diff options
author | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-08-13 15:30:04 +0000 |
---|---|---|
committer | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-08-13 15:30:04 +0000 |
commit | 72b3a7eea94e94507e8ae7398082e9ffe1cd620f (patch) | |
tree | e67f659eade2654e5137037dc4403b01dd6e1949 /chromeos/cert_loader.cc | |
parent | 514a497e58caebaca362a42a76d174c593ad00c8 (diff) | |
download | chromium_src-72b3a7eea94e94507e8ae7398082e9ffe1cd620f.zip chromium_src-72b3a7eea94e94507e8ae7398082e9ffe1cd620f.tar.gz chromium_src-72b3a7eea94e94507e8ae7398082e9ffe1cd620f.tar.bz2 |
Automatically resolve ClientCertificatePatterns.
This adds a new ClientCertResolver to chromeos/network, which automatically resolves ClientCertificatePatterns and writes the cert id of the matching certificate to Shill.
This should fix several issues like updating client certs and auto-connect immediately after installing EAP networks from policy.
It's required for Ethernet EAP policies where the current pattern matching on each manual connect isn't sufficient.
BUG=234983, 126870
Review URL: https://chromiumcodereview.appspot.com/22327005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@217257 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chromeos/cert_loader.cc')
-rw-r--r-- | chromeos/cert_loader.cc | 43 |
1 files changed, 24 insertions, 19 deletions
diff --git a/chromeos/cert_loader.cc b/chromeos/cert_loader.cc index 964c777..060d464 100644 --- a/chromeos/cert_loader.cc +++ b/chromeos/cert_loader.cc @@ -52,7 +52,8 @@ void CallOpenPersistentNSSDB() { VLOG(1) << "CallOpenPersistentNSSDB"; // Ensure we've opened the user's key/certificate database. - crypto::OpenPersistentNSSDB(); + if (base::chromeos::IsRunningOnChromeOS()) + crypto::OpenPersistentNSSDB(); crypto::EnableTPMTokenForNSS(); } @@ -64,7 +65,6 @@ static CertLoader* g_cert_loader = NULL; void CertLoader::Initialize() { CHECK(!g_cert_loader); g_cert_loader = new CertLoader(); - g_cert_loader->Init(); } // static @@ -86,7 +86,8 @@ bool CertLoader::IsInitialized() { } CertLoader::CertLoader() - : certificates_requested_(false), + : initialize_tpm_for_test_(false), + certificates_requested_(false), certificates_loaded_(false), certificates_update_required_(false), certificates_update_running_(false), @@ -95,14 +96,14 @@ CertLoader::CertLoader() base::TimeDelta::FromMilliseconds(kInitialRequestDelayMs)), initialize_token_factory_(this), update_certificates_factory_(this) { -} - -void CertLoader::Init() { - net::CertDatabase::GetInstance()->AddObserver(this); if (LoginState::IsInitialized()) LoginState::Get()->AddObserver(this); } +void CertLoader::InitializeTPMForTest() { + initialize_tpm_for_test_ = true; +} + void CertLoader::SetCryptoTaskRunner( const scoped_refptr<base::SequencedTaskRunner>& crypto_task_runner) { crypto_task_runner_ = crypto_task_runner; @@ -154,7 +155,11 @@ void CertLoader::MaybeRequestCertificates() { // Ensure we only initialize the TPM token once. DCHECK_EQ(tpm_token_state_, TPM_STATE_UNKNOWN); - if (!base::chromeos::IsRunningOnChromeOS()) + if (!initialize_tpm_for_test_ && !base::chromeos::IsRunningOnChromeOS()) + tpm_token_state_ = TPM_DISABLED; + + // Treat TPM as disabled for guest users since they do not store certs. + if (LoginState::IsInitialized() && LoginState::Get()->IsGuestUser()) tpm_token_state_ = TPM_DISABLED; InitializeTokenAndLoadCertificates(); @@ -164,10 +169,6 @@ void CertLoader::InitializeTokenAndLoadCertificates() { CHECK(thread_checker_.CalledOnValidThread()); VLOG(1) << "InitializeTokenAndLoadCertificates: " << tpm_token_state_; - // Treat TPM as disabled for guest users since they do not store certs. - if (LoginState::IsInitialized() && LoginState::Get()->IsGuestUser()) - tpm_token_state_ = TPM_DISABLED; - switch (tpm_token_state_) { case TPM_STATE_UNKNOWN: { crypto_task_runner_->PostTaskAndReply( @@ -211,8 +212,6 @@ void CertLoader::InitializeTokenAndLoadCertificates() { base::Bind(&CertLoader::OnTPMTokenInitialized, initialize_token_factory_.GetWeakPtr())); return; - tpm_token_state_ = TPM_TOKEN_INITIALIZED; - // FALL_THROUGH_INTENDED } case TPM_TOKEN_INITIALIZED: { StartLoadCertificates(); @@ -223,7 +222,7 @@ void CertLoader::InitializeTokenAndLoadCertificates() { void CertLoader::RetryTokenInitializationLater() { CHECK(thread_checker_.CalledOnValidThread()); - LOG(WARNING) << "Re-Requesting Certificates later."; + LOG(WARNING) << "Retry token initialization later."; base::MessageLoop::current()->PostDelayedTask( FROM_HERE, base::Bind(&CertLoader::InitializeTokenAndLoadCertificates, @@ -324,8 +323,14 @@ void CertLoader::OnTPMTokenInitialized(bool success) { } void CertLoader::StartLoadCertificates() { + DCHECK(!certificates_loaded_ && !certificates_update_running_); + net::CertDatabase::GetInstance()->AddObserver(this); + LoadCertificates(); +} + +void CertLoader::LoadCertificates() { CHECK(thread_checker_.CalledOnValidThread()); - VLOG(1) << "StartLoadCertificates: " << certificates_update_running_; + VLOG(1) << "LoadCertificates: " << certificates_update_running_; if (certificates_update_running_) { certificates_update_required_ = true; @@ -361,7 +366,7 @@ void CertLoader::UpdateCertificates(net::CertificateList* cert_list) { certificates_update_running_ = false; if (certificates_update_required_) - StartLoadCertificates(); + LoadCertificates(); } void CertLoader::NotifyCertificatesLoaded(bool initial_load) { @@ -374,12 +379,12 @@ void CertLoader::OnCertTrustChanged(const net::X509Certificate* cert) { void CertLoader::OnCertAdded(const net::X509Certificate* cert) { VLOG(1) << "OnCertAdded"; - StartLoadCertificates(); + LoadCertificates(); } void CertLoader::OnCertRemoved(const net::X509Certificate* cert) { VLOG(1) << "OnCertRemoved"; - StartLoadCertificates(); + LoadCertificates(); } void CertLoader::LoggedInStateChanged(LoginState::LoggedInState state) { |