Replace WifiConfigModel with async CertLibrary

Update WifiConfigView and VpnConfigView to use CertLibrary. Includes changes to crypto:nss_util.cc BUG=chromium-os:15829 TEST=Test wifi/other + certificates and VPN + certificates. UI should not block. Review URL: http://codereview.chromium.org/7244012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@90833 0039d316-1c4b-4281-b951-d872f2087c98
author: stevenjb@google.com <stevenjb@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2011-06-28 20:41:55 +0000
committer: stevenjb@google.com <stevenjb@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2011-06-28 20:41:55 +0000
commit: c175cdb75905a3145675c20884888e6348784b62 (patch)
tree: 8a47a055e88ba3e8344effd22efe7296c89604d0 /crypto
parent: 5638c8c91bc36494327594df1df3230f962cbf84 (diff)
download: chromium_src-c175cdb75905a3145675c20884888e6348784b62.zip
chromium_src-c175cdb75905a3145675c20884888e6348784b62.tar.gz
chromium_src-c175cdb75905a3145675c20884888e6348784b62.tar.bz2
2 files changed, 67 insertions, 39 deletions
diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc
index e484abe..3b393fc 100644
--- a/crypto/nss_util.cc
+++ b/crypto/nss_util.cc
@@ -226,6 +226,47 @@ class NSSInitSingleton {
     EnsureTPMTokenReady();
   }
 
+  // This is called whenever we want to make sure opencryptoki is
+  // properly loaded, because it can fail shortly after the initial
+  // login while the PINs are being initialized, and we want to retry
+  // if this happens.
+  bool EnsureTPMTokenReady() {
+    // If EnableTPMTokenForNSS hasn't been called, or if everything is
+    // already initialized, then this call succeeds.
+    if (tpm_token_info_delegate_.get() == NULL ||
+        (opencryptoki_module_ && tpm_slot_)) {
+      return true;
+    }
+
+    if (tpm_token_info_delegate_->IsTokenReady()) {
+      // This tries to load the opencryptoki module so NSS can talk to
+      // the hardware TPM.
+      if (!opencryptoki_module_) {
+        opencryptoki_module_ = LoadModule(
+            kOpencryptokiModuleName,
+            kOpencryptokiPath,
+            // trustOrder=100 -- means it'll select this as the most
+            //   trusted slot for the mechanisms it provides.
+            // slotParams=... -- selects RSA as the only mechanism, and only
+            //   asks for the password when necessary (instead of every
+            //   time, or after a timeout).
+            "trustOrder=100 slotParams=(1={slotFlags=[RSA] askpw=only})");
+      }
+      if (opencryptoki_module_) {
+        // If this gets set, then we'll use the TPM for certs with
+        // private keys, otherwise we'll fall back to the software
+        // implementation.
+        tpm_slot_ = GetTPMSlot();
+        return tpm_slot_ != NULL;
+      }
+    }
+    return false;
+  }
+
+  bool IsTPMTokenAvailable() {
+    return tpm_token_info_delegate_->IsTokenAvailable();
+  }
+
   void GetTPMTokenInfo(std::string* token_name, std::string* user_pin) {
     tpm_token_info_delegate_->GetTokenInfo(token_name, user_pin);
   }
@@ -239,6 +280,7 @@ class NSSInitSingleton {
     GetTPMTokenInfo(&token_name, NULL);
     return FindSlotWithTokenName(token_name);
   }
+
 #endif  // defined(OS_CHROMEOS)
 
