search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ClientCertStoreChromeOS: support additional non-platform certs.
[chromium-blink-merge.git] / chrome / browser / profiles / profile_io_data.cc
blob9b2baa83ecc07d731fcac7d2970f567a2e5220f7
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/profiles/profile_io_data.h"
6
7 #include <string>
8
9 #include "base/basictypes.h"
10 #include "base/bind.h"
11 #include "base/bind_helpers.h"
12 #include "base/callback.h"
13 #include "base/command_line.h"
14 #include "base/compiler_specific.h"
15 #include "base/debug/alias.h"
16 #include "base/logging.h"
17 #include "base/path_service.h"
18 #include "base/prefs/pref_service.h"
19 #include "base/stl_util.h"
20 #include "base/strings/string_number_conversions.h"
21 #include "base/strings/string_util.h"
22 #include "base/strings/stringprintf.h"
23 #include "base/thread_task_runner_handle.h"
24 #include "base/threading/sequenced_worker_pool.h"
25 #include "chrome/browser/browser_process.h"
26 #include "chrome/browser/chrome_notification_types.h"
27 #include "chrome/browser/content_settings/cookie_settings_factory.h"
28 #include "chrome/browser/custom_handlers/protocol_handler_registry.h"
29 #include "chrome/browser/custom_handlers/protocol_handler_registry_factory.h"
30 #include "chrome/browser/devtools/devtools_network_controller.h"
31 #include "chrome/browser/devtools/devtools_network_transaction_factory.h"
32 #include "chrome/browser/download/download_service.h"
33 #include "chrome/browser/download/download_service_factory.h"
34 #include "chrome/browser/io_thread.h"
35 #include "chrome/browser/media/media_device_id_salt.h"
36 #include "chrome/browser/net/chrome_http_user_agent_settings.h"
37 #include "chrome/browser/net/chrome_net_log.h"
38 #include "chrome/browser/net/chrome_network_delegate.h"
39 #include "chrome/browser/net/chrome_url_request_context_getter.h"
40 #include "chrome/browser/net/cookie_store_util.h"
41 #include "chrome/browser/net/proxy_service_factory.h"
42 #include "chrome/browser/net/resource_prefetch_predictor_observer.h"
43 #include "chrome/browser/predictors/resource_prefetch_predictor.h"
44 #include "chrome/browser/predictors/resource_prefetch_predictor_factory.h"
45 #include "chrome/browser/profiles/profile.h"
46 #include "chrome/browser/profiles/profile_manager.h"
47 #include "chrome/browser/ui/search/new_tab_page_interceptor_service.h"
48 #include "chrome/browser/ui/search/new_tab_page_interceptor_service_factory.h"
49 #include "chrome/common/chrome_paths.h"
50 #include "chrome/common/chrome_switches.h"
51 #include "chrome/common/pref_names.h"
52 #include "chrome/common/url_constants.h"
53 #include "components/about_handler/about_protocol_handler.h"
54 #include "components/content_settings/core/browser/content_settings_provider.h"
55 #include "components/content_settings/core/browser/cookie_settings.h"
56 #include "components/content_settings/core/browser/host_content_settings_map.h"
57 #include "components/data_reduction_proxy/core/browser/data_reduction_proxy_io_data.h"
58 #include "components/dom_distiller/core/url_constants.h"
59 #include "components/sync_driver/pref_names.h"
60 #include "components/url_formatter/url_fixer.h"
61 #include "content/public/browser/browser_thread.h"
62 #include "content/public/browser/host_zoom_map.h"
63 #include "content/public/browser/notification_service.h"
64 #include "content/public/browser/resource_context.h"
65 #include "net/base/keygen_handler.h"
66 #include "net/cert/cert_verifier.h"
67 #include "net/cookies/canonical_cookie.h"
68 #include "net/http/http_transaction_factory.h"
69 #include "net/http/http_util.h"
70 #include "net/http/transport_security_persister.h"
71 #include "net/proxy/proxy_config_service_fixed.h"
72 #include "net/proxy/proxy_script_fetcher_impl.h"
73 #include "net/proxy/proxy_service.h"
74 #include "net/ssl/channel_id_service.h"
75 #include "net/ssl/client_cert_store.h"
76 #include "net/url_request/certificate_report_sender.h"
77 #include "net/url_request/data_protocol_handler.h"
78 #include "net/url_request/file_protocol_handler.h"
79 #include "net/url_request/ftp_protocol_handler.h"
80 #include "net/url_request/url_request.h"
81 #include "net/url_request/url_request_context.h"
82 #include "net/url_request/url_request_file_job.h"
83 #include "net/url_request/url_request_intercepting_job_factory.h"
84 #include "net/url_request/url_request_interceptor.h"
85 #include "net/url_request/url_request_job_factory_impl.h"
86
87 #if defined(ENABLE_CONFIGURATION_POLICY)
88 #include "chrome/browser/policy/cloud/policy_header_service_factory.h"
89 #include "chrome/browser/policy/policy_helpers.h"
90 #include "components/policy/core/browser/url_blacklist_manager.h"
91 #include "components/policy/core/common/cloud/policy_header_io_helper.h"
92 #include "components/policy/core/common/cloud/policy_header_service.h"
93 #include "components/policy/core/common/cloud/user_cloud_policy_manager.h"
94 #endif
95
96 #if defined(ENABLE_EXTENSIONS)
97 #include "chrome/browser/extensions/extension_cookie_monster_delegate.h"
98 #include "chrome/browser/extensions/extension_resource_protocols.h"
99 #include "extensions/browser/extension_protocols.h"
100 #include "extensions/browser/extension_system.h"
