diff options
Diffstat (limited to 'chrome/browser')
8 files changed, 49 insertions, 45 deletions
diff --git a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc index feadf19..b995ba0 100644 --- a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc +++ b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc @@ -77,6 +77,7 @@ #include "chrome/common/pref_names.h" #include "chromeos/audio/audio_devices_pref_handler.h" #include "chromeos/audio/cras_audio_handler.h" +#include "chromeos/cert_loader.h" #include "chromeos/chromeos_paths.h" #include "chromeos/chromeos_switches.h" #include "chromeos/cryptohome/async_method_caller.h" @@ -93,6 +94,7 @@ #include "chromeos/network/network_handler.h" #include "chromeos/power/power_data_collector.h" #include "chromeos/system/statistics_provider.h" +#include "chromeos/tpm_token_loader.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/notification_service.h" #include "content/public/browser/power_save_blocker.h" @@ -266,6 +268,7 @@ class DBusServices { LoginState::Initialize(); SystemSaltGetter::Initialize(); + TPMTokenLoader::Initialize(); CertLoader::Initialize(); // This function and SystemKeyEventListener use InputMethodManager. @@ -314,6 +317,8 @@ class DBusServices { SystemSaltGetter::Shutdown(); LoginState::Shutdown(); + CertLoader::Shutdown(); + TPMTokenLoader::Shutdown(); CrosDBusService::Shutdown(); @@ -410,7 +415,7 @@ void ChromeBrowserMainPartsChromeos::PostMainMessageLoopStart() { // about_flags settings are applied in ChromeBrowserMainParts::PreCreateThreads. void ChromeBrowserMainPartsChromeos::PreMainMessageLoopRun() { // Set the crypto thread after the IO thread has been created/started. - CertLoader::Get()->SetCryptoTaskRunner( + TPMTokenLoader::Get()->SetCryptoTaskRunner( content::BrowserThread::GetMessageLoopProxyForThread( content::BrowserThread::IO)); diff --git a/chrome/browser/chromeos/login/parallel_authenticator_unittest.cc b/chrome/browser/chromeos/login/parallel_authenticator_unittest.cc index 1a61dc2..08f02bd 100644 --- a/chrome/browser/chromeos/login/parallel_authenticator_unittest.cc +++ b/chrome/browser/chromeos/login/parallel_authenticator_unittest.cc @@ -317,11 +317,11 @@ TEST_F(ParallelAuthenticatorTest, ResolveOwnerNeededFailedMount) { SetAndResolveState(auth_.get(), state_.release())); EXPECT_TRUE(LoginState::Get()->IsInSafeMode()); - // Simulate certificates load event. The exact certificates loaded are not - // actually used by the DeviceSettingsService, so it is OK to pass an empty - // list. - DeviceSettingsService::Get()->OnCertificatesLoaded(net::CertificateList(), - true); + // Simulate TPM token ready event. The tpm token parameters are not + // actually used by the DeviceSettingsService, so it is OK to pass arbitrary + // values. + DeviceSettingsService::Get()->OnTPMTokenReady("pin", "token_name", 0); + // Flush all the pending operations. The operations should induce an owner // verification. device_settings_test_helper_.Flush(); diff --git a/chrome/browser/chromeos/options/vpn_config_view.cc b/chrome/browser/chromeos/options/vpn_config_view.cc index e737b9d..3c1ffae 100644 --- a/chrome/browser/chromeos/options/vpn_config_view.cc +++ b/chrome/browser/chromeos/options/vpn_config_view.cc @@ -5,6 +5,7 @@ #include "chrome/browser/chromeos/options/vpn_config_view.h" #include "ash/system/chromeos/network/network_connect.h" +#include "base/bind.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "base/strings/utf_string_conversions.h" diff --git a/chrome/browser/chromeos/options/wifi_config_view.cc b/chrome/browser/chromeos/options/wifi_config_view.cc index 412954a..2f749d0 100644 --- a/chrome/browser/chromeos/options/wifi_config_view.cc +++ b/chrome/browser/chromeos/options/wifi_config_view.cc @@ -5,6 +5,7 @@ #include "chrome/browser/chromeos/options/wifi_config_view.h" #include "ash/system/chromeos/network/network_connect.h" +#include "base/bind.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "base/strings/utf_string_conversions.h" diff --git a/chrome/browser/chromeos/options/wimax_config_view.cc b/chrome/browser/chromeos/options/wimax_config_view.cc index 2fe342f..2b4eff8 100644 --- a/chrome/browser/chromeos/options/wimax_config_view.cc +++ b/chrome/browser/chromeos/options/wimax_config_view.cc @@ -5,6 +5,7 @@ #include "chrome/browser/chromeos/options/wimax_config_view.h" #include "ash/system/chromeos/network/network_connect.h" +#include "base/bind.