src/chrome/browser/chromeos/net/client_cert_filter_chromeos.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h"
   6
   7 #include "base/bind.h"
   8 #include "crypto/nss_util_internal.h"
   9 #include "net/cert/x509_certificate.h"
  10
  11 namespace chromeos {
  12
  13 ClientCertFilterChromeOS::ClientCertFilterChromeOS(
  14     bool use_system_slot,
  15     const std::string& username_hash)
  16     : init_called_(false),
  17       use_system_slot_(use_system_slot),
  18       username_hash_(username_hash),
  19       weak_ptr_factory_(this) {
  20 }
  21
  22 ClientCertFilterChromeOS::~ClientCertFilterChromeOS() {
  23 }
  24
  25 bool ClientCertFilterChromeOS::Init(const base::Closure& callback) {
  26   DCHECK(!init_called_);
  27   init_called_ = true;
  28
  29   init_callback_ = callback;
  30   if (use_system_slot_) {
  31     system_slot_ = crypto::GetSystemNSSKeySlot(
  32                        base::Bind(&ClientCertFilterChromeOS::GotSystemSlot,
  33                                   weak_ptr_factory_.GetWeakPtr())).Pass();
  34   }
  35   private_slot_ =
  36       crypto::GetPrivateSlotForChromeOSUser(
  37           username_hash_, base::Bind(&ClientCertFilterChromeOS::GotPrivateSlot,
  38                                      weak_ptr_factory_.GetWeakPtr())).Pass();
  39
  40   // Do not call back if we initialized synchronously.
  41   return InitIfSlotsAvailable();
  42 }
  43
  44 bool ClientCertFilterChromeOS::IsCertAllowed(
  45     const scoped_refptr<net::X509Certificate>& cert) const {
  46   return nss_profile_filter_.IsCertAllowed(cert->os_cert_handle());
  47 }
  48
  49 void ClientCertFilterChromeOS::GotSystemSlot(
  50     crypto::ScopedPK11Slot system_slot) {
  51   system_slot_ = system_slot.Pass();
  52   if (InitIfSlotsAvailable() && !init_callback_.is_null()) {
  53     init_callback_.Run();
  54     init_callback_.Reset();
  55   }
  56 }
  57
  58 void ClientCertFilterChromeOS::GotPrivateSlot(
  59     crypto::ScopedPK11Slot private_slot) {
  60   private_slot_ = private_slot.Pass();
  61   if (InitIfSlotsAvailable() && !init_callback_.is_null()) {
  62     init_callback_.Run();
  63     init_callback_.Reset();
  64   }
  65 }
  66
  67 bool ClientCertFilterChromeOS::InitIfSlotsAvailable() {
  68   if ((use_system_slot_ && !system_slot_) || !private_slot_)
  69     return false;
  70   nss_profile_filter_.Init(crypto::GetPublicSlotForChromeOSUser(username_hash_),
  71                            private_slot_.Pass(),
  72                            system_slot_.Pass());
  73   return true;
  74 }
  75
  76 }  // namespace chromeos