101 #include "extensions/browser/extension_throttle_manager.h"
102 #include "extensions/browser/info_map.h"
103 #include "extensions/common/constants.h"
104 #endif
105
106 #if defined(ENABLE_SUPERVISED_USERS)
107 #include "chrome/browser/supervised_user/supervised_user_service.h"
108 #include "chrome/browser/supervised_user/supervised_user_service_factory.h"
109 #include "chrome/browser/supervised_user/supervised_user_url_filter.h"
110 #endif
111
112 #if defined(OS_ANDROID)
113 #include "content/public/browser/android/content_protocol_handler.h"
114 #endif // defined(OS_ANDROID)
115
116 #if defined(OS_CHROMEOS)
117 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h"
118 #include "chrome/browser/chromeos/fileapi/external_file_protocol_handler.h"
119 #include "chrome/browser/chromeos/login/startup_utils.h"
120 #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h"
121 #include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h"
122 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h"
123 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
124 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
125 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
126 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
127 #include "chrome/browser/chromeos/profiles/profile_helper.h"
128 #include "chrome/browser/chromeos/settings/cros_settings.h"
129 #include "chrome/browser/net/nss_context.h"
130 #include "chromeos/dbus/dbus_thread_manager.h"
131 #include "chromeos/settings/cros_settings_names.h"
132 #include "chromeos/tpm/tpm_token_info_getter.h"
133 #include "components/user_manager/user.h"
134 #include "components/user_manager/user_manager.h"
135 #include "crypto/nss_util.h"
136 #include "crypto/nss_util_internal.h"
137 #include "net/cert/cert_verifier.h"
138 #include "net/cert/multi_threaded_cert_verifier.h"
139 #endif // defined(OS_CHROMEOS)
140
141 #if defined(USE_NSS_CERTS)
142 #include "chrome/browser/ui/crypto_module_delegate_nss.h"
143 #include "net/ssl/client_cert_store_nss.h"
144 #endif
145
146 #if defined(OS_WIN)
147 #include "net/ssl/client_cert_store_win.h"
148 #endif
149
150 #if defined(OS_MACOSX)
151 #include "net/ssl/client_cert_store_mac.h"
152 #endif
153
154 using content::BrowserContext;
155 using content::BrowserThread;
156 using content::ResourceContext;
157
158 namespace {
159
160 net::CertVerifier* g_cert_verifier_for_testing = nullptr;
161
162 #if defined(DEBUG_DEVTOOLS)
163 bool IsSupportedDevToolsURL(const GURL& url, base::FilePath* path) {
164 std::string bundled_path_prefix(chrome::kChromeUIDevToolsBundledPath);
165 bundled_path_prefix = "/" + bundled_path_prefix + "/";
166
167 if (!url.SchemeIs(content::kChromeDevToolsScheme) ||
168 url.host() != chrome::kChromeUIDevToolsHost ||
169 !base::StartsWith(url.path(), bundled_path_prefix,
170 base::CompareCase::INSENSITIVE_ASCII)) {
171 return false;
172 }
173
174 if (!url.is_valid()) {
175 NOTREACHED();
176 return false;
177 }
178
179 // Remove Query and Ref from URL.
180 GURL stripped_url;
181 GURL::Replacements replacements;
182 replacements.ClearQuery();
183 replacements.ClearRef();
184 stripped_url = url.ReplaceComponents(replacements);
185
186 std::string relative_path;
187 const std::string& spec = stripped_url.possibly_invalid_spec();
188 const url::Parsed& parsed = stripped_url.parsed_for_possibly_invalid_spec();
189 int offset = parsed.CountCharactersBefore(url::Parsed::PATH, false);
190 if (offset < static_cast<int>(spec.size()))
191 relative_path.assign(spec.substr(offset + bundled_path_prefix.length()));
192
193 // Check that |relative_path| is not an absolute path (otherwise
194 // AppendASCII() will DCHECK). The awkward use of StringType is because on
195 // some systems FilePath expects a std::string, but on others a std::wstring.
196 base::FilePath p(
197 base::FilePath::StringType(relative_path.begin(), relative_path.end()));
198 if (p.IsAbsolute())
199 return false;
200
201 base::FilePath inspector_dir;
202 if (!PathService::Get(chrome::DIR_INSPECTOR, &inspector_dir))
203 return false;
204
205 if (inspector_dir.empty())
206 return false;
207
208 *path = inspector_dir.AppendASCII(relative_path);
209 return true;
210 }
211
212 class DebugDevToolsInterceptor : public net::URLRequestInterceptor {
213 public:
214 // net::URLRequestInterceptor implementation.
215 net::URLRequestJob* MaybeInterceptRequest(
216 net::URLRequest* request,
217 net::NetworkDelegate* network_delegate) const override {
218 base::FilePath path;
219 if (IsSupportedDevToolsURL(request->url(), &path))
220 return new net::URLRequestFileJob(
221 request, network_delegate, path,
222 content::BrowserThread::GetBlockingPool()->
223 GetTaskRunnerWithShutdownBehavior(
224 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN));
225
226 return NULL;
227 }
228 };
229 #endif // defined(DEBUG_DEVTOOLS)
230
231 #if defined(OS_CHROMEOS)
232 // The following four functions are responsible for initializing NSS for each
233 // profile on ChromeOS, which has a separate NSS database and TPM slot
234 // per-profile.
235 //
236 // Initialization basically follows these steps:
237 // 1) Get some info from user_manager::UserManager about the User for this
238 // profile.
239 // 2) Tell nss_util to initialize the software slot for this profile.