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "base/strings/utf_string_conversions.h" diff --git a/chrome/browser/chromeos/settings/device_settings_service.cc b/chrome/browser/chromeos/settings/device_settings_service.cc index 1173a87..5aa7efe 100644 --- a/chrome/browser/chromeos/settings/device_settings_service.cc +++ b/chrome/browser/chromeos/settings/device_settings_service.cc @@ -72,21 +72,21 @@ DeviceSettingsService* DeviceSettingsService::Get() { DeviceSettingsService::DeviceSettingsService() : session_manager_client_(NULL), - weak_factory_(this), store_status_(STORE_SUCCESS), - certificates_loaded_(false), - owner_key_loaded_with_certificates_(false), - load_retries_left_(kMaxLoadRetries) { - if (CertLoader::IsInitialized()) { - certificates_loaded_ = CertLoader::Get()->certificates_loaded(); - CertLoader::Get()->AddObserver(this); + waiting_for_tpm_token_(true), + owner_key_loaded_with_tpm_token_(false), + load_retries_left_(kMaxLoadRetries), + weak_factory_(this) { + if (TPMTokenLoader::IsInitialized()) { + waiting_for_tpm_token_ = !TPMTokenLoader::Get()->IsTPMTokenReady(); + TPMTokenLoader::Get()->AddObserver(this); } } DeviceSettingsService::~DeviceSettingsService() { DCHECK(pending_operations_.empty()); - if (CertLoader::IsInitialized()) - CertLoader::Get()->RemoveObserver(this); + if (TPMTokenLoader::IsInitialized()) + TPMTokenLoader::Get()->RemoveObserver(this); } void DeviceSettingsService::SetSessionManager( @@ -179,7 +179,7 @@ bool DeviceSettingsService::HasPrivateOwnerKey() { void DeviceSettingsService::IsCurrentUserOwnerAsync( const IsCurrentUserOwnerCallback& callback) { - if (owner_key_loaded_with_certificates_) { + if (owner_key_loaded_with_tpm_token_) { // If the current owner key was loaded while the certificates were loaded, // or the certificate loader is not initialized, in which case the private // key cannot be set, report status immediately. @@ -235,11 +235,12 @@ void DeviceSettingsService::PropertyChangeComplete(bool success) { EnsureReload(false); } -void DeviceSettingsService::OnCertificatesLoaded( - const net::CertificateList& cert_list, - bool initial_load) { - certificates_loaded_ = true; - // CertLoader initializes the TPM and NSS database which is necessary to +void DeviceSettingsService::OnTPMTokenReady(const std::string& tpm_user_pin, + const std::string& tpm_token_name, + int tpm_token_slot_id) { + waiting_for_tpm_token_ = false; + + // TPMTokenLoader initializes the TPM and NSS database which is necessary to // determine ownership. Force a reload once we know these are initialized. EnsureReload(true); } @@ -338,8 +339,8 @@ void DeviceSettingsService::HandleCompletedOperation( iter->Run(ownership_status); } - if (certificates_loaded_) { - owner_key_loaded_with_certificates_ = true; + if (!waiting_for_tpm_token_) { + owner_key_loaded_with_tpm_token_ = true; std::vector<IsCurrentUserOwnerCallback> is_owner_callbacks; is_owner_callbacks.swap(pending_is_current_user_owner_callbacks_); for (std::vector<IsCurrentUserOwnerCallback>::iterator iter( diff --git a/chrome/browser/chromeos/settings/device_settings_service.h b/chrome/browser/chromeos/settings/device_settings_service.h index 1d66569..b70a753 100644 --- a/chrome/browser/chromeos/settings/device_settings_service.h +++ b/chrome/browser/chromeos/settings/device_settings_service.h @@ -15,8 +15,8 @@ #include "base/memory/ref_counted.h" #include "base/memory/scoped_ptr.h" #include "base/observer_list.h" -#include "chromeos/cert_loader.h" #include "chromeos/dbus/session_manager_client.h" +#include "chromeos/tpm_token_loader.h" #include "components/policy/core/common/cloud/cloud_policy_validator.h" namespace crypto { @@ -73,7 +73,7 @@ class OwnerKey : public base::RefCountedThreadSafe<OwnerKey> { // DeviceSettingsService generates notifications for key and policy update // events so interested parties can reload state as appropriate. class DeviceSettingsService : public SessionManagerClient::Observer, - public CertLoader::Observer { + public TPMTokenLoader::Observer { public: // Indicates ownership status of the device. enum OwnershipStatus { @@ -196,9 +196,10 @@ class DeviceSettingsService : public SessionManagerClient::Observer, virtual void OwnerKeySet(bool success) OVERRIDE; virtual void PropertyChangeComplete(bool success) OVERRIDE; - // CertLoader::Observer: - virtual void