SystemTokenCertDBInitializer connect to OwnershipTakenSignal.

We are deprecating TpmInitStatus signal by cryptohome. BUG=b:172748724 TEST=unit_tests. TEST=browser_tests. TEST=tast run $DUTIP *RequiredClientCertificateForDevice* Change-Id: Iebd2516e912433aa52ab4775a1e361801989a590 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2563431Reviewed-by: Achuith Bhandarkar <achuith@chromium.org> Commit-Queue: Leo Lai <cylai@google.com> Cr-Commit-Position: refs/heads/master@{#832605}

SystemTokenCertDBInitializer connect to OwnershipTakenSignal.
We are deprecating TpmInitStatus signal by cryptohome. BUG=b:172748724 TEST=unit_tests. TEST=browser_tests. TEST=tast run $DUTIP *RequiredClientCertificateForDevice* Change-Id: Iebd2516e912433aa52ab4775a1e361801989a590 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2563431Reviewed-by: Achuith Bhandarkar <achuith@chromium.org> Commit-Queue: Leo Lai <cylai@google.com> Cr-Commit-Position: refs/heads/master@{#832605}
012d553d · Leo Lai · Chromium LUCI CQ · 59a7dfca · 012d553d · 012d553d
Commit 012d553d authored Dec 02, 2020 by Leo Lai Committed by Chromium LUCI CQ Dec 02, 2020
7 changed files
--- a/chrome/browser/chromeos/login/webview_login_browsertest.cc
+++ b/chrome/browser/chromeos/login/webview_login_browsertest.cc
@@ -62,6 +62,7 @@
 #include "chromeos/constants/chromeos_switches.h"
 #include "chromeos/dbus/cryptohome/fake_cryptohome_client.h"
 #include "chromeos/dbus/session_manager/fake_session_manager_client.h"
+#include "chromeos/dbus/tpm_manager/tpm_manager_client.h"
 #include "chromeos/tpm/tpm_token_loader.h"
 #include "components/content_settings/core/common/pref_names.h"
 #include "components/guest_view/browser/guest_view_manager.h"
@@ -1217,9 +1218,7 @@ IN_PROC_BROWSER_TEST_F(WebviewClientCertsTokenLoadingLoginTest,
  // Report the TPM as ready, triggering the system token initialization by
  // SystemTokenCertDBInitializer.
  cryptohome_client()->set_tpm_is_ready(true);
-  cryptohome_client()->NotifyTpmInitStatusUpdated(
-      /*ready=*/true, /*owned=*/true,
-      /*was_owned_this_boot=*/false);
+  TpmManagerClient::Get()->GetTestInterface()->EmitOwnershipTakenSignal();

  const std::string https_reply_content =
      RequestClientCertTestPageInFrame({"gaia-signin", gaia_frame_parent_});

--- a/chrome/browser/chromeos/system_token_cert_db_initializer.cc
+++ b/chrome/browser/chromeos/system_token_cert_db_initializer.cc
@@ -112,8 +112,8 @@ void SystemTokenCertDBInitializer::ShutDown() {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);

  // Note that the observer could potentially not be added yet, but
-  // RemoveObserver() is a no-op in that case.
-  CryptohomeClient::Get()->RemoveObserver(this);
+  // the operation is a no-op in that case.
+  TpmManagerClient::Get()->RemoveObserver(this);

  // Cancel any in-progress initialization sequence.
  weak_ptr_factory_.InvalidateWeakPtrs();
@@ -127,16 +127,10 @@ void SystemTokenCertDBInitializer::ShutDown() {
  system_token_cert_database_.reset();
 }

-void SystemTokenCertDBInitializer::TpmInitStatusUpdated(
-    bool ready,
-    bool owned,
-    bool was_owned_this_boot) {
+void SystemTokenCertDBInitializer::OnOwnershipTaken() {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);