240 // 3) Wait for the TPM module to be loaded by nss_util if it isn't already.
241 // 4) Ask CryptohomeClient which TPM slot id corresponds to this profile.
242 // 5) Tell nss_util to use that slot id on the TPM module.
243 //
244 // Some of these steps must happen on the UI thread, others must happen on the
245 // IO thread:
246 // UI thread IO Thread
247 //
248 // ProfileIOData::InitializeOnUIThread
249 // |
250 // ProfileHelper::Get()->GetUserByProfile()
251 // \---------------------------------------v
252 // StartNSSInitOnIOThread
253 // |
254 // crypto::InitializeNSSForChromeOSUser
255 // |
256 // crypto::IsTPMTokenReady
257 // |
258 // StartTPMSlotInitializationOnIOThread
259 // v---------------------------------------/
260 // GetTPMInfoForUserOnUIThread
261 // |
262 // chromeos::TPMTokenInfoGetter::Start
263 // |
264 // DidGetTPMInfoForUserOnUIThread
265 // \---------------------------------------v
266 // crypto::InitializeTPMForChromeOSUser
267
268 void DidGetTPMInfoForUserOnUIThread(
269 scoped_ptr<chromeos::TPMTokenInfoGetter> getter,
270 const std::string& username_hash,
271 const chromeos::TPMTokenInfo& info) {
272 DCHECK_CURRENTLY_ON(BrowserThread::UI);
273 if (info.tpm_is_enabled && info.token_slot_id != -1) {
274 DVLOG(1) << "Got TPM slot for " << username_hash << ": "
275 << info.token_slot_id;
276 BrowserThread::PostTask(
277 BrowserThread::IO,
278 FROM_HERE,
279 base::Bind(&crypto::InitializeTPMForChromeOSUser,
280 username_hash, info.token_slot_id));
281 } else {
282 NOTREACHED() << "TPMTokenInfoGetter reported invalid token.";
283 }
284 }
285
286 void GetTPMInfoForUserOnUIThread(const std::string& username,
287 const std::string& username_hash) {
288 DCHECK_CURRENTLY_ON(BrowserThread::UI);
289 DVLOG(1) << "Getting TPM info from cryptohome for "
290 << " " << username << " " << username_hash;
291 scoped_ptr<chromeos::TPMTokenInfoGetter> scoped_token_info_getter =
292 chromeos::TPMTokenInfoGetter::CreateForUserToken(
293 username,
294 chromeos::DBusThreadManager::Get()->GetCryptohomeClient(),
295 base::ThreadTaskRunnerHandle::Get());
296 chromeos::TPMTokenInfoGetter* token_info_getter =
297 scoped_token_info_getter.get();
298
299 // Bind |token_info_getter| to the callback to ensure it does not go away
300 // before TPM token info is fetched.
301 // TODO(tbarzic, pneubeck): Handle this in a nicer way when this logic is
302 // moved to a separate profile service.
303 token_info_getter->Start(
304 base::Bind(&DidGetTPMInfoForUserOnUIThread,
305 base::Passed(&scoped_token_info_getter),
306 username_hash));
307 }
308
309 void StartTPMSlotInitializationOnIOThread(const std::string& username,
310 const std::string& username_hash) {
311 DCHECK_CURRENTLY_ON(BrowserThread::IO);
312
313 BrowserThread::PostTask(
314 BrowserThread::UI,
315 FROM_HERE,
316 base::Bind(&GetTPMInfoForUserOnUIThread, username, username_hash));
317 }
318
319 void StartNSSInitOnIOThread(const std::string& username,
320 const std::string& username_hash,
321 const base::FilePath& path) {
322 DCHECK_CURRENTLY_ON(BrowserThread::IO);
323 DVLOG(1) << "Starting NSS init for " << username
324 << " hash:" << username_hash;
325
326 // Make sure NSS is initialized for the user.
327 crypto::InitializeNSSForChromeOSUser(username_hash, path);
328
329 // Check if it's OK to initialize TPM for the user before continuing. This
330 // may not be the case if the TPM slot initialization was previously
331 // requested for the same user.
332 if (!crypto::ShouldInitializeTPMForChromeOSUser(username_hash))
333 return;
334
335 crypto::WillInitializeTPMForChromeOSUser(username_hash);
336
337 if (crypto::IsTPMTokenEnabledForNSS()) {
338 if (crypto::IsTPMTokenReady(base::Bind(
339 &StartTPMSlotInitializationOnIOThread, username, username_hash))) {
340 StartTPMSlotInitializationOnIOThread(username, username_hash);
341 } else {
342 DVLOG(1) << "Waiting for tpm ready ...";
343 }
344 } else {
345 crypto::InitializePrivateSoftwareSlotForChromeOSUser(username_hash);
346 }
347 }
348 #endif // defined(OS_CHROMEOS)
349
350 #if defined(USE_NSS_CERTS)
351 void InitializeAndPassKeygenHandler(
352 scoped_ptr<net::KeygenHandler> keygen_handler,
353 const base::Callback<void(scoped_ptr<net::KeygenHandler>)>& callback,
354 scoped_ptr<ChromeNSSCryptoModuleDelegate> delegate) {
355 if (delegate)
356 keygen_handler->set_crypto_module_delegate(delegate.Pass());
357 callback.Run(keygen_handler.Pass());
358 }
359 #endif // defined(USE_NSS_CERTS)
360
361 // For safe shutdown, must be called before the ProfileIOData is destroyed.
