OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROMEOS_CERT_LOADER_H_ | 5 #ifndef CHROMEOS_CERT_LOADER_H_ |
6 #define CHROMEOS_CERT_LOADER_H_ | 6 #define CHROMEOS_CERT_LOADER_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
62 static void Shutdown(); | 62 static void Shutdown(); |
63 | 63 |
64 // Gets the global instance. Initialize() must be called first. | 64 // Gets the global instance. Initialize() must be called first. |
65 static CertLoader* Get(); | 65 static CertLoader* Get(); |
66 | 66 |
67 // Returns true if the global instance has been initialized. | 67 // Returns true if the global instance has been initialized. |
68 static bool IsInitialized(); | 68 static bool IsInitialized(); |
69 | 69 |
70 static std::string GetPkcs11IdForCert(const net::X509Certificate& cert); | 70 static std::string GetPkcs11IdForCert(const net::X509Certificate& cert); |
71 | 71 |
| 72 // By default, CertLoader tries to load the TPMToken only if running in a |
| 73 // ChromeOS environment. Tests can call this function after Initialize() and |
| 74 // before SetCryptoTaskRunner() to enable the TPM initialization. |
| 75 void InitializeTPMForTest(); |
| 76 |
72 // |crypto_task_runner| is the task runner that any synchronous crypto calls | 77 // |crypto_task_runner| is the task runner that any synchronous crypto calls |
73 // should be made from, e.g. in Chrome this is the IO thread. Must be called | 78 // should be made from, e.g. in Chrome this is the IO thread. Must be called |
74 // after the thread is started. Certificate loading will not happen unless | 79 // after the thread is started. Starts TPM initialization and Certificate |
75 // this is set. | 80 // loading. |
76 void SetCryptoTaskRunner( | 81 void SetCryptoTaskRunner( |
77 const scoped_refptr<base::SequencedTaskRunner>& crypto_task_runner); | 82 const scoped_refptr<base::SequencedTaskRunner>& crypto_task_runner); |
78 | 83 |
79 // Sets the task runner that any slow calls will be made from, e.g. calls | 84 // Sets the task runner that any slow calls will be made from, e.g. calls |
80 // to the NSS database. If not set, uses base::WorkerPool. | 85 // to the NSS database. If not set, uses base::WorkerPool. |
81 void SetSlowTaskRunnerForTest( | 86 void SetSlowTaskRunnerForTest( |
82 const scoped_refptr<base::TaskRunner>& task_runner); | 87 const scoped_refptr<base::TaskRunner>& task_runner); |
83 | 88 |
84 void AddObserver(CertLoader::Observer* observer); | 89 void AddObserver(CertLoader::Observer* observer); |
85 void RemoveObserver(CertLoader::Observer* observer); | 90 void RemoveObserver(CertLoader::Observer* observer); |
(...skipping 12 matching lines...) Expand all Loading... |
98 const std::string& tpm_token_slot() const { return tpm_token_slot_; } | 103 const std::string& tpm_token_slot() const { return tpm_token_slot_; } |
99 const std::string& tpm_user_pin() const { return tpm_user_pin_; } | 104 const std::string& tpm_user_pin() const { return tpm_user_pin_; } |
100 | 105 |
101 // This will be empty until certificates_loaded() is true. | 106 // This will be empty until certificates_loaded() is true. |
102 const net::CertificateList& cert_list() const { return cert_list_; } | 107 const net::CertificateList& cert_list() const { return cert_list_; } |
103 | 108 |
104 private: | 109 private: |
105 CertLoader(); | 110 CertLoader(); |
106 virtual ~CertLoader(); | 111 virtual ~CertLoader(); |
107 | 112 |
108 void Init(); | |
109 void MaybeRequestCertificates(); | 113 void MaybeRequestCertificates(); |
110 | 114 |
111 // This is the cyclic chain of callbacks to initialize the TPM token and to | 115 // This is the cyclic chain of callbacks to initialize the TPM token and to |
112 // kick off the update of the certificate list. | 116 // kick off the update of the certificate list. |
113 void InitializeTokenAndLoadCertificates(); | 117 void InitializeTokenAndLoadCertificates(); |
114 void RetryTokenInitializationLater(); | 118 void RetryTokenInitializationLater(); |
