diff options
Diffstat (limited to 'chrome/browser/chromeos/settings')
10 files changed, 94 insertions, 21 deletions
diff --git a/chrome/browser/chromeos/settings/device_settings_provider_unittest.cc b/chrome/browser/chromeos/settings/device_settings_provider_unittest.cc index 1da5a9b..b84ce88 100644 --- a/chrome/browser/chromeos/settings/device_settings_provider_unittest.cc +++ b/chrome/browser/chromeos/settings/device_settings_provider_unittest.cc @@ -139,7 +139,9 @@ TEST_F(DeviceSettingsProviderTest, SetPrefFailed) { TEST_F(DeviceSettingsProviderTest, SetPrefSucceed) { owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); - device_settings_service_.SetUsername(device_policy_.policy_data().username()); + crypto::ScopedPK11Slot slot; + device_settings_service_.InitOwner(device_policy_.policy_data().username(), + slot.Pass()); FlushDeviceSettings(); base::FundamentalValue value(true); @@ -167,7 +169,9 @@ TEST_F(DeviceSettingsProviderTest, SetPrefSucceed) { TEST_F(DeviceSettingsProviderTest, SetPrefTwice) { owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); - device_settings_service_.SetUsername(device_policy_.policy_data().username()); + crypto::ScopedPK11Slot slot; + device_settings_service_.InitOwner(device_policy_.policy_data().username(), + slot.Pass()); FlushDeviceSettings(); EXPECT_CALL(*this, SettingChanged(_)).Times(AnyNumber()); diff --git a/chrome/browser/chromeos/settings/device_settings_service.cc b/chrome/browser/chromeos/settings/device_settings_service.cc index 0895080..0c54895 100644 --- a/chrome/browser/chromeos/settings/device_settings_service.cc +++ b/chrome/browser/chromeos/settings/device_settings_service.cc @@ -232,8 +232,13 @@ void DeviceSettingsService::IsCurrentUserOwnerAsync( } } -void DeviceSettingsService::SetUsername(const std::string& username) { +void DeviceSettingsService::InitOwner(const std::string& username, + crypto::ScopedPK11Slot slot) { + if (!username_.empty()) + return; + username_ = username; + slot_ = slot.Pass(); // The private key may have become available, so force a key reload. owner_key_ = NULL; @@ -292,14 +297,19 @@ void DeviceSettingsService::EnqueueLoad(bool force_key_load) { weak_factory_.GetWeakPtr(), base::Closure())); operation->set_force_key_load(force_key_load); + operation->set_username(username_); + operation->set_slot(slot_.get()); Enqueue(operation); } void DeviceSettingsService::EnsureReload(bool force_key_load) { - if (!pending_operations_.empty()) + if (!pending_operations_.empty()) { + pending_operations_.front()->set_username(username_); + pending_operations_.front()->set_slot(slot_.get()); pending_operations_.front()->RestartLoad(force_key_load); - else + } else { EnqueueLoad(force_key_load); + } } void DeviceSettingsService::StartNextOperation() { diff --git a/chrome/browser/chromeos/settings/device_settings_service.h b/chrome/browser/chromeos/settings/device_settings_service.h index 5b05513..f22f4a9 100644 --- a/chrome/browser/chromeos/settings/device_settings_service.h +++ b/chrome/browser/chromeos/settings/device_settings_service.h @@ -19,6 +19,7 @@ #include "chromeos/dbus/session_manager_client.h" #include "chromeos/tpm_token_loader.h" #include "components/policy/core/common/cloud/cloud_policy_validator.h" +#include "crypto/scoped_nss_types.h" #include "policy/proto/device_management_backend.pb.h" namespace crypto { @@ -199,7 +200,7 @@ class DeviceSettingsService : public SessionManagerClient::Observer, // Sets the identity of the user that's interacting with the service. This is // relevant only for writing settings through SignAndStore(). - void SetUsername(const std::string& username); + void InitOwner(const std::string& username, crypto::ScopedPK11Slot slot); const std::string& GetUsername() const; // Adds an observer. @@ -261,6 +262,7 @@ class DeviceSettingsService : public SessionManagerClient::Observer, pending_is_current_user_owner_callbacks_; std::string