362 void NotifyContextGettersOfShutdownOnIO(
363 scoped_ptr<ProfileIOData::ChromeURLRequestContextGetterVector> getters) {
364 DCHECK_CURRENTLY_ON(BrowserThread::IO);
365 ProfileIOData::ChromeURLRequestContextGetterVector::iterator iter;
366 for (auto& chrome_context_getter : *getters)
367 chrome_context_getter->NotifyContextShuttingDown();
368 }
369
370 } // namespace
371
372 void ProfileIOData::InitializeOnUIThread(Profile* profile) {
373 DCHECK_CURRENTLY_ON(BrowserThread::UI);
374 PrefService* pref_service = profile->GetPrefs();
375 PrefService* local_state_pref_service = g_browser_process->local_state();
376
377 scoped_ptr<ProfileParams> params(new ProfileParams);
378 params->path = profile->GetPath();
379
380 params->io_thread = g_browser_process->io_thread();
381
382 params->cookie_settings = CookieSettingsFactory::GetForProfile(profile);
383 params->host_content_settings_map = profile->GetHostContentSettingsMap();
384 params->ssl_config_service = profile->GetSSLConfigService();
385
386 #if defined(ENABLE_EXTENSIONS)
387 params->extension_info_map =
388 extensions::ExtensionSystem::Get(profile)->info_map();
389 params->cookie_monster_delegate = new ExtensionCookieMonsterDelegate(profile);
390 #endif
391
392 if (predictors::ResourcePrefetchPredictor* predictor =
393 predictors::ResourcePrefetchPredictorFactory::GetForProfile(
394 profile)) {
395 resource_prefetch_predictor_observer_.reset(
396 new chrome_browser_net::ResourcePrefetchPredictorObserver(predictor));
397 }
398
399 ProtocolHandlerRegistry* protocol_handler_registry =
400 ProtocolHandlerRegistryFactory::GetForBrowserContext(profile);
401 DCHECK(protocol_handler_registry);
402
403 // The profile instance is only available here in the InitializeOnUIThread
404 // method, so we create the url job factory here, then save it for
405 // later delivery to the job factory in Init().
406 params->protocol_handler_interceptor =
407 protocol_handler_registry->CreateJobInterceptorFactory();
408
409 NewTabPageInterceptorService* new_tab_interceptor_service =
410 NewTabPageInterceptorServiceFactory::GetForProfile(profile);
411 if (new_tab_interceptor_service) {
412 params->new_tab_page_interceptor =
413 new_tab_interceptor_service->CreateInterceptor();
414 }
415
416 params->proxy_config_service
417 .reset(ProxyServiceFactory::CreateProxyConfigService(
418 profile->GetProxyConfigTracker()));
419 #if defined(ENABLE_SUPERVISED_USERS)
420 SupervisedUserService* supervised_user_service =
421 SupervisedUserServiceFactory::GetForProfile(profile);
422 params->supervised_user_url_filter =
423 supervised_user_service->GetURLFilterForIOThread();
424 #endif
425 #if defined(OS_CHROMEOS)
426 user_manager::UserManager* user_manager = user_manager::UserManager::Get();
427 if (user_manager) {
428 const user_manager::User* user =
429 chromeos::ProfileHelper::Get()->GetUserByProfile(profile);
430 // No need to initialize NSS for users with empty username hash:
431 // Getters for a user's NSS slots always return NULL slot if the user's
432 // username hash is empty, even when the NSS is not initialized for the
433 // user.
434 if (user && !user->username_hash().empty()) {
435 params->username_hash = user->username_hash();
436 DCHECK(!params->username_hash.empty());
437 BrowserThread::PostTask(BrowserThread::IO,
438 FROM_HERE,
439 base::Bind(&StartNSSInitOnIOThread,
440 user->email(),
441 user->username_hash(),
442 profile->GetPath()));
443
444 // Use the device-wide system key slot only if the user is of the same
445 // domain as the device is registered to.
446 policy::BrowserPolicyConnectorChromeOS* connector =
447 g_browser_process->platform_part()
448 ->browser_policy_connector_chromeos();
449 params->use_system_key_slot =
450 connector->GetUserAffiliation(user->email()) ==
451 policy::USER_AFFILIATION_MANAGED;
452 }
453 }
454 #endif
455
456 params->profile = profile;
457 profile_params_.reset(params.release());
458
459 ChromeNetworkDelegate::InitializePrefsOnUIThread(
460 &enable_referrers_,
461 &enable_do_not_track_,
462 &force_google_safesearch_,
463 &force_youtube_safety_mode_,
464 pref_service);
465
466 scoped_refptr<base::SingleThreadTaskRunner> io_task_runner =
467 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO);
468
469 chrome_http_user_agent_settings_.reset(
470 new ChromeHttpUserAgentSettings(pref_service));
471
472 // These members are used only for sign in, which is not enabled
473 // in incognito mode. So no need to initialize them.
474 if (!IsOffTheRecord()) {
475 google_services_user_account_id_.Init(
476 prefs::kGoogleServicesUserAccountId, pref_service);
477 google_services_user_account_id_.MoveToThread(io_task_runner);
478
479 sync_disabled_.Init(sync_driver::prefs::kSyncManaged, pref_service);
480 sync_disabled_.MoveToThread(io_task_runner);
481
482 signin_allowed_.Init(prefs::kSigninAllowed, pref_service);
483 signin_allowed_.MoveToThread(io_task_runner);
484 }
485
486 quick_check_enabled_.Init(prefs::kQuickCheckEnabled,
487 local_state_pref_service);
488 quick_check_enabled_.MoveToThread(io_task_runner);
489
490 media_device_id_salt_ = new MediaDeviceIDSalt(pref_service, IsOffTheRecord());
491
492 network_prediction_options_.Init(prefs::kNetworkPredictionOptions,
493 pref_service);
494
495 network_prediction_options_.MoveToThread(io_task_runner);
496
497 #if defined(OS_CHROMEOS)
498 scoped_ptr<policy::PolicyCertVerifier> verifier =
499 policy::PolicyCertServiceFactory::CreateForProfile(profile);
500 policy_cert_verifier_ = verifier.get();
501 cert_verifier_ = verifier.Pass();
502 #endif
503 // The URLBlacklistManager has to be created on the UI thread to register
504 // observers of |pref_service|, and it also has to clean up on
505 // ShutdownOnUIThread to release these observers on the right thread.