115 void OnPersistentNSSDBOpened(); | 119 void OnPersistentNSSDBOpened(); |
116 void OnTpmIsEnabled(DBusMethodCallStatus call_status, | 120 void OnTpmIsEnabled(DBusMethodCallStatus call_status, |
117 bool tpm_is_enabled); | 121 bool tpm_is_enabled); |
118 void OnPkcs11IsTpmTokenReady(DBusMethodCallStatus call_status, | 122 void OnPkcs11IsTpmTokenReady(DBusMethodCallStatus call_status, |
119 bool is_tpm_token_ready); | 123 bool is_tpm_token_ready); |
120 void OnPkcs11GetTpmTokenInfo(DBusMethodCallStatus call_status, | 124 void OnPkcs11GetTpmTokenInfo(DBusMethodCallStatus call_status, |
121 const std::string& token_name, | 125 const std::string& token_name, |
122 const std::string& user_pin); | 126 const std::string& user_pin); |
123 void OnTPMTokenInitialized(bool success); | 127 void OnTPMTokenInitialized(bool success); |
124 | 128 |
125 // These calls handle the updating of the certificate list after the TPM token | 129 // These calls handle the updating of the certificate list after the TPM token |
126 // was initialized. | 130 // was initialized. |
| 131 |
| 132 // Start certificate loading. Must be called at most once. |
127 void StartLoadCertificates(); | 133 void StartLoadCertificates(); |
| 134 |
| 135 // Trigger a certificate load. If a certificate loading task is already in |
| 136 // progress, will start a reload once the current task finised. |
| 137 void LoadCertificates(); |
| 138 |
| 139 // Called if a certificate load task is finished. |
128 void UpdateCertificates(net::CertificateList* cert_list); | 140 void UpdateCertificates(net::CertificateList* cert_list); |
129 | 141 |
130 void NotifyCertificatesLoaded(bool initial_load); | 142 void NotifyCertificatesLoaded(bool initial_load); |
131 | 143 |
132 // net::CertDatabase::Observer | 144 // net::CertDatabase::Observer |
133 virtual void OnCertTrustChanged(const net::X509Certificate* cert) OVERRIDE; | 145 virtual void OnCertTrustChanged(const net::X509Certificate* cert) OVERRIDE; |
134 virtual void OnCertAdded(const net::X509Certificate* cert) OVERRIDE; | 146 virtual void OnCertAdded(const net::X509Certificate* cert) OVERRIDE; |
135 virtual void OnCertRemoved(const net::X509Certificate* cert) OVERRIDE; | 147 virtual void OnCertRemoved(const net::X509Certificate* cert) OVERRIDE; |
136 | 148 |
137 // LoginState::Observer | 149 // LoginState::Observer |
138 virtual void LoggedInStateChanged(LoginState::LoggedInState state) OVERRIDE; | 150 virtual void LoggedInStateChanged(LoginState::LoggedInState state) OVERRIDE; |
139 | 151 |
| 152 bool initialize_tpm_for_test_; |
| 153 |
140 ObserverList<Observer> observers_; | 154 ObserverList<Observer> observers_; |
141 | 155 |
142 bool certificates_requested_; | 156 bool certificates_requested_; |
143 bool certificates_loaded_; | 157 bool certificates_loaded_; |
144 bool certificates_update_required_; | 158 bool certificates_update_required_; |
145 bool certificates_update_running_; | 159 bool certificates_update_running_; |
146 | 160 |
147 // The states are traversed in this order but some might get omitted or never | 161 // The states are traversed in this order but some might get omitted or never |
148 // be left. | 162 // be left. |
149 enum TPMTokenState { | 163 enum TPMTokenState { |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
184 // This factory should be used only for callbacks during updating the | 198 // This factory should be used only for callbacks during updating the |
185 // certificate list. | 199 // certificate list. |
186 base::WeakPtrFactory<CertLoader> update_certificates_factory_; | 200 base::WeakPtrFactory<CertLoader> update_certificates_factory_; |
187 | 201 |
188 DISALLOW_COPY_AND_ASSIGN(CertLoader); | 202 DISALLOW_COPY_AND_ASSIGN(CertLoader); |
189 }; | 203 }; |
190 | 204 |
191 } // namespace chromeos | 205 } // namespace chromeos |
192 | 206 |
193 #endif // CHROMEOS_CERT_LOADER_H_ | 207 #endif // CHROMEOS_CERT_LOADER_H_ |
OLD | NEW |