from crypto_task_runner_. |
| 52 VLOG(1) << "CallOpenPersistentNSSDB"; | 52 VLOG(1) << "CallOpenPersistentNSSDB"; |
| 53 | 53 |
| 54 // Ensure we've opened the user's key/certificate database. | 54 // Ensure we've opened the user's key/certificate database. |
| 55 crypto::OpenPersistentNSSDB(); | 55 if (base::chromeos::IsRunningOnChromeOS()) |
| 56 crypto::OpenPersistentNSSDB(); |
| 56 crypto::EnableTPMTokenForNSS(); | 57 crypto::EnableTPMTokenForNSS(); |
| 57 } | 58 } |
| 58 | 59 |
| 59 } // namespace | 60 } // namespace |
| 60 | 61 |
| 61 static CertLoader* g_cert_loader = NULL; | 62 static CertLoader* g_cert_loader = NULL; |
| 62 | 63 |
| 63 // static | 64 // static |
| 64 void CertLoader::Initialize() { | 65 void CertLoader::Initialize() { |
| 65 CHECK(!g_cert_loader); | 66 CHECK(!g_cert_loader); |
| 66 g_cert_loader = new CertLoader(); | 67 g_cert_loader = new CertLoader(); |
| 67 g_cert_loader->Init(); | |
| 68 } | 68 } |
| 69 | 69 |
| 70 // static | 70 // static |
| 71 void CertLoader::Shutdown() { | 71 void CertLoader::Shutdown() { |
| 72 CHECK(g_cert_loader); | 72 CHECK(g_cert_loader); |
| 73 delete g_cert_loader; | 73 delete g_cert_loader; |
| 74 g_cert_loader = NULL; | 74 g_cert_loader = NULL; |
| 75 } | 75 } |
| 76 | 76 |
| 77 // static | 77 // static |
| 78 CertLoader* CertLoader::Get() { | 78 CertLoader* CertLoader::Get() { |
| 79 CHECK(g_cert_loader) << "CertLoader::Get() called before Initialize()"; | 79 CHECK(g_cert_loader) << "CertLoader::Get() called before Initialize()"; |
| 80 return g_cert_loader; | 80 return g_cert_loader; |
| 81 } | 81 } |
| 82 | 82 |
| 83 // static | 83 // static |
| 84 bool CertLoader::IsInitialized() { | 84 bool CertLoader::IsInitialized() { |
| 85 return g_cert_loader; | 85 return g_cert_loader; |
| 86 } | 86 } |
| 87 | 87 |
| 88 CertLoader::CertLoader() | 88 CertLoader::CertLoader() |
| 89 : certificates_requested_(false), | 89 : initialize_tpm_for_test_(false), |
| 90 certificates_requested_(false), |
| 90 certificates_loaded_(false), | 91 certificates_loaded_(false), |
| 91 certificates_update_required_(false), | 92 certificates_update_required_(false), |
| 92 certificates_update_running_(false), | 93 certificates_update_running_(false), |
| 93 tpm_token_state_(TPM_STATE_UNKNOWN), | 94 tpm_token_state_(TPM_STATE_UNKNOWN), |
| 94 tpm_request_delay_( | 95 tpm_request_delay_( |
| 95 base::TimeDelta::FromMilliseconds(kInitialRequestDelayMs)), | 96 base::TimeDelta::FromMilliseconds(kInitialRequestDelayMs)), |
| 96 initialize_token_factory_(this), | 97 initialize_token_factory_(this), |
| 97 update_certificates_factory_(this) { | 98 update_certificates_factory_(this) { |
| 99 if (LoginState::IsInitialized()) |
| 100 LoginState::Get()->AddObserver(this); |
| 98 } | 101 } |
| 99 | 102 |
| 100 void CertLoader::Init() { | 103 void CertLoader::InitializeTPMForTest() { |
| 101 net::CertDatabase::GetInstance()->AddObserver(this); | 104 initialize_tpm_for_test_ = true; |
| 102 if (LoginState::IsInitialized()) | |
| 103 LoginState::Get()->AddObserver(this); | |
| 104 } | 105 } |
| 105 | 106 |
| 106 void CertLoader::SetCryptoTaskRunner( | 107 void CertLoader::SetCryptoTaskRunner( |