OnCertificatesLoaded(const net::CertificateList& cert_list, - bool initial_load) OVERRIDE; + // TPMTokenLoader::Observer: + virtual void OnTPMTokenReady(const std::string& tpm_user_pin, + const std::string& tpm_token_name, + int tpm_token_slot_id) OVERRIDE; private: // Enqueues a new operation. Takes ownership of |operation| and starts it @@ -224,8 +225,6 @@ class DeviceSettingsService : public SessionManagerClient::Observer, SessionManagerClient* session_manager_client_; scoped_refptr<OwnerKeyUtil> owner_key_util_; - base::WeakPtrFactory<DeviceSettingsService> weak_factory_; - Status store_status_; std::vector<OwnershipStatusCallback> pending_ownership_status_callbacks_; @@ -234,11 +233,11 @@ class DeviceSettingsService : public SessionManagerClient::Observer, std::string username_; scoped_refptr<OwnerKey> owner_key_; - // Whether certificates have been loaded by CertLoader. - bool certificates_loaded_; - // Whether certificates were loaded when the current owner key was set. + // Whether TPM token still needs to be initialized. + bool waiting_for_tpm_token_; + // Whether TPM token was ready when the current owner key was set. // Implies that the current user is owner iff the private owner key is set. - bool owner_key_loaded_with_certificates_; + bool owner_key_loaded_with_tpm_token_; scoped_ptr<enterprise_management::PolicyData> policy_data_; scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> device_settings_; @@ -252,6 +251,8 @@ class DeviceSettingsService : public SessionManagerClient::Observer, // For recoverable load errors how many retries are left before we give up. int load_retries_left_; + base::WeakPtrFactory<DeviceSettingsService> weak_factory_; + DISALLOW_COPY_AND_ASSIGN(DeviceSettingsService); }; diff --git a/chrome/browser/chromeos/settings/device_settings_service_unittest.cc b/chrome/browser/chromeos/settings/device_settings_service_unittest.cc index 2bcc1c0..aaa3cea 100644 --- a/chrome/browser/chromeos/settings/device_settings_service_unittest.cc +++ b/chrome/browser/chromeos/settings/device_settings_service_unittest.cc @@ -323,7 +323,7 @@ TEST_F(DeviceSettingsServiceTest, OwnershipStatus) { EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN, ownership_status_); } -TEST_F(DeviceSettingsServiceTest, OnCertificatesLoadedForNonOwner) { +TEST_F(DeviceSettingsServiceTest, OnTPMTokenReadyForNonOwner) { owner_key_util_->Clear(); EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey()); @@ -349,9 +349,7 @@ TEST_F(DeviceSettingsServiceTest, OnCertificatesLoadedForNonOwner) { device_settings_service_.GetOwnershipStatus()); EXPECT_FALSE(is_owner_set_); - // Simulate CertLoader reporting a new set of certificates. The passed - // certificates are ignored. - device_settings_service_.OnCertificatesLoaded(net::CertificateList(), true); + device_settings_service_.OnTPMTokenReady("tpm_pin", "tpm_token", 0); FlushDeviceSettings(); EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey()); @@ -366,7 +364,7 @@ TEST_F(DeviceSettingsServiceTest, OnCertificatesLoadedForNonOwner) { EXPECT_FALSE(is_owner_); } -TEST_F(DeviceSettingsServiceTest, OnCertificatesLoadedForOwner) { +TEST_F(DeviceSettingsServiceTest, OnTPMTokenReadyForOwner) { owner_key_util_->Clear(); EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey()); @@ -394,9 +392,7 @@ TEST_F(DeviceSettingsServiceTest, OnCertificatesLoadedForOwner) { owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); device_settings_service_.SetUsername(device_policy_.policy_data().username()); - // Simulate CertLoader reporting a new set of certificates. The passed - // certificates are ignored. - device_settings_service_.OnCertificatesLoaded(net::CertificateList(), true); + device_settings_service_.OnTPMTokenReady("tpm_pin", "tpm_token_name", 0); FlushDeviceSettings(); EXPECT_TRUE(device_settings_service_.HasPrivateOwnerKey()); @@ -424,9 +420,7 @@ TEST_F(DeviceSettingsServiceTest, IsCurrentUserOwnerAsyncWithLoadedCerts) { device_settings_service_.SetUsername(device_policy_.policy_data().username()); ReloadDeviceSettings(); - // Simulate CertLoader reporting a new set of certificates. The passed - // certificates are ignored. - device_settings_service_.OnCertificatesLoaded(net::CertificateList(), true); + device_settings_service_.OnTPMTokenReady("tpm_pin", "tpm_token_name", 0); FlushDeviceSettings(); EXPECT_TRUE(device_settings_service_.HasPrivateOwnerKey()); |