File: system_token_cert_db_storage.h

package info (click to toggle)
chromium 138.0.7204.183-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 6,071,908 kB
  • sloc: cpp: 34,937,088; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,953; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,806; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (115 lines) | stat: -rw-r--r-- 4,562 bytes parent folder | download | duplicates (8) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
 
// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROMEOS_ASH_COMPONENTS_NETWORK_SYSTEM_TOKEN_CERT_DB_STORAGE_H_
#define CHROMEOS_ASH_COMPONENTS_NETWORK_SYSTEM_TOKEN_CERT_DB_STORAGE_H_

#include "base/callback_list.h"
#include "base/component_export.h"
#include "base/functional/callback.h"
#include "base/functional/callback_forward.h"
#include "base/memory/raw_ptr.h"
#include "base/observer_list.h"
#include "base/observer_list_types.h"
#include "base/sequence_checker.h"
#include "base/time/time.h"
#include "base/timer/timer.h"

namespace net {
class NSSCertDatabase;
}

namespace ash {

// Used by SystemTokenCertDbInitializer to save the system token certificate
// database when it is ready.
// This class is following the singleton pattern. The single global instance is
// initialized and destroyed by `ChromeBrowserMainPartsAsh`.
class COMPONENT_EXPORT(CHROMEOS_NETWORK) SystemTokenCertDbStorage {
 public:
  // An observer that gets notified when the global NSSCertDatabase is about to
  // be destroyed.
  class Observer : public base::CheckedObserver {
   public:
    // Called when the global NSSCertDatabase is about to be destroyed.
    // Consumers of that database should drop any reference to it and stop using
    // it.
    virtual void OnSystemTokenCertDbDestroyed() = 0;
  };

  SystemTokenCertDbStorage(const SystemTokenCertDbStorage&) = delete;
  SystemTokenCertDbStorage& operator=(const SystemTokenCertDbStorage&) = delete;

  // It is stated in cryptohome implementation that 5 minutes is enough time to
  // wait for any TPM operations. For more information, please refer to:
  // https://chromium.googlesource.com/chromiumos/platform2/+/main/cryptohome/cryptohome.cc
  static constexpr base::TimeDelta kMaxCertDbRetrievalDelay = base::Minutes(5);

  // Called by `ChromeBrowserMainPartsAsh` to initialize a global
  // SystemTokenCertDbStorage instance.
  static void Initialize();

  // Called by `ChromeBrowserMainPartsAsh` to delete the global
  // SystemTokenCertDbStorage instance.
  static void Shutdown();

  // Returns a global instance. May return null if not initialized.
  static SystemTokenCertDbStorage* Get();

  void AddObserver(Observer* observer);
  void RemoveObserver(Observer* observer);

  // Used by SystemTokenCertDbInitializer to save the system token certificate
  // database when it is ready.
  // Note: This method is expected to be called only once by the
  // SystemTokenCertDbInitializer.
  void SetDatabase(net::NSSCertDatabase* system_token_cert_database);

  // Used by SystemTokenCertDbInitializer to reset the system token certificate
  // database and notify observers that it is not usable anymore.
  void ResetDatabase();

  // Retrieves the global NSSCertDatabase for the system token and passes it to
  // |callback|. If the database is already initialized, calls |callback|
  // immediately. Otherwise, |callback| will be called with the database when it
  // is initialized or with a nullptr if the initialization failed.
  // To be notified when the returned NSSCertDatabase becomes invalid, callers
  // should register as Observer.
  using GetDatabaseCallback =
      base::OnceCallback<void(net::NSSCertDatabase* nss_cert_database)>;
  void GetDatabase(GetDatabaseCallback callback);

 private:
  SystemTokenCertDbStorage();
  ~SystemTokenCertDbStorage();

  // Called after a delay if the system token certificate database was still not
  // initialized when |GetDatabase| was called. This function notifies
  // |get_system_token_cert_db_callback_list_| with nullptrs as a way of
  // informing callers that the database initialization failed.
  void OnSystemTokenDbRetrievalTimeout();

  // List of callbacks that should be executed when the system token certificate
  // database is created.
  base::OnceCallbackList<GetDatabaseCallback::RunType>
      get_system_token_cert_db_callback_list_;

  // List of observers that will be notified when the global system token
  // NSSCertDatabase is destroyed.
  base::ObserverList<Observer> observers_;

  // Global NSSCertDatabase which sees the system token. Owned by
  // SystemTokenCertDbInitializer.
  raw_ptr<net::NSSCertDatabase> system_token_cert_database_ = nullptr;

  bool system_token_cert_db_retrieval_failed_ = false;

  base::OneShotTimer system_token_cert_db_retrieval_timer_;

  SEQUENCE_CHECKER(sequence_checker_);
};

}  // namespace ash

#endif  // CHROMEOS_ASH_COMPONENTS_NETWORK_SYSTEM_TOKEN_CERT_DB_STORAGE_H_