-  if (ready) {
-    // The TPM "ready" means that it's available && owned && not being owned.
-    MaybeStartInitializingDatabase();
-  }
+  MaybeStartInitializingDatabase();
 }

 void SystemTokenCertDBInitializer::GetSystemTokenCertDb(
@@ -182,7 +176,7 @@ void SystemTokenCertDBInitializer::OnCryptohomeAvailable(bool available) {
  }

  VLOG(1) << "SystemTokenCertDBInitializer: Cryptohome available.";
-  CryptohomeClient::Get()->AddObserver(this);
+  TpmManagerClient::Get()->AddObserver(this);
  CryptohomeClient::Get()->TpmIsReady(
      base::BindOnce(&SystemTokenCertDBInitializer::OnGotTpmIsReady,
                     weak_ptr_factory_.GetWeakPtr()));

--- a/chrome/browser/chromeos/system_token_cert_db_initializer.h
+++ b/chrome/browser/chromeos/system_token_cert_db_initializer.h
@@ -19,6 +19,7 @@
 #include "base/time/time.h"
 #include "base/timer/timer.h"
 #include "chromeos/dbus/cryptohome/cryptohome_client.h"
+#include "chromeos/dbus/tpm_manager/tpm_manager_client.h"
 #include "crypto/scoped_nss_types.h"

 namespace net {
@@ -45,7 +46,7 @@ class SystemTokenCertDBObserver : public base::CheckedObserver {
 // ShutDown() has been called, but must be outlived by this object.
 //
 // All of the methods must be called on the UI thread.
-class SystemTokenCertDBInitializer final : public CryptohomeClient::Observer {
+class SystemTokenCertDBInitializer : public TpmManagerClient::Observer {
 public:
  // It is stated in cryptohome implementation that 5 minutes is enough time to
  // wait for any TPM operations. For more information, please refer to:
@@ -62,10 +63,8 @@ class SystemTokenCertDBInitializer final : public CryptohomeClient::Observer {
  // Stops making new requests to D-Bus services.
  void ShutDown();

-  // CryptohomeClient::Observer:
-  void TpmInitStatusUpdated(bool ready,
-                            bool owned,
-                            bool was_owned_this_boot) override;
+  // TpmManagerClient::Observer overrides.
+  void OnOwnershipTaken() override;

  // Retrieves the global NSSCertDatabase for the system token and passes it to
  // |callback|. If the database is already initialized, calls |callback|
@@ -73,6 +72,7 @@ class SystemTokenCertDBInitializer final : public CryptohomeClient::Observer {
  // initialized.
  // To be notified when the returned NSSCertDatabase becomes invalid, callers
  // should register as SystemTokenCertDBObserver.
+
  using GetSystemTokenCertDbCallback =
      base::OnceCallback<void(net::NSSCertDatabase* nss_cert_database)>;
  void GetSystemTokenCertDb(GetSystemTokenCertDbCallback callback);
@@ -88,7 +88,7 @@ class SystemTokenCertDBInitializer final : public CryptohomeClient::Observer {

  // This is a callback for the cryptohome TpmIsReady query. Note that this is
  // not a listener which would be called once TPM becomes ready if it was not
-  // ready on startup - that event is observed by TpmInitStatusUpdated().
+  // ready on startup - that event is observed by `OnOwnershipTakenSignal()`.
  void OnGotTpmIsReady(base::Optional<bool> tpm_is_ready);