| 107 const scoped_refptr<base::SequencedTaskRunner>& crypto_task_runner) { | 108 const scoped_refptr<base::SequencedTaskRunner>& crypto_task_runner) { |
| 108 crypto_task_runner_ = crypto_task_runner; | 109 crypto_task_runner_ = crypto_task_runner; |
| 109 MaybeRequestCertificates(); | 110 MaybeRequestCertificates(); |
| 110 } | 111 } |
| 111 | 112 |
| 112 void CertLoader::SetSlowTaskRunnerForTest( | 113 void CertLoader::SetSlowTaskRunnerForTest( |
| 113 const scoped_refptr<base::TaskRunner>& task_runner) { | 114 const scoped_refptr<base::TaskRunner>& task_runner) { |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 147 const bool logged_in = LoginState::IsInitialized() ? | 148 const bool logged_in = LoginState::IsInitialized() ? |
| 148 LoginState::Get()->IsUserLoggedIn() : false; | 149 LoginState::Get()->IsUserLoggedIn() : false; |
| 149 VLOG(1) << "RequestCertificates: " << logged_in; | 150 VLOG(1) << "RequestCertificates: " << logged_in; |
| 150 if (!logged_in) | 151 if (!logged_in) |
| 151 return; | 152 return; |
| 152 | 153 |
| 153 certificates_requested_ = true; | 154 certificates_requested_ = true; |
| 154 | 155 |
| 155 // Ensure we only initialize the TPM token once. | 156 // Ensure we only initialize the TPM token once. |
| 156 DCHECK_EQ(tpm_token_state_, TPM_STATE_UNKNOWN); | 157 DCHECK_EQ(tpm_token_state_, TPM_STATE_UNKNOWN); |
| 157 if (!base::chromeos::IsRunningOnChromeOS()) | 158 if (!initialize_tpm_for_test_ && !base::chromeos::IsRunningOnChromeOS()) |
| 159 tpm_token_state_ = TPM_DISABLED; |
| 160 |
| 161 // Treat TPM as disabled for guest users since they do not store certs. |
| 162 if (LoginState::IsInitialized() && LoginState::Get()->IsGuestUser()) |
| 158 tpm_token_state_ = TPM_DISABLED; | 163 tpm_token_state_ = TPM_DISABLED; |
| 159 | 164 |
| 160 InitializeTokenAndLoadCertificates(); | 165 InitializeTokenAndLoadCertificates(); |
| 161 } | 166 } |
| 162 | 167 |
| 163 void CertLoader::InitializeTokenAndLoadCertificates() { | 168 void CertLoader::InitializeTokenAndLoadCertificates() { |
| 164 CHECK(thread_checker_.CalledOnValidThread()); | 169 CHECK(thread_checker_.CalledOnValidThread()); |
| 165 VLOG(1) << "InitializeTokenAndLoadCertificates: " << tpm_token_state_; | 170 VLOG(1) << "InitializeTokenAndLoadCertificates: " << tpm_token_state_; |
| 166 | 171 |
| 167 // Treat TPM as disabled for guest users since they do not store certs. | |
| 168 if (LoginState::IsInitialized() && LoginState::Get()->IsGuestUser()) | |
| 169 tpm_token_state_ = TPM_DISABLED; | |
| 170 | |
| 171 switch (tpm_token_state_) { | 172 switch (tpm_token_state_) { |
| 172 case TPM_STATE_UNKNOWN: { | 173 case TPM_STATE_UNKNOWN: { |
| 173 crypto_task_runner_->PostTaskAndReply( | 174 crypto_task_runner_->PostTaskAndReply( |
| 174 FROM_HERE, | 175 FROM_HERE, |
| 175 base::Bind(&CallOpenPersistentNSSDB), | 176 base::Bind(&CallOpenPersistentNSSDB), |
| 176 base::Bind(&CertLoader::OnPersistentNSSDBOpened, | 177 base::Bind(&CertLoader::OnPersistentNSSDBOpened, |
| 177 initialize_token_factory_.GetWeakPtr())); | 178 initialize_token_factory_.GetWeakPtr())); |
| 178 return; | 179 return; |
| 179 } | 180 } |
| 180 case TPM_DB_OPENED: { | 181 case TPM_DB_OPENED: { |
| (...skipping 23 matching lines...) Expand all Loading... |