506 // Don't pass it in |profile_params_| to make sure it is correctly cleaned up,
507 // in particular when this ProfileIOData isn't |initialized_| during deletion.
508 #if defined(ENABLE_CONFIGURATION_POLICY)
509 policy::URLBlacklist::SegmentURLCallback callback =
510 static_cast<policy::URLBlacklist::SegmentURLCallback>(
511 url_formatter::SegmentURL);
512 base::SequencedWorkerPool* pool = BrowserThread::GetBlockingPool();
513 scoped_refptr<base::SequencedTaskRunner> background_task_runner =
514 pool->GetSequencedTaskRunner(pool->GetSequenceToken());
515 url_blacklist_manager_.reset(new policy::URLBlacklistManager(
516 pref_service, background_task_runner, io_task_runner, callback,
517 base::Bind(policy::OverrideBlacklistForURL)));
518
519 if (!IsOffTheRecord()) {
520 // Add policy headers for non-incognito requests.
521 policy::PolicyHeaderService* policy_header_service =
522 policy::PolicyHeaderServiceFactory::GetForBrowserContext(profile);
523 if (policy_header_service) {
524 policy_header_helper_ =
525 policy_header_service->CreatePolicyHeaderIOHelper(io_task_runner);
526 }
527 }
528 #endif
529
530 incognito_availibility_pref_.Init(
531 prefs::kIncognitoModeAvailability, pref_service);
532 incognito_availibility_pref_.MoveToThread(io_task_runner);
533
534 initialized_on_UI_thread_ = true;
535
536 // We need to make sure that content initializes its own data structures that
537 // are associated with each ResourceContext because we might post this
538 // object to the IO thread after this function.
539 BrowserContext::EnsureResourceContextInitialized(profile);
540 }
541
542 ProfileIOData::MediaRequestContext::MediaRequestContext() {
543 }
544
545 void ProfileIOData::MediaRequestContext::SetHttpTransactionFactory(
546 scoped_ptr<net::HttpTransactionFactory> http_factory) {
547 http_factory_ = http_factory.Pass();
548 set_http_transaction_factory(http_factory_.get());
549 }
550
551 ProfileIOData::MediaRequestContext::~MediaRequestContext() {
552 AssertNoURLRequests();
553 }
554
555 ProfileIOData::AppRequestContext::AppRequestContext() {
556 }
557
558 void ProfileIOData::AppRequestContext::SetCookieStore(
559 net::CookieStore* cookie_store) {
560 cookie_store_ = cookie_store;
561 set_cookie_store(cookie_store);
562 }
563
564 void ProfileIOData::AppRequestContext::SetHttpTransactionFactory(
565 scoped_ptr<net::HttpTransactionFactory> http_factory) {
566 http_factory_ = http_factory.Pass();
567 set_http_transaction_factory(http_factory_.get());
568 }
569
570 void ProfileIOData::AppRequestContext::SetJobFactory(
571 scoped_ptr<net::URLRequestJobFactory> job_factory) {
572 job_factory_ = job_factory.Pass();
573 set_job_factory(job_factory_.get());
574 }
575
576 ProfileIOData::AppRequestContext::~AppRequestContext() {
577 AssertNoURLRequests();
578 }
579
580 ProfileIOData::ProfileParams::ProfileParams()
581 : io_thread(NULL),
582 #if defined(OS_CHROMEOS)
583 use_system_key_slot(false),
584 #endif
585 profile(NULL) {
586 }
587
588 ProfileIOData::ProfileParams::~ProfileParams() {}
589
590 ProfileIOData::ProfileIOData(Profile::ProfileType profile_type)
591 : initialized_(false),
592 #if defined(OS_CHROMEOS)
593 policy_cert_verifier_(NULL),
594 use_system_key_slot_(false),
595 #endif
596 resource_context_(new ResourceContext(this)),
597 initialized_on_UI_thread_(false),
598 profile_type_(profile_type) {
599 DCHECK_CURRENTLY_ON(BrowserThread::UI);
600 }
601
602 ProfileIOData::~ProfileIOData() {
603 if (BrowserThread::IsMessageLoopValid(BrowserThread::IO))
604 DCHECK_CURRENTLY_ON(BrowserThread::IO);
605
606 // Pull the contents of the request context maps onto the stack for sanity
607 // checking of values in a minidump. http://crbug.com/260425
608 size_t num_app_contexts = app_request_context_map_.size();
609 size_t num_media_contexts = isolated_media_request_context_map_.size();
610 size_t current_context = 0;
611 static const size_t kMaxCachedContexts = 20;
612 net::URLRequestContext* app_context_cache[kMaxCachedContexts] = {0};
613 void* app_context_vtable_cache[kMaxCachedContexts] = {0};
614 net::URLRequestContext* media_context_cache[kMaxCachedContexts] = {0};
615 void* media_context_vtable_cache[kMaxCachedContexts] = {0};
616 void* tmp_vtable = NULL;
617 base::debug::Alias(&num_app_contexts);
618 base::debug::Alias(&num_media_contexts);
619 base::debug::Alias(&current_context);
620 base::debug::Alias(app_context_cache);
621 base::debug::Alias(app_context_vtable_cache);
622 base::debug::Alias(media_context_cache);
623 base::debug::Alias(media_context_vtable_cache);
624 base::debug::Alias(&tmp_vtable);
625
626 current_context = 0;
627 for (URLRequestContextMap::const_iterator it =
628 app_request_context_map_.begin();
629 current_context < kMaxCachedContexts &&
630 it != app_request_context_map_.end();
631 ++it, ++current_context) {
632 app_context_cache[current_context] = it->second;
633 memcpy(&app_context_vtable_cache[current_context],
634 static_cast<void*>(it->second), sizeof(void*));
635 }
636
637 current_context = 0;
638 for (URLRequestContextMap::const_iterator it =
639 isolated_media_request_context_map_.begin();
640 current_context < kMaxCachedContexts &&
641 it != isolated_media_request_context_map_.end();
642 ++it, ++current_context) {
643 media_context_cache[current_context] = it->second;
644 memcpy(&media_context_vtable_cache[current_context],
645 static_cast<void*>(it->second), sizeof(void*));
646 }
647
648 // Destroy certificate_report_sender_ before main_request_context_,
649 // since the former has a reference to the latter.
