1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/net/nss_context.h"
6
7#include "base/memory/weak_ptr.h"
8#include "base/supports_user_data.h"
9#include "chrome/browser/profiles/profile_io_data.h"
10#include "content/public/browser/browser_thread.h"
11#include "crypto/nss_util_internal.h"
12#include "net/cert/nss_cert_database_chromeos.h"
13
14namespace {
15
16void* kDatabaseManagerKey = &kDatabaseManagerKey;
17
18class NSSCertDatabaseChromeOSManager : public base::SupportsUserData::Data {
19 public:
20  typedef base::Callback<void(net::NSSCertDatabaseChromeOS*)>
21      GetNSSCertDatabaseCallback;
22  explicit NSSCertDatabaseChromeOSManager(const std::string& username_hash)
23      : username_hash_(username_hash), weak_ptr_factory_(this) {
24    DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
25    crypto::ScopedPK11Slot private_slot(crypto::GetPrivateSlotForChromeOSUser(
26        username_hash,
27        base::Bind(&NSSCertDatabaseChromeOSManager::DidGetPrivateSlot,
28                   weak_ptr_factory_.GetWeakPtr())));
29    if (private_slot)
30      DidGetPrivateSlot(private_slot.Pass());
31  }
32
33  virtual ~NSSCertDatabaseChromeOSManager() {
34    DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
35  }
36
37  net::NSSCertDatabaseChromeOS* GetNSSCertDatabase(
38      const GetNSSCertDatabaseCallback& callback) {
39    DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
40
41    if (nss_cert_database_)
42      return nss_cert_database_.get();
43
44    ready_callback_list_.push_back(callback);
45    return NULL;
46  }
47
48 private:
49  typedef std::vector<GetNSSCertDatabaseCallback> ReadyCallbackList;
50
51  void DidGetPrivateSlot(crypto::ScopedPK11Slot private_slot) {
52    DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
53    nss_cert_database_.reset(new net::NSSCertDatabaseChromeOS(
54        crypto::GetPublicSlotForChromeOSUser(username_hash_),
55        private_slot.Pass()));
56
57    ReadyCallbackList callback_list;
58    callback_list.swap(ready_callback_list_);
59    for (ReadyCallbackList::iterator i = callback_list.begin();
60         i != callback_list.end();
61         ++i) {
62      (*i).Run(nss_cert_database_.get());
63    }
64  }
65
66  std::string username_hash_;
67  scoped_ptr<net::NSSCertDatabaseChromeOS> nss_cert_database_;
68  ReadyCallbackList ready_callback_list_;
69  base::WeakPtrFactory<NSSCertDatabaseChromeOSManager> weak_ptr_factory_;
70
71  DISALLOW_COPY_AND_ASSIGN(NSSCertDatabaseChromeOSManager);
72};
73
74std::string GetUsername(content::ResourceContext* context) {
75  return ProfileIOData::FromResourceContext(context)->username_hash();
76}
77
78net::NSSCertDatabaseChromeOS* GetNSSCertDatabaseChromeOS(
79    content::ResourceContext* context,
80    const NSSCertDatabaseChromeOSManager::GetNSSCertDatabaseCallback&
81        callback) {
82  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
83  NSSCertDatabaseChromeOSManager* manager =
84      static_cast<NSSCertDatabaseChromeOSManager*>(
85          context->GetUserData(kDatabaseManagerKey));
86  if (!manager) {
87    manager = new NSSCertDatabaseChromeOSManager(GetUsername(context));
88    context->SetUserData(kDatabaseManagerKey, manager);
89  }
90  return manager->GetNSSCertDatabase(callback);
91}
92
93void CallWithNSSCertDatabase(
94    const base::Callback<void(net::NSSCertDatabase*)>& callback,
95    net::NSSCertDatabaseChromeOS* db) {
96  callback.Run(db);
97}
98
99void SetSystemSlot(crypto::ScopedPK11Slot system_slot,
100                   net::NSSCertDatabaseChromeOS* db) {
101  db->SetSystemSlot(system_slot.Pass());
102}
103
104void SetSystemSlotOfDBForResourceContext(content::ResourceContext* context,
105                                         crypto::ScopedPK11Slot system_slot) {
106  base::Callback<void(net::NSSCertDatabaseChromeOS*)> callback =
107      base::Bind(&SetSystemSlot, base::Passed(&system_slot));
108
109  net::NSSCertDatabaseChromeOS* db =
110      GetNSSCertDatabaseChromeOS(context, callback);
111  if (db)
112    callback.Run(db);
113}
114
115}  // namespace
116
117crypto::ScopedPK11Slot GetPublicNSSKeySlotForResourceContext(
118    content::ResourceContext* context) {
119  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
120  return crypto::GetPublicSlotForChromeOSUser(GetUsername(context));
121}
122
123crypto::ScopedPK11Slot GetPrivateNSSKeySlotForResourceContext(
124    content::ResourceContext* context,
125    const base::Callback<void(crypto::ScopedPK11Slot)>& callback) {
126  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
127  return crypto::GetPrivateSlotForChromeOSUser(GetUsername(context), callback);
128}
129
130net::NSSCertDatabase* GetNSSCertDatabaseForResourceContext(
131    content::ResourceContext* context,
132    const base::Callback<void(net::NSSCertDatabase*)>& callback) {
133  return GetNSSCertDatabaseChromeOS(
134      context, base::Bind(&CallWithNSSCertDatabase, callback));
135}
136
137void EnableNSSSystemKeySlotForResourceContext(
138    content::ResourceContext* context) {
139  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
140  base::Callback<void(crypto::ScopedPK11Slot)> callback =
141      base::Bind(&SetSystemSlotOfDBForResourceContext, context);
142  crypto::ScopedPK11Slot system_slot = crypto::GetSystemNSSKeySlot(callback);
143  if (system_slot)
144    callback.Run(system_slot.Pass());
145}
146