| 204 } | 205 } |
| 205 case TPM_TOKEN_INFO_RECEIVED: { | 206 case TPM_TOKEN_INFO_RECEIVED: { |
| 206 base::PostTaskAndReplyWithResult( | 207 base::PostTaskAndReplyWithResult( |
| 207 crypto_task_runner_.get(), | 208 crypto_task_runner_.get(), |
| 208 FROM_HERE, | 209 FROM_HERE, |
| 209 base::Bind( | 210 base::Bind( |
| 210 &crypto::InitializeTPMToken, tpm_token_name_, tpm_user_pin_), | 211 &crypto::InitializeTPMToken, tpm_token_name_, tpm_user_pin_), |
| 211 base::Bind(&CertLoader::OnTPMTokenInitialized, | 212 base::Bind(&CertLoader::OnTPMTokenInitialized, |
| 212 initialize_token_factory_.GetWeakPtr())); | 213 initialize_token_factory_.GetWeakPtr())); |
| 213 return; | 214 return; |
| 214 tpm_token_state_ = TPM_TOKEN_INITIALIZED; | |
| 215 // FALL_THROUGH_INTENDED | |
| 216 } | 215 } |
| 217 case TPM_TOKEN_INITIALIZED: { | 216 case TPM_TOKEN_INITIALIZED: { |
| 218 StartLoadCertificates(); | 217 StartLoadCertificates(); |
| 219 return; | 218 return; |
| 220 } | 219 } |
| 221 } | 220 } |
| 222 } | 221 } |
| 223 | 222 |
| 224 void CertLoader::RetryTokenInitializationLater() { | 223 void CertLoader::RetryTokenInitializationLater() { |
| 225 CHECK(thread_checker_.CalledOnValidThread()); | 224 CHECK(thread_checker_.CalledOnValidThread()); |
| 226 LOG(WARNING) << "Re-Requesting Certificates later."; | 225 LOG(WARNING) << "Retry token initialization later."; |
| 227 base::MessageLoop::current()->PostDelayedTask( | 226 base::MessageLoop::current()->PostDelayedTask( |
| 228 FROM_HERE, | 227 FROM_HERE, |
| 229 base::Bind(&CertLoader::InitializeTokenAndLoadCertificates, | 228 base::Bind(&CertLoader::InitializeTokenAndLoadCertificates, |
| 230 initialize_token_factory_.GetWeakPtr()), | 229 initialize_token_factory_.GetWeakPtr()), |
| 231 tpm_request_delay_); | 230 tpm_request_delay_); |
| 232 tpm_request_delay_ = GetNextRequestDelayMs(tpm_request_delay_); | 231 tpm_request_delay_ = GetNextRequestDelayMs(tpm_request_delay_); |
| 233 } | 232 } |
| 234 | 233 |
| 235 void CertLoader::OnPersistentNSSDBOpened() { | 234 void CertLoader::OnPersistentNSSDBOpened() { |
| 236 VLOG(1) << "PersistentNSSDBOpened"; | 235 VLOG(1) << "PersistentNSSDBOpened"; |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 317 VLOG(1) << "OnTPMTokenInitialized: " << success; | 316 VLOG(1) << "OnTPMTokenInitialized: " << success; |
| 318 if (!success) { | 317 if (!success) { |
| 319 RetryTokenInitializationLater(); | 318 RetryTokenInitializationLater(); |
| 320 return; | 319 return; |
| 321 } | 320 } |
| 322 tpm_token_state_ = TPM_TOKEN_INITIALIZED; | 321 tpm_token_state_ = TPM_TOKEN_INITIALIZED; |
| 323 InitializeTokenAndLoadCertificates(); | 322 InitializeTokenAndLoadCertificates(); |
| 324 } | 323 } |
| 325 | 324 |
| 326 void CertLoader::StartLoadCertificates() { | 325 void CertLoader::StartLoadCertificates() { |
| 326 DCHECK(!certificates_loaded_ && !certificates_update_running_); |
| 327 net::CertDatabase::GetInstance()->AddObserver(this); |
| 328 LoadCertificates(); |
| 329 } |
| 330 |
| 331 void CertLoader::LoadCertificates() { |
| 327 CHECK(thread_checker_.CalledOnValidThread()); | 332 CHECK(thread_checker_.CalledOnValidThread()); |