 
@@ -487,45 +529,6 @@ class NSSInitSingleton {
     return db_slot;
   }
 
-#if defined(OS_CHROMEOS)
-  // This is called whenever we want to make sure opencryptoki is
-  // properly loaded, because it can fail shortly after the initial
-  // login while the PINs are being initialized, and we want to retry
-  // if this happens.
-  bool EnsureTPMTokenReady() {
-    // If EnableTPMTokenForNSS hasn't been called, or if everything is
-    // already initialized, then this call succeeds.
-    if (tpm_token_info_delegate_.get() == NULL ||
-        (opencryptoki_module_ && tpm_slot_)) {
-      return true;
-    }
-
-    if (tpm_token_info_delegate_->IsTokenReady()) {
-      // This tries to load the opencryptoki module so NSS can talk to
-      // the hardware TPM.
-      if (!opencryptoki_module_) {
-        opencryptoki_module_ = LoadModule(
-            kOpencryptokiModuleName,
-            kOpencryptokiPath,
-            // trustOrder=100 -- means it'll select this as the most
-            //   trusted slot for the mechanisms it provides.
-            // slotParams=... -- selects RSA as the only mechanism, and only
-            //   asks for the password when necessary (instead of every
-            //   time, or after a timeout).
-            "trustOrder=100 slotParams=(1={slotFlags=[RSA] askpw=only})");
-      }
-      if (opencryptoki_module_) {
-        // If this gets set, then we'll use the TPM for certs with
-        // private keys, otherwise we'll fall back to the software
-        // implementation.
-        tpm_slot_ = GetTPMSlot();
-        return tpm_slot_ != NULL;
-      }
-    }
-    return false;
-  }
-#endif
-
   // If this is set to true NSS is forced to be initialized without a DB.
   static bool force_nodb_init_;
 
@@ -680,10 +683,18 @@ void GetTPMTokenInfo(std::string* token_name, std::string* user_pin) {
   g_nss_singleton.Get().GetTPMTokenInfo(token_name, user_pin);
 }
 
+bool IsTPMTokenAvailable() {
+  return g_nss_singleton.Get().IsTPMTokenAvailable();
+}
+
 bool IsTPMTokenReady() {
   return g_nss_singleton.Get().IsTPMTokenReady();
 }
 
+bool EnsureTPMTokenReady() {
+  return g_nss_singleton.Get().EnsureTPMTokenReady();
+}
+
 #endif  // defined(OS_CHROMEOS)
 
 // TODO(port): Implement this more simply.  We can convert by subtracting an
diff --git a/crypto/nss_util.h b/crypto/nss_util.h
index 1244db9..19298ca 100644
--- a/crypto/nss_util.h
+++ b/crypto/nss_util.h
@@ -93,7 +93,17 @@ class TPMTokenInfoDelegate {
  public:
   TPMTokenInfoDelegate();
   virtual ~TPMTokenInfoDelegate();
+
+  // Returns true if the hardware supports a TPM Token and the TPM is enabled.
+  virtual bool IsTokenAvailable() const = 0;
+
+  // Returns true if the TPM and PKCS#11 token slot is ready to be used.
+  // If IsTokenAvailable() is false this should return false.
+  // If IsTokenAvailable() is true, this should eventually return true.
   virtual bool IsTokenReady() const = 0;
+
+  // Fetches token properties. TODO(stevenjb): make this interface asynchronous
+  // so that the implementation does not have to be blocking.
   virtual void GetTokenInfo(std::string* token_name,
                             std::string* user_pin) const = 0;
 };
@@ -110,11 +120,18 @@ void EnableTPMTokenForNSS(TPMTokenInfoDelegate* delegate);
 // EnableTPMTokenForNSS has been called with a non-null delegate.
 void GetTPMTokenInfo(std::string* token_name, std::string* user_pin);
 
+// Returns true if the machine has a TPM and it can be used to store tokens.
+bool IsTPMTokenAvailable();
+
 // Returns true if the TPM is owned and PKCS#11 initialized with the
 // user and security officer PINs, and has been enabled in NSS by
 // calling EnableTPMForNSS, and opencryptoki has been successfully
 // loaded into NSS.
 bool IsTPMTokenReady();
+
+// Same as IsTPMTokenReady() except this attempts to initialize the token
+// if necessary.
+bool EnsureTPMTokenReady();
 #endif
 
 // Convert a NSS PRTime value into a base::Time object.
author	stevenjb@google.com <stevenjb@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2011-06-28 20:41:55 +0000
committer	stevenjb@google.com <stevenjb@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2011-06-28 20:41:55 +0000
commit	c175cdb75905a3145675c20884888e6348784b62 (patch)
tree	8a47a055e88ba3e8344effd22efe7296c89604d0 /crypto
parent	5638c8c91bc36494327594df1df3230f962cbf84 (diff)
download	chromium_src-c175cdb75905a3145675c20884888e6348784b62.zip chromium_src-c175cdb75905a3145675c20884888e6348784b62.tar.gz chromium_src-c175cdb75905a3145675c20884888e6348784b62.tar.bz2