650 if (transport_security_state_)
651 transport_security_state_->SetReportSender(nullptr);
652 certificate_report_sender_.reset();
653
654 // TODO(ajwong): These AssertNoURLRequests() calls are unnecessary since they
655 // are already done in the URLRequestContext destructor.
656 if (main_request_context_)
657 main_request_context_->AssertNoURLRequests();
658 if (extensions_request_context_)
659 extensions_request_context_->AssertNoURLRequests();
660
661 current_context = 0;
662 for (URLRequestContextMap::iterator it = app_request_context_map_.begin();
663 it != app_request_context_map_.end(); ++it) {
664 if (current_context < kMaxCachedContexts) {
665 CHECK_EQ(app_context_cache[current_context], it->second);
666 memcpy(&tmp_vtable, static_cast<void*>(it->second), sizeof(void*));
667 CHECK_EQ(app_context_vtable_cache[current_context], tmp_vtable);
668 }
669 it->second->AssertNoURLRequests();
670 delete it->second;
671 current_context++;
672 }
673
674 current_context = 0;
675 for (URLRequestContextMap::iterator it =
676 isolated_media_request_context_map_.begin();
677 it != isolated_media_request_context_map_.end(); ++it) {
678 if (current_context < kMaxCachedContexts) {
679 CHECK_EQ(media_context_cache[current_context], it->second);
680 memcpy(&tmp_vtable, static_cast<void*>(it->second), sizeof(void*));
681 CHECK_EQ(media_context_vtable_cache[current_context], tmp_vtable);
682 }
683 it->second->AssertNoURLRequests();
684 delete it->second;
685 current_context++;
686 }
687 }
688
689 // static
690 ProfileIOData* ProfileIOData::FromResourceContext(
691 content::ResourceContext* rc) {
692 return (static_cast<ResourceContext*>(rc))->io_data_;
693 }
694
695 // static
696 bool ProfileIOData::IsHandledProtocol(const std::string& scheme) {
697 DCHECK_EQ(scheme, base::ToLowerASCII(scheme));
698 static const char* const kProtocolList[] = {
699 url::kFileScheme,
700 content::kChromeDevToolsScheme,
701 dom_distiller::kDomDistillerScheme,
702 #if defined(ENABLE_EXTENSIONS)
703 extensions::kExtensionScheme,
704 extensions::kExtensionResourceScheme,
705 #endif
706 content::kChromeUIScheme,
707 url::kDataScheme,
708 #if defined(OS_CHROMEOS)
709 content::kExternalFileScheme,
710 #endif // defined(OS_CHROMEOS)
711 url::kAboutScheme,
712 #if !defined(DISABLE_FTP_SUPPORT)
713 url::kFtpScheme,
714 #endif // !defined(DISABLE_FTP_SUPPORT)
715 url::kBlobScheme,
716 url::kFileSystemScheme,
717 chrome::kChromeSearchScheme,
718 };
719 for (size_t i = 0; i < arraysize(kProtocolList); ++i) {
720 if (scheme == kProtocolList[i])
721 return true;
722 }
723 return net::URLRequest::IsHandledProtocol(scheme);
724 }
725
726 // static
727 bool ProfileIOData::IsHandledURL(const GURL& url) {
728 if (!url.is_valid()) {
729 // We handle error cases.