username_; + crypto::ScopedPK11Slot slot_; scoped_refptr<OwnerKey> owner_key_; // Whether TPM token still needs to be initialized. bool waiting_for_tpm_token_; diff --git a/chrome/browser/chromeos/settings/device_settings_service_unittest.cc b/chrome/browser/chromeos/settings/device_settings_service_unittest.cc index 727a34f..88c0114 100644 --- a/chrome/browser/chromeos/settings/device_settings_service_unittest.cc +++ b/chrome/browser/chromeos/settings/device_settings_service_unittest.cc @@ -164,7 +164,9 @@ TEST_F(DeviceSettingsServiceTest, SignAndStoreFailure) { device_settings_service_.status()); owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); - device_settings_service_.SetUsername(device_policy_.policy_data().username()); + crypto::ScopedPK11Slot slot; + device_settings_service_.InitOwner(device_policy_.policy_data().username(), + slot.Pass()); FlushDeviceSettings(); scoped_ptr<em::ChromeDeviceSettingsProto> new_device_settings( @@ -190,7 +192,9 @@ TEST_F(DeviceSettingsServiceTest, SignAndStoreSuccess) { device_settings_service_.status()); owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); - device_settings_service_.SetUsername(device_policy_.policy_data().username()); + crypto::ScopedPK11Slot slot; + device_settings_service_.InitOwner(device_policy_.policy_data().username(), + slot.Pass()); FlushDeviceSettings(); device_policy_.payload().mutable_device_policy_refresh_rate()-> @@ -229,7 +233,9 @@ TEST_F(DeviceSettingsServiceTest, SetManagementSettingsModeTransition) { device_settings_service_.status()); owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); - device_settings_service_.SetUsername(device_policy_.policy_data().username()); + crypto::ScopedPK11Slot slot; + device_settings_service_.InitOwner(device_policy_.policy_data().username(), + slot.Pass()); FlushDeviceSettings(); // The initial management mode should be NOT_MANAGED. @@ -343,7 +349,9 @@ TEST_F(DeviceSettingsServiceTest, SetManagementSettingsSuccess) { device_settings_service_.status()); owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); - device_settings_service_.SetUsername(device_policy_.policy_data().username()); + crypto::ScopedPK11Slot slot; + device_settings_service_.InitOwner(device_policy_.policy_data().username(), + slot.Pass()); FlushDeviceSettings(); device_settings_service_.SetManagementSettings( @@ -470,7 +478,9 @@ TEST_F(DeviceSettingsServiceTest, OwnershipStatus) { EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN, ownership_status_); owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); - device_settings_service_.SetUsername(device_policy_.policy_data().username()); + crypto::ScopedPK11Slot slot; + device_settings_service_.InitOwner(device_policy_.policy_data().username(), + slot.Pass()); device_settings_service_.GetOwnershipStatusAsync( base::Bind(&DeviceSettingsServiceTest::SetOwnershipStatus, base::Unretained(this))); @@ -554,7 +564,9 @@ TEST_F(DeviceSettingsServiceTest, OnTPMTokenReadyForOwner) { EXPECT_FALSE(is_owner_set_); owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); - device_settings_service_.SetUsername(device_policy_.policy_data().username()); + crypto::ScopedPK11Slot slot; + device_settings_service_.InitOwner(device_policy_.policy_data().username(), + slot.Pass()); device_settings_service_.OnTPMTokenReady(); FlushDeviceSettings(); @@ -580,7 +592,9 @@ TEST_F(DeviceSettingsServiceTest, IsCurrentUserOwnerAsyncWithLoadedCerts) { owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey()); owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); - device_settings_service_.SetUsername(device_policy_.policy_data().username()); + crypto::ScopedPK11Slot slot; + device_settings_service_.InitOwner(device_policy_.policy_data().username(), + slot.Pass()); ReloadDeviceSettings(); device_settings_service_.OnTPMTokenReady(); diff --git