| 328 VLOG(1) << "StartLoadCertificates: " << certificates_update_running_; | 333 VLOG(1) << "LoadCertificates: " << certificates_update_running_; |
| 329 | 334 |
| 330 if (certificates_update_running_) { | 335 if (certificates_update_running_) { |
| 331 certificates_update_required_ = true; | 336 certificates_update_required_ = true; |
| 332 return; | 337 return; |
| 333 } | 338 } |
| 334 | 339 |
| 335 net::CertificateList* cert_list = new net::CertificateList; | 340 net::CertificateList* cert_list = new net::CertificateList; |
| 336 certificates_update_running_ = true; | 341 certificates_update_running_ = true; |
| 337 certificates_update_required_ = false; | 342 certificates_update_required_ = false; |
| 338 | 343 |
| (...skipping 15 matching lines...) Expand all Loading... |
| 354 | 359 |
| 355 // Ignore any existing certificates. | 360 // Ignore any existing certificates. |
| 356 cert_list_.swap(*cert_list); | 361 cert_list_.swap(*cert_list); |
| 357 | 362 |
| 358 bool initial_load = !certificates_loaded_; | 363 bool initial_load = !certificates_loaded_; |
| 359 certificates_loaded_ = true; | 364 certificates_loaded_ = true; |
| 360 NotifyCertificatesLoaded(initial_load); | 365 NotifyCertificatesLoaded(initial_load); |
| 361 | 366 |
| 362 certificates_update_running_ = false; | 367 certificates_update_running_ = false; |
| 363 if (certificates_update_required_) | 368 if (certificates_update_required_) |
| 364 StartLoadCertificates(); | 369 LoadCertificates(); |
| 365 } | 370 } |
| 366 | 371 |
| 367 void CertLoader::NotifyCertificatesLoaded(bool initial_load) { | 372 void CertLoader::NotifyCertificatesLoaded(bool initial_load) { |
| 368 FOR_EACH_OBSERVER(Observer, observers_, | 373 FOR_EACH_OBSERVER(Observer, observers_, |
| 369 OnCertificatesLoaded(cert_list_, initial_load)); | 374 OnCertificatesLoaded(cert_list_, initial_load)); |
| 370 } | 375 } |
| 371 | 376 |
| 372 void CertLoader::OnCertTrustChanged(const net::X509Certificate* cert) { | 377 void CertLoader::OnCertTrustChanged(const net::X509Certificate* cert) { |
| 373 } | 378 } |
| 374 | 379 |
| 375 void CertLoader::OnCertAdded(const net::X509Certificate* cert) { | 380 void CertLoader::OnCertAdded(const net::X509Certificate* cert) { |
| 376 VLOG(1) << "OnCertAdded"; | 381 VLOG(1) << "OnCertAdded"; |
| 377 StartLoadCertificates(); | 382 LoadCertificates(); |
| 378 } | 383 } |
| 379 | 384 |
| 380 void CertLoader::OnCertRemoved(const net::X509Certificate* cert) { | 385 void CertLoader::OnCertRemoved(const net::X509Certificate* cert) { |
| 381 VLOG(1) << "OnCertRemoved"; | 386 VLOG(1) << "OnCertRemoved"; |
| 382 StartLoadCertificates(); | 387 LoadCertificates(); |
| 383 } | 388 } |
| 384 | 389 |
| 385 void CertLoader::LoggedInStateChanged(LoginState::LoggedInState state) { | 390 void CertLoader::LoggedInStateChanged(LoginState::LoggedInState state) { |
| 386 VLOG(1) << "LoggedInStateChanged: " << state; | 391 VLOG(1) << "LoggedInStateChanged: " << state; |
| 387 MaybeRequestCertificates(); | 392 MaybeRequestCertificates(); |
| 388 } | 393 } |
| 389 | 394 |
| 390 } // namespace chromeos | 395 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 22327005:
Automatically resolve ClientCertificatePatterns. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src