730 return true;
731 }
732
733 return IsHandledProtocol(url.scheme());
734 }
735
736 // static
737 void ProfileIOData::InstallProtocolHandlers(
738 net::URLRequestJobFactoryImpl* job_factory,
739 content::ProtocolHandlerMap* protocol_handlers) {
740 for (content::ProtocolHandlerMap::iterator it =
741 protocol_handlers->begin();
742 it != protocol_handlers->end();
743 ++it) {
744 bool set_protocol = job_factory->SetProtocolHandler(
745 it->first, make_scoped_ptr(it->second.release()));
746 DCHECK(set_protocol);
747 }
748 protocol_handlers->clear();
749 }
750
751 // static
752 void ProfileIOData::SetCertVerifierForTesting(
753 net::CertVerifier* cert_verifier) {
754 g_cert_verifier_for_testing = cert_verifier;
755 }
756
757 content::ResourceContext* ProfileIOData::GetResourceContext() const {
758 return resource_context_.get();
759 }
760
761 net::URLRequestContext* ProfileIOData::GetMainRequestContext() const {
762 DCHECK(initialized_);
763 return main_request_context_.get();
764 }
765
766 net::URLRequestContext* ProfileIOData::GetMediaRequestContext() const {
767 DCHECK(initialized_);
768 net::URLRequestContext* context = AcquireMediaRequestContext();
769 DCHECK(context);
770 return context;
771 }
772
773 net::URLRequestContext* ProfileIOData::GetExtensionsRequestContext() const {
774 DCHECK(initialized_);
775 return extensions_request_context_.get();
776 }
777
778 net::URLRequestContext* ProfileIOData::GetIsolatedAppRequestContext(
779 net::URLRequestContext* main_context,
780 const StoragePartitionDescriptor& partition_descriptor,
781 scoped_ptr<ProtocolHandlerRegistry::JobInterceptorFactory>
782 protocol_handler_interceptor,
783 content::ProtocolHandlerMap* protocol_handlers,
784 content::URLRequestInterceptorScopedVector request_interceptors) const {
785 DCHECK(initialized_);
786 net::URLRequestContext* context = NULL;
787 if (ContainsKey(app_request_context_map_, partition_descriptor)) {
788 context = app_request_context_map_[partition_descriptor];
789 } else {
790 context =
791 AcquireIsolatedAppRequestContext(main_context,
792 partition_descriptor,
793 protocol_handler_interceptor.Pass(),
794 protocol_handlers,
795 request_interceptors.Pass());
796 app_request_context_map_[partition_descriptor] = context;
797 }
798 DCHECK(context);
799 return context;
800 }
801
802 net::URLRequestContext* ProfileIOData::GetIsolatedMediaRequestContext(
803 net::URLRequestContext* app_context,
804 const StoragePartitionDescriptor& partition_descriptor) const {
805 DCHECK(initialized_);
806 net::URLRequestContext* context = NULL;
807 if (ContainsKey(isolated_media_request_context_map_, partition_descriptor)) {
808 context = isolated_media_request_context_map_[partition_descriptor];
809 } else {
810 context = AcquireIsolatedMediaRequestContext(app_context,
811 partition_descriptor);
812 isolated_media_request_context_map_[partition_descriptor] = context;
813 }
814 DCHECK(context);
815 return context;
816 }
817
818 extensions::InfoMap* ProfileIOData::GetExtensionInfoMap() const {
819 DCHECK(initialized_) << "ExtensionSystem not initialized";
820 #if defined(ENABLE_EXTENSIONS)
821 return extension_info_map_.get();
822 #else
823 return nullptr;
824 #endif
825 }
826
827 extensions::ExtensionThrottleManager*
828 ProfileIOData::GetExtensionThrottleManager() const {
829 DCHECK(initialized_) << "ExtensionSystem not initialized";
830 #if defined(ENABLE_EXTENSIONS)
831 return extension_throttle_manager_.get();
832 #else
833 return nullptr;
834 #endif
835 }
836
837 content_settings::CookieSettings* ProfileIOData::GetCookieSettings() const {
838 // Allow either Init() or SetCookieSettingsForTesting() to initialize.
839 DCHECK(initialized_ || cookie_settings_.get());
840 return cookie_settings_.get();
841 }
842
843 HostContentSettingsMap* ProfileIOData::GetHostContentSettingsMap() const {
844 DCHECK(initialized_);
845 return host_content_settings_map_.get();
846 }
847
848 ResourceContext::SaltCallback ProfileIOData::GetMediaDeviceIDSalt() const {
849 return base::Bind(&MediaDeviceIDSalt::GetSalt, media_device_id_salt_);
850 }
851
852 bool ProfileIOData::IsOffTheRecord() const {
853 return profile_type() == Profile::INCOGNITO_PROFILE
854 || profile_type() == Profile::GUEST_PROFILE;
855 }
856
857 void ProfileIOData::InitializeMetricsEnabledStateOnUIThread() {
858 DCHECK_CURRENTLY_ON(BrowserThread::UI);
859 #if defined(OS_CHROMEOS)
860 // Just fetch the value from ChromeOS' settings while we're on the UI thread.
861 // TODO(stevet): For now, this value is only set on profile initialization.
862 // We will want to do something similar to the PrefMember method below in the
863 // future to more accurately capture this state.
864 chromeos::CrosSettings::Get()->GetBoolean(chromeos::kStatsReportingPref,
865 &enable_metrics_);
866 #elif defined(OS_ANDROID)
867 // TODO(dwkang): rename or unify the pref for UMA once we have conclusion
868 // in crbugs.com/246495.
869 // Android has it's own preferences for metrics / crash uploading.
870 enable_metrics_.Init(prefs::kCrashReportingEnabled,
871 g_browser_process->local_state());
872 enable_metrics_.MoveToThread(
873 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO));
874 #else
875 // Prep the PrefMember and send it to the IO thread, since this value will be
876 // read from there.
