// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_LACROS_CERT_CERT_DB_INITIALIZER_IMPL_H_
#define CHROME_BROWSER_LACROS_CERT_CERT_DB_INITIALIZER_IMPL_H_
#include <optional>
#include "base/callback_list.h"
#include "base/memory/raw_ptr.h"
#include "base/memory/weak_ptr.h"
#include "chrome/browser/lacros/cert/cert_db_initializer.h"
#include "chrome/browser/lacros/cert/cert_db_initializer_io_impl.h"
#include "chromeos/crosapi/mojom/cert_database.mojom.h"
#include "chromeos/lacros/lacros_service.h"
#include "components/keyed_service/core/keyed_service.h"
#include "crypto/scoped_nss_types.h"
#include "mojo/public/cpp/bindings/receiver.h"
#include "mojo/public/cpp/bindings/remote.h"
#include "net/cert/cert_database.h"
class Profile;
// Initializes the certificate database in Lacros-Chrome for the specified
// profile. This object should only be accessed on the UI thread, and requires
// the Mojo CertDatabase interface to be available on the `LacrosService`.
//
// On Lacros-Chrome, how a database is initialized depends on which profile is
// being used as well as the device capabilities.
//
// - For devices with a dedicated TPM, for the main profile the public slot will
// be in the current user's cryptohome (a path is provided by Ash) and the
// private slot will be on the TPM (its slot id is provided by Ash).
//
// - For devices with a dedicated TPM, Ash may also indicate that Lacros should
// use the system slot stored on the TPM. If indicated, the main profile will
// attempt to load the system slot (its slot id is provided by Ash). In case
// of failure, the profile won't have access to certificates from the system
// slot (it will log an error, but won't crash).
//
// - Devices without a dedicated TPM are currently not fully
// supported. For the main profile the public slot be in the current user's
// cryptohome (a path is provided by Ash), the private slot will be set to a
// read-only slot that does not support modification or permanent objects.
// TODO(b/197082753): Make the private slot reference the public slot (same as
// in Ash).
//
// - For all devices, secondary profiles will be initialized with both
// public and private slots set to read-only slots that do not
// support modification or permanent objects.
//
// - If Ash provides a path/TPM slot, and Lacros is unable to load
// it, Lacros will intentionally crash, to avoid ignoring
// settings from Ash.
//
// - If Ash does not provide a path, this is an unexpected/invalid
// state, but Lacros will fail into read-only mode.
class CertDbInitializerImpl : public CertDbInitializer,
public KeyedService,
public crosapi::mojom::AshCertDatabaseObserver {
public:
explicit CertDbInitializerImpl(Profile* profile);
~CertDbInitializerImpl() override;
// Starts the initialization. For the main profile the database will be
// initialized based on the information provided by Ash. Secondary profiles
// will get a read-only database without any user certificates.
void Start();
// CertDbInitializer
base::CallbackListSubscription WaitUntilReady(
base::OnceClosure callback) override;
NssCertDatabaseGetter CreateNssCertDatabaseGetterForIOThread() override;
// Called when there's a change in certificate database in Ash.
// Forwards the notification to the CertDatabase.
void OnCertsChangedInAsh(
crosapi::mojom::CertDatabaseChangeType change_type) override;
private:
void InitializeForMainProfile();
// Initializes a read-only cert database. It only has access to the built-in
// certs and doesn't allow any modifications.
void InitializeReadOnlyCertDb();
// Queries Ash-Chrome for the user and system slots to use for the profile.
// Should only be called after the software database has been loaded.
void DidLoadSoftwareNssDb();
// Receives information for initializing the main cert database and forwards
// it to `cert_db_initializer_io_`.
void OnCertDbInfoReceived(
crosapi::mojom::GetCertDatabaseInfoResultPtr cert_db_info);
// A part of the legacy initialization flow. Triggers legacy initialization in
// `cert_db_initializer_io_`.
void OnLegacyCertDbInfoReceived(
crosapi::mojom::GetCertDatabaseInfoResultPtr cert_db_info);
// Receives the signal that initialization is finished and notifies observers
// about that.
void OnCertDbInitializationFinished();
// This class is a `KeyedService` based on the `Profile`. An instance is
// created together with a new profile and never outlives it.`
raw_ptr<Profile> profile_ = nullptr;
bool is_ready_ = false;
base::OnceClosureList callbacks_;
// Created on the UI thread, but after that, initialized, accessed, and
// destroyed exclusively on the IO thread. It is safe to pass unretained
// pointers to this object into IO thread tasks because the earliest it can be
// destroyed is in the following task posted from the destructor.
std::unique_ptr<CertDbInitializerIOImpl> cert_db_initializer_io_;
// Receives mojo messages from ash-chrome (under Streaming mode).
mojo::Receiver<crosapi::mojom::AshCertDatabaseObserver> receiver_{this};
base::WeakPtrFactory<CertDbInitializerImpl> weak_factory_{this};
};
#endif // CHROME_BROWSER_LACROS_CERT_CERT_DB_INITIALIZER_IMPL_H_
Codebase Browser
chromium