a/chrome/browser/chromeos/settings/mock_owner_key_util.cc b/chrome/browser/chromeos/settings/mock_owner_key_util.cc index 1f77545..bd62af5 100644 --- a/chrome/browser/chromeos/settings/mock_owner_key_util.cc +++ b/chrome/browser/chromeos/settings/mock_owner_key_util.cc @@ -22,6 +22,12 @@ crypto::RSAPrivateKey* MockOwnerKeyUtil::FindPrivateKey( return private_key_.get() ? private_key_->Copy() : NULL; } +crypto::RSAPrivateKey* MockOwnerKeyUtil::FindPrivateKeyInSlot( + const std::vector<uint8>& key, + PK11SlotInfo* slot) { + return private_key_.get() ? private_key_->Copy() : NULL; +} + bool MockOwnerKeyUtil::IsPublicKeyPresent() { return !public_key_.empty(); } diff --git a/chrome/browser/chromeos/settings/mock_owner_key_util.h b/chrome/browser/chromeos/settings/mock_owner_key_util.h index c3f52bd..9c598e0 100644 --- a/chrome/browser/chromeos/settings/mock_owner_key_util.h +++ b/chrome/browser/chromeos/settings/mock_owner_key_util.h @@ -23,6 +23,9 @@ class MockOwnerKeyUtil : public OwnerKeyUtil { virtual bool ImportPublicKey(std::vector<uint8>* output) OVERRIDE; virtual crypto::RSAPrivateKey* FindPrivateKey( const std::vector<uint8>& key) OVERRIDE; + virtual crypto::RSAPrivateKey* FindPrivateKeyInSlot( + const std::vector<uint8>& key, + PK11SlotInfo* slot) OVERRIDE; virtual bool IsPublicKeyPresent() OVERRIDE; // Clears the public and private keys. diff --git a/chrome/browser/chromeos/settings/owner_key_util.cc b/chrome/browser/chromeos/settings/owner_key_util.cc index d98fe07..752c372 100644 --- a/chrome/browser/chromeos/settings/owner_key_util.cc +++ b/chrome/browser/chromeos/settings/owner_key_util.cc @@ -70,6 +70,12 @@ crypto::RSAPrivateKey* OwnerKeyUtilImpl::FindPrivateKey( return crypto::RSAPrivateKey::FindFromPublicKeyInfo(key); } +crypto::RSAPrivateKey* OwnerKeyUtilImpl::FindPrivateKeyInSlot( + const std::vector<uint8>& key, + PK11SlotInfo* slot) { + return crypto::RSAPrivateKey::FindFromPublicKeyInfoInSlot(key, slot); +} + bool OwnerKeyUtilImpl::IsPublicKeyPresent() { return base::PathExists(key_file_); } diff --git a/chrome/browser/chromeos/settings/owner_key_util.h b/chrome/browser/chromeos/settings/owner_key_util.h index 8e42a50..8522db7 100644 --- a/chrome/browser/chromeos/settings/owner_key_util.h +++ b/chrome/browser/chromeos/settings/owner_key_util.h @@ -13,6 +13,7 @@ #include "base/files/file_path.h" #include "base/gtest_prod_util.h" #include "base/memory/ref_counted.h" +#include "net/cert/x509_util_nss.h" namespace base { class FilePath; @@ -38,9 +39,19 @@ class OwnerKeyUtil : public base::RefCountedThreadSafe<OwnerKeyUtil> { // Looks for the private key associated with |key| in the default slot, // and returns it if it can be found. Returns NULL otherwise. // Caller takes ownership. + // + // TODO (ygorshenin@): this function is deprecated and should be + // removed, see crbug.com/372316. virtual crypto::RSAPrivateKey* FindPrivateKey( const std::vector<uint8>& key) = 0; + // Looks for the private key associated with |key| in the |slot| + // and returns it if it can be found. Returns NULL otherwise. + // Caller takes ownership. + virtual crypto::RSAPrivateKey* FindPrivateKeyInSlot( + const std::vector<uint8>& key, + PK11SlotInfo* slot) = 0; + // Checks whether the public key is present in the file system. virtual bool IsPublicKeyPresent() = 0; @@ -63,6 +74,9 @@ class OwnerKeyUtilImpl : public OwnerKeyUtil { virtual bool ImportPublicKey(std::vector<uint8>* output) OVERRIDE; virtual crypto::RSAPrivateKey* FindPrivateKey( const std::vector<uint8>& key) OVERRIDE; + virtual crypto::RSAPrivateKey* FindPrivateKeyInSlot( + const std::vector<uint8>& key, + PK11SlotInfo* slot) OVERRIDE; virtual bool IsPublicKeyPresent() OVERRIDE; protected: diff --git a/chrome/browser/chromeos/settings/session_manager_operation.cc b/chrome/browser/chromeos/settings/session_manager_operation.cc index b95d283..f8ec443 100644 --- a/chrome/browser/chromeos/settings/session_manager_operation.cc +++ b/chrome/browser/chromeos/settings/session_manager_operation.cc @@ -11,8 +11,11 @@ #include "base/stl_util.h" #include "base/task_runner_util.h" #include "base/threading/sequenced_worker_pool.h" +#include "chrome/browser/chromeos/login/users/user.h" +#include "chrome/browser/chromeos/login/users/user_manager.h" #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" #include "chrome/browser/chromeos/settings/owner_key_util.h" +#include "chrome/browser/net/nss_context.h" #include "components/policy/core/common/cloud/cloud_policy_constants.h" #include "content/public/browser/browser_thread.h" #include "crypto/rsa_private_key.h" @@ -72,16 +75,19 @@ void SessionManagerOperation::ReportResult( void SessionManagerOperation::EnsureOwnerKey(const base::Closure& callback) { if (force_key_load_ || !owner_key_.get() || !owner_key_->public_key()) { scoped_refptr<base::TaskRunner> task_runner = - content::BrowserThread::GetBlockingPool()-> - GetTaskRunnerWithShutdownBehavior( - base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); + content::BrowserThread::GetBlockingPool() + ->GetTaskRunnerWithShutdownBehavior( + base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); base::PostTaskAndReplyWithResult( task_runner.get(), FROM_HERE, base::Bind(&SessionManagerOperation::LoadOwnerKey, - owner_key_util_, owner_key_), + owner_key_util_, + owner_key_, + slot_), base::Bind(&SessionManagerOperation::StoreOwnerKey, - weak_factory_.GetWeakPtr(), callback)); + weak_factory_.GetWeakPtr(), + callback)); } else { callback.Run(); } @@ -90,7 +96,8 @@ void SessionManagerOperation::EnsureOwnerKey(const base::Closure& callback) { // static scoped_refptr<OwnerKey> SessionManagerOperation::LoadOwnerKey( scoped_refptr<OwnerKeyUtil> util, - scoped_refptr<OwnerKey> current_key) { + scoped_refptr<OwnerKey> current_key, + PK11SlotInfo* slot) { scoped_ptr<std::vector<uint8> > public_key; scoped_ptr<crypto::RSAPrivateKey> private_key; @@ -109,7 +116,7 @@ scoped_refptr<OwnerKey> SessionManagerOperation::LoadOwnerKey( } if (public_key.get() && !private_key.get()) { - private_key.reset(util->FindPrivateKey(*public_key)); + private_key.reset(util->FindPrivateKeyInSlot(*public_key, slot)); if (!private_key.get()) VLOG(1) << "Failed to load private owner key."; } diff --git a/chrome/browser/chromeos/settings/session_manager_operation.h b/chrome/browser/chromeos/settings/session_manager_operation.h index f15e0eb..6d7d566 100644 --- a/chrome/browser/chromeos/settings/session_manager_operation.h +++ b/chrome/browser/chromeos/settings/session_manager_operation.h @@ -11,6 +11,7 @@ #include "base/memory/scoped_ptr.h" #include "chrome/browser/chromeos/policy/device_cloud_policy_validator.h" #include "chrome/browser/chromeos/settings/device_settings_service.h" +#include "net/cert/x509_util_nss.h" namespace enterprise_management { class ChromeDeviceSettingsProto; @@ -66,6 +67,9 @@ class SessionManagerOperation { force_key_load_ = force_key_load; } + void set_username(const std::string& username) { username_ = username; } + void set_slot(PK11SlotInfo* slot) { slot_ = slot; } + protected: // Runs the operation. The result is reported through |callback_|. virtual void Run() = 0; @@ -88,7 +92,8 @@ class SessionManagerOperation { // Loads the owner key from disk. Must be run on a thread that can do I/O. static scoped_refptr<OwnerKey> LoadOwnerKey( scoped_refptr<OwnerKeyUtil> util, - scoped_refptr<OwnerKey> current_key); + scoped_refptr<OwnerKey> current_key, + PK11SlotInfo* slot); // Stores the owner key loaded by LoadOwnerKey and calls |callback|. void StoreOwnerKey(const base::Closure& callback, @@ -112,6 +117,8 @@ class SessionManagerOperation { scoped_refptr<OwnerKey> owner_key_; bool force_key_load_; + std::string username_; + PK11SlotInfo* slot_; bool is_loading_; scoped_ptr<enterprise_management::PolicyData> policy_data_; |