  // Starts loading the system slot and initializing the corresponding NSS cert

--- a/chrome/browser/chromeos/system_token_cert_db_initializer_unittest.cc
+++ b/chrome/browser/chromeos/system_token_cert_db_initializer_unittest.cc
@@ -12,6 +12,7 @@
 #include "base/test/task_environment.h"
 #include "base/time/time.h"
 #include "chromeos/dbus/cryptohome/cryptohome_client.h"
+#include "chromeos/dbus/tpm_manager/tpm_manager_client.h"
 #include "chromeos/network/network_cert_loader.h"
 #include "chromeos/tpm/tpm_token_loader.h"
 #include "content/public/test/browser_task_environment.h"
@@ -70,6 +71,7 @@ class SystemTokenCertDbInitializerTest : public testing::Test {
    TPMTokenLoader::InitializeForTest();
    CryptohomeClient::InitializeFake();
    NetworkCertLoader::Initialize();
+    TpmManagerClient::InitializeFake();

    system_token_cert_db_initializer_ =
        std::make_unique<SystemTokenCertDBInitializer>();
@@ -81,6 +83,7 @@ class SystemTokenCertDbInitializerTest : public testing::Test {
      const SystemTokenCertDbInitializerTest& other) = delete;

  ~SystemTokenCertDbInitializerTest() override {
+    TpmManagerClient::Shutdown();
    NetworkCertLoader::Shutdown();
    CryptohomeClient::Shutdown();
    TPMTokenLoader::Shutdown();

--- a/chromeos/dbus/tpm_manager/fake_tpm_manager_client.cc
+++ b/chromeos/dbus/tpm_manager/fake_tpm_manager_client.cc
@@ -67,11 +67,11 @@ void FakeTpmManagerClient::ClearStoredOwnerPassword(
 }

 void FakeTpmManagerClient::AddObserver(Observer* observer) {
-  NOTIMPLEMENTED();
+  observer_list_.AddObserver(observer);
 }

 void FakeTpmManagerClient::RemoveObserver(Observer* observer) {
-  NOTIMPLEMENTED();
+  observer_list_.RemoveObserver(observer);
 }

 TpmManagerClient::TestInterface* FakeTpmManagerClient::GetTestInterface() {
@@ -92,4 +92,10 @@ int FakeTpmManagerClient::clear_stored_owner_password_count() const {
  return clear_stored_owner_password_count_;
 }

+void FakeTpmManagerClient::EmitOwnershipTakenSignal() {
+  for (auto& observer : observer_list_) {
+    observer.OnOwnershipTaken();
+  }
+}
+
 }  // namespace chromeos
--- a/chromeos/dbus/tpm_manager/fake_tpm_manager_client.h
+++ b/chromeos/dbus/tpm_manager/fake_tpm_manager_client.h
@@ -8,6 +8,7 @@
 #include "chromeos/dbus/tpm_manager/tpm_manager_client.h"

 #include "base/component_export.h"
+#include "base/observer_list.h"
 #include "chromeos/dbus/tpm_manager/tpm_manager.pb.h"

 namespace chromeos {
@@ -49,11 +50,15 @@ class COMPONENT_EXPORT(CHROMEOS_DBUS_TPM_MANAGER) FakeTpmManagerClient
  mutable_nonsensitive_status_reply() override;
  ::tpm_manager::GetVersionInfoReply* mutable_version_info_reply() override;
  int clear_stored_owner_password_count() const override;
+  void EmitOwnershipTakenSignal() override;

 private:
  ::tpm_manager::GetTpmNonsensitiveStatusReply nonsensitive_status_reply_;
  ::tpm_manager::GetVersionInfoReply version_info_reply_;
  int clear_stored_owner_password_count_ = 0;
+
+  // The observer list of ownership taken signal.
+  base::ObserverList<Observer> observer_list_;
 };

 }  // namespace chromeos

--- a/chromeos/dbus/tpm_manager/tpm_manager_client.h
+++ b/chromeos/dbus/tpm_manager/tpm_manager_client.h
@@ -55,6 +55,8 @@ class COMPONENT_EXPORT(CHROMEOS_DBUS_TPM_MANAGER) TpmManagerClient {
    mutable_version_info_reply() = 0;
    // Gets the count of `ClearStoredOwnerPassword()` being called.
    virtual int clear_stored_owner_password_count() const = 0;
+    // Emits ownership taken signal.
+    virtual void EmitOwnershipTakenSignal() = 0;
  };

  // Not copyable or movable.