1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/net/nss_context.h" 6 7 #include "base/memory/weak_ptr.h" 8 #include "base/supports_user_data.h" 9 #include "chrome/browser/profiles/profile_io_data.h" 10 #include "content/public/browser/browser_thread.h" 11 #include "crypto/nss_util_internal.h" 12 #include "net/cert/nss_cert_database_chromeos.h" 13 14 namespace { 15 16 void* kDatabaseManagerKey = &kDatabaseManagerKey; 17 18 class NSSCertDatabaseChromeOSManager : public base::SupportsUserData::Data { 19 public: 20 typedef base::Callback<void(net::NSSCertDatabaseChromeOS*)> 21 GetNSSCertDatabaseCallback; 22 explicit NSSCertDatabaseChromeOSManager(const std::string& username_hash) 23 : username_hash_(username_hash), weak_ptr_factory_(this) { 24 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); 25 crypto::ScopedPK11Slot private_slot(crypto::GetPrivateSlotForChromeOSUser( 26 username_hash, 27 base::Bind(&NSSCertDatabaseChromeOSManager::DidGetPrivateSlot, 28 weak_ptr_factory_.GetWeakPtr()))); 29 if (private_slot) 30 DidGetPrivateSlot(private_slot.Pass()); 31 } 32 33 virtual ~NSSCertDatabaseChromeOSManager() { 34 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); 35 } 36 37 net::NSSCertDatabaseChromeOS* GetNSSCertDatabase( 38 const GetNSSCertDatabaseCallback& callback) { 39 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); 40 41 if (nss_cert_database_) 42 return nss_cert_database_.get(); 43 44 ready_callback_list_.push_back(callback); 45 return NULL; 46 } 47 48 private: 49 typedef std::vector<GetNSSCertDatabaseCallback> ReadyCallbackList; 50 51 void DidGetPrivateSlot(crypto::ScopedPK11Slot private_slot) { 52 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); 53 nss_cert_database_.reset(new net::NSSCertDatabaseChromeOS( 54 crypto::GetPublicSlotForChromeOSUser(username_hash_), 55 private_slot.Pass())); 56 57 ReadyCallbackList callback_list; 58 callback_list.swap(ready_callback_list_); 59 for (ReadyCallbackList::iterator i = callback_list.begin(); 60 i != callback_list.end(); 61 ++i) { 62 (*i).Run(nss_cert_database_.get()); 63 } 64 } 65 66 std::string username_hash_; 67 scoped_ptr<net::NSSCertDatabaseChromeOS> nss_cert_database_; 68 ReadyCallbackList ready_callback_list_; 69 base::WeakPtrFactory<NSSCertDatabaseChromeOSManager> weak_ptr_factory_; 70 71 DISALLOW_COPY_AND_ASSIGN(NSSCertDatabaseChromeOSManager); 72 }; 73 74 std::string GetUsername(content::ResourceContext* context) { 75 return ProfileIOData::FromResourceContext(context)->username_hash(); 76 } 77 78 net::NSSCertDatabaseChromeOS* GetNSSCertDatabaseChromeOS( 79 content::ResourceContext* context, 80 const NSSCertDatabaseChromeOSManager::GetNSSCertDatabaseCallback& 81 callback) { 82 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); 83 NSSCertDatabaseChromeOSManager* manager = 84 static_cast<NSSCertDatabaseChromeOSManager*>( 85 context->GetUserData(kDatabaseManagerKey)); 86 if (!manager) { 87 manager = new NSSCertDatabaseChromeOSManager(GetUsername(context)); 88 context->SetUserData(kDatabaseManagerKey, manager); 89 } 90 return manager->GetNSSCertDatabase(callback); 91 } 92 93 void CallWithNSSCertDatabase( 94 const base::Callback<void(net::NSSCertDatabase*)>& callback, 95 net::NSSCertDatabaseChromeOS* db) { 96 callback.Run(db); 97 } 98 99 void SetSystemSlot(crypto::ScopedPK11Slot system_slot, 100 net::NSSCertDatabaseChromeOS* db) { 101 db->SetSystemSlot(system_slot.Pass()); 102 } 103 104 void SetSystemSlotOfDBForResourceContext(content::ResourceContext* context, 105 crypto::ScopedPK11Slot system_slot) { 106 base::Callback<void(net::NSSCertDatabaseChromeOS*)> callback = 107 base::Bind(&SetSystemSlot, base::Passed(&system_slot)); 108 109 net::NSSCertDatabaseChromeOS* db = 110 GetNSSCertDatabaseChromeOS(context, callback); 111 if (db) 112 callback.Run(db); 113 } 114 115 } // namespace 116 117 crypto::ScopedPK11Slot GetPublicNSSKeySlotForResourceContext( 118 content::ResourceContext* context) { 119 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); 120 return crypto::GetPublicSlotForChromeOSUser(GetUsername(context)); 121 } 122 123 crypto::ScopedPK11Slot GetPrivateNSSKeySlotForResourceContext( 124 content::ResourceContext* context, 125 const base::Callback<void(crypto::ScopedPK11Slot)>& callback) { 126 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); 127 return crypto::GetPrivateSlotForChromeOSUser(GetUsername(context), callback); 128 } 129 130 net::NSSCertDatabase* GetNSSCertDatabaseForResourceContext( 131 content::ResourceContext* context, 132 const base::Callback<void(net::NSSCertDatabase*)>& callback) { 133 return GetNSSCertDatabaseChromeOS( 134 context, base::Bind(&CallWithNSSCertDatabase, callback)); 135 } 136 137 void EnableNSSSystemKeySlotForResourceContext( 138 content::ResourceContext* context) { 139 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); 140 base::Callback<void(crypto::ScopedPK11Slot)> callback = 141 base::Bind(&SetSystemSlotOfDBForResourceContext, context); 142 crypto::ScopedPK11Slot system_slot = crypto::GetSystemNSSKeySlot(callback); 143 if (system_slot) 144 callback.Run(system_slot.Pass()); 145 } 146
