Split chromeos::CertLoader

CertLoader does both TPM token initialization and certificate loading
from the cert database. This extracts token initializetion in a separate
class.

BUG=315343

Review URL: https://codereview.chromium.org/132313004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@246154 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 35 insertions, 39 deletions

diff --git a/chrome/browser/chromeos/settings/device_settings_service.cc b/chrome/browser/chromeos/settings/device_settings_service.cc
index 1173a87..5aa7efe 100644
--- a/chrome/browser/chromeos/settings/device_settings_service.cc
+++ b/chrome/browser/chromeos/settings/device_settings_service.cc
@@ -72,21 +72,21 @@ DeviceSettingsService* DeviceSettingsService::Get() {
 
 DeviceSettingsService::DeviceSettingsService()
     : session_manager_client_(NULL),
-      weak_factory_(this),
       store_status_(STORE_SUCCESS),
-      certificates_loaded_(false),
-      owner_key_loaded_with_certificates_(false),
-      load_retries_left_(kMaxLoadRetries) {
-  if (CertLoader::IsInitialized()) {
-    certificates_loaded_ = CertLoader::Get()->certificates_loaded();
-    CertLoader::Get()->AddObserver(this);
+      waiting_for_tpm_token_(true),
+      owner_key_loaded_with_tpm_token_(false),
+      load_retries_left_(kMaxLoadRetries),
+      weak_factory_(this) {
+  if (TPMTokenLoader::IsInitialized()) {
+    waiting_for_tpm_token_ = !TPMTokenLoader::Get()->IsTPMTokenReady();
+    TPMTokenLoader::Get()->AddObserver(this);
   }
 }
 
 DeviceSettingsService::~DeviceSettingsService() {
   DCHECK(pending_operations_.empty());
-  if (CertLoader::IsInitialized())
-    CertLoader::Get()->RemoveObserver(this);
+  if (TPMTokenLoader::IsInitialized())
+    TPMTokenLoader::Get()->RemoveObserver(this);
 }
 
 void DeviceSettingsService::SetSessionManager(
@@ -179,7 +179,7 @@ bool DeviceSettingsService::HasPrivateOwnerKey() {
 
 void DeviceSettingsService::IsCurrentUserOwnerAsync(
     const IsCurrentUserOwnerCallback& callback) {
-  if (owner_key_loaded_with_certificates_) {
+  if (owner_key_loaded_with_tpm_token_) {
     // If the current owner key was loaded while the certificates were loaded,
     // or the certificate loader is not initialized, in which case the private
     // key cannot be set, report status immediately.
@@ -235,11 +235,12 @@ void DeviceSettingsService::PropertyChangeComplete(bool success) {
   EnsureReload(false);
 }
 
-void DeviceSettingsService::OnCertificatesLoaded(
-    const net::CertificateList& cert_list,
-    bool initial_load) {
-  certificates_loaded_ = true;
-  // CertLoader initializes the TPM and NSS database which is necessary to
+void DeviceSettingsService::OnTPMTokenReady(const std::string& tpm_user_pin,
+                                            const std::string& tpm_token_name,
+                                            int tpm_token_slot_id) {
+  waiting_for_tpm_token_ = false;
+
+  // TPMTokenLoader initializes the TPM and NSS database which is necessary to
   // determine ownership. Force a reload once we know these are initialized.
   EnsureReload(true);
 }
@@ -338,8 +339,8 @@ void DeviceSettingsService::HandleCompletedOperation(
     iter->Run(ownership_status);
   }
 
-  if (certificates_loaded_) {
-    owner_key_loaded_with_certificates_ = true;
+  if (!waiting_for_tpm_token_) {
+    owner_key_loaded_with_tpm_token_ = true;
     std::vector<IsCurrentUserOwnerCallback> is_owner_callbacks;
     is_owner_callbacks.swap(pending_is_current_user_owner_callbacks_);
     for (std::vector<IsCurrentUserOwnerCallback>::iterator iter(
diff --git a/chrome/browser/chromeos/settings/device_settings_service.h b/chrome/browser/chromeos/settings/device_settings_service.h
index 1d66569..b70a753 100644
--- a/chrome/browser/chromeos/settings/device_settings_service.h
+++ b/chrome/browser/chromeos/settings/device_settings_service.h
@@ -15,8 +15,8 @@
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/observer_list.h"
-#include "chromeos/cert_loader.h"
 #include "chromeos/dbus/session_manager_client.h"
+#include "chromeos/tpm_token_loader.h"
 #include "components/policy/core/common/cloud/cloud_policy_validator.h"
 
 namespace crypto {
@@ -73,7 +73,7 @@ class OwnerKey : public base::RefCountedThreadSafe<OwnerKey> {
 // DeviceSettingsService generates notifications for key and policy update
 // events so interested parties can reload state as appropriate.
 class DeviceSettingsService : public SessionManagerClient::Observer,
-                              public CertLoader::Observer {
+                              public TPMTokenLoader::Observer {
  public:
   // Indicates ownership status of the device.
   enum OwnershipStatus {
@@ -196,9 +196,10 @@ class DeviceSettingsService : public SessionManagerClient::Observer,
   virtual void OwnerKeySet(bool success) OVERRIDE;
   virtual void PropertyChangeComplete(bool success) OVERRIDE;
 
-  // CertLoader::Observer:
-  virtual void OnCertificatesLoaded(const net::CertificateList& cert_list,
-                                    bool initial_load) OVERRIDE;
+  // TPMTokenLoader::Observer:
+  virtual void OnTPMTokenReady(const std::string& tpm_user_pin,
+                               const std::string& tpm_token_name,
+                               int tpm_token_slot_id) OVERRIDE;
 
  private:
   // Enqueues a new operation. Takes ownership of |operation| and starts it
@@ -224,8 +225,6 @@ class DeviceSettingsService : public SessionManagerClient::Observer,
   SessionManagerClient* session_manager_client_;
   scoped_refptr<OwnerKeyUtil> owner_key_util_;
 
-  base::WeakPtrFactory<DeviceSettingsService> weak_factory_;
-
   Status store_status_;
 
   std::vector<OwnershipStatusCallback> pending_ownership_status_callbacks_;
@@ -234,11 +233,11 @@ class DeviceSettingsService : public SessionManagerClient::Observer,
 
   std::string username_;
   scoped_refptr<OwnerKey> owner_key_;
-  // Whether certificates have been loaded by CertLoader.
-  bool certificates_loaded_;
-  // Whether certificates were loaded when the current owner key was set.
+  // Whether TPM token still needs to be initialized.
+  bool waiting_for_tpm_token_;
+  // Whether TPM token was ready when the current owner key was set.
   // Implies that the current user is owner iff the private owner key is set.
-  bool owner_key_loaded_with_certificates_;
+  bool owner_key_loaded_with_tpm_token_;
 
   scoped_ptr<enterprise_management::PolicyData> policy_data_;
   scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> device_settings_;
@@ -252,6 +251,8 @@ class DeviceSettingsService : public SessionManagerClient::Observer,
   // For recoverable load errors how many retries are left before we give up.
   int load_retries_left_;
 
+  base::WeakPtrFactory<DeviceSettingsService> weak_factory_;
+
   DISALLOW_COPY_AND_ASSIGN(DeviceSettingsService);
 };
 
diff --git a/chrome/browser/chromeos/settings/device_settings_service_unittest.cc b/chrome/browser/chromeos/settings/device_settings_service_unittest.cc
index 2bcc1c0..aaa3cea 100644
--- a/chrome/browser/chromeos/settings/device_settings_service_unittest.cc
+++ b/chrome/browser/chromeos/settings/device_settings_service_unittest.cc
@@ -323,7 +323,7 @@ TEST_F(DeviceSettingsServiceTest, OwnershipStatus) {
   EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN, ownership_status_);
 }
 
-TEST_F(DeviceSettingsServiceTest, OnCertificatesLoadedForNonOwner) {
+TEST_F(DeviceSettingsServiceTest, OnTPMTokenReadyForNonOwner) {
   owner_key_util_->Clear();
 
   EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey());
@@ -349,9 +349,7 @@ TEST_F(DeviceSettingsServiceTest, OnCertificatesLoadedForNonOwner) {
             device_settings_service_.GetOwnershipStatus());
   EXPECT_FALSE(is_owner_set_);
 
-  // Simulate CertLoader reporting a new set of certificates. The passed
-  // certificates are ignored.
-  device_settings_service_.OnCertificatesLoaded(net::CertificateList(), true);
+  device_settings_service_.OnTPMTokenReady("tpm_pin", "tpm_token", 0);
   FlushDeviceSettings();
 
   EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey());
@@ -366,7 +364,7 @@ TEST_F(DeviceSettingsServiceTest, OnCertificatesLoadedForNonOwner) {
   EXPECT_FALSE(is_owner_);
 }
 
-TEST_F(DeviceSettingsServiceTest, OnCertificatesLoadedForOwner) {
+TEST_F(DeviceSettingsServiceTest, OnTPMTokenReadyForOwner) {
   owner_key_util_->Clear();
 
   EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey());
@@ -394,9 +392,7 @@ TEST_F(DeviceSettingsServiceTest, OnCertificatesLoadedForOwner) {
 
   owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey());
   device_settings_service_.SetUsername(device_policy_.policy_data().username());
-  // Simulate CertLoader reporting a new set of certificates. The passed
-  // certificates are ignored.
-  device_settings_service_.OnCertificatesLoaded(net::CertificateList(), true);
+  device_settings_service_.OnTPMTokenReady("tpm_pin", "tpm_token_name", 0);
   FlushDeviceSettings();
 
   EXPECT_TRUE(device_settings_service_.HasPrivateOwnerKey());
@@ -424,9 +420,7 @@ TEST_F(DeviceSettingsServiceTest, IsCurrentUserOwnerAsyncWithLoadedCerts) {
   device_settings_service_.SetUsername(device_policy_.policy_data().username());
   ReloadDeviceSettings();
 
-  // Simulate CertLoader reporting a new set of certificates. The passed
-  // certificates are ignored.
-  device_settings_service_.OnCertificatesLoaded(net::CertificateList(), true);
+  device_settings_service_.OnTPMTokenReady("tpm_pin", "tpm_token_name", 0);
   FlushDeviceSettings();
 
   EXPECT_TRUE(device_settings_service_.HasPrivateOwnerKey());