877 enable_metrics_.Init(prefs::kMetricsReportingEnabled,
878 g_browser_process->local_state());
879 enable_metrics_.MoveToThread(
880 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO));
881 #endif // defined(OS_CHROMEOS)
882 }
883
884 bool ProfileIOData::GetMetricsEnabledStateOnIOThread() const {
885 DCHECK_CURRENTLY_ON(BrowserThread::IO);
886 #if defined(OS_CHROMEOS)
887 return enable_metrics_;
888 #else
889 return enable_metrics_.GetValue();
890 #endif // defined(OS_CHROMEOS)
891 }
892
893 bool ProfileIOData::IsDataReductionProxyEnabled() const {
894 return data_reduction_proxy_io_data() &&
895 data_reduction_proxy_io_data()->IsEnabled();
896 }
897
898 void ProfileIOData::set_data_reduction_proxy_io_data(
899 scoped_ptr<data_reduction_proxy::DataReductionProxyIOData>
900 data_reduction_proxy_io_data) const {
901 data_reduction_proxy_io_data_ = data_reduction_proxy_io_data.Pass();
902 }
903
904 base::WeakPtr<net::HttpServerProperties>
905 ProfileIOData::http_server_properties() const {
906 return http_server_properties_->GetWeakPtr();
907 }
908
909 void ProfileIOData::set_http_server_properties(
910 scoped_ptr<net::HttpServerProperties> http_server_properties) const {
911 http_server_properties_ = http_server_properties.Pass();
912 }
913
914 ProfileIOData::ResourceContext::ResourceContext(ProfileIOData* io_data)
915 : io_data_(io_data),
916 host_resolver_(NULL),
917 request_context_(NULL) {
918 DCHECK(io_data);
919 }
920
921 ProfileIOData::ResourceContext::~ResourceContext() {}
922
923 net::HostResolver* ProfileIOData::ResourceContext::GetHostResolver() {
924 DCHECK_CURRENTLY_ON(BrowserThread::IO);
925 DCHECK(io_data_->initialized_);
926 return host_resolver_;
927 }
928
929 net::URLRequestContext* ProfileIOData::ResourceContext::GetRequestContext() {
930 DCHECK_CURRENTLY_ON(BrowserThread::IO);
931 DCHECK(io_data_->initialized_);
932 return request_context_;
933 }
934
935 scoped_ptr<net::ClientCertStore>
936 ProfileIOData::ResourceContext::CreateClientCertStore() {
937 if (!io_data_->client_cert_store_factory_.is_null())
938 return io_data_->client_cert_store_factory_.Run();
939 #if defined(OS_CHROMEOS)
940 return scoped_ptr<net::ClientCertStore>(new chromeos::ClientCertStoreChromeOS(
941 nullptr, // no additional provider
942 make_scoped_ptr(new chromeos::ClientCertFilterChromeOS(
943 io_data_->use_system_key_slot(), io_data_->username_hash())),
944 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate,
945 chrome::kCryptoModulePasswordClientAuth)));
946 #elif defined(USE_NSS_CERTS)
947 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreNSS(
948 base::Bind(&CreateCryptoModuleBlockingPasswordDelegate,
949 chrome::kCryptoModulePasswordClientAuth)));
950 #elif defined(OS_WIN)
951 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreWin());
952 #elif defined(OS_MACOSX)
953 return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreMac());
954 #elif defined(USE_OPENSSL)
955 // OpenSSL does not use the ClientCertStore infrastructure. On Android client
956 // cert matching is done by the OS as part of the call to show the cert
957 // selection dialog.
958 return scoped_ptr<net::ClientCertStore>();
959 #else
960 #error Unknown platform.
961 #endif
962 }
963
964 void ProfileIOData::ResourceContext::CreateKeygenHandler(
965 uint32 key_size_in_bits,
966 const std::string& challenge_string,
967 const GURL& url,
968 const base::Callback<void(scoped_ptr<net::KeygenHandler>)>& callback) {
969 DCHECK(!callback.is_null());
970 #if defined(USE_NSS_CERTS)
971 scoped_ptr<net::KeygenHandler> keygen_handler(
972 new net::KeygenHandler(key_size_in_bits, challenge_string, url));
973
974 base::Callback<void(scoped_ptr<ChromeNSSCryptoModuleDelegate>)>
975 got_delegate_callback = base::Bind(&InitializeAndPassKeygenHandler,
976 base::Passed(&keygen_handler),
977 callback);
978
979 ChromeNSSCryptoModuleDelegate::CreateForResourceContext(
980 chrome::kCryptoModulePasswordKeygen,
981 net::HostPortPair::FromURL(url),
982 this,
983 got_delegate_callback);
984 #else
985 callback.Run(make_scoped_ptr(
986 new net::KeygenHandler(key_size_in_bits, challenge_string, url)));
987 #endif
988 }
989
990 ResourceContext::SaltCallback
991 ProfileIOData::ResourceContext::GetMediaDeviceIDSalt() {
992 return io_data_->GetMediaDeviceIDSalt();
993 }
994
995 // static
996 std::string ProfileIOData::GetSSLSessionCacheShard() {
997 DCHECK_CURRENTLY_ON(BrowserThread::IO);
998 // The SSL session cache is partitioned by setting a string. This returns a
999 // unique string to partition the SSL session cache. Each time we create a
1000 // new profile, we'll get a fresh SSL session cache which is separate from
1001 // the other profiles.
1002 static unsigned ssl_session_cache_instance = 0;
1003 return base::StringPrintf("profile/%u", ssl_session_cache_instance++);
1004 }
1005
1006 void ProfileIOData::Init(
1007 content::ProtocolHandlerMap* protocol_handlers,
1008 content::URLRequestInterceptorScopedVector request_interceptors) const {
1009 // The basic logic is implemented here. The specific initialization
1010 // is done in InitializeInternal(), implemented by subtypes. Static helper
1011 // functions have been provided to assist in common operations.
1012 DCHECK_CURRENTLY_ON(BrowserThread::IO);
1013 DCHECK(!initialized_);
1014
1015 // TODO(jhawkins): Remove once crbug.com/102004 is fixed.
1016 CHECK(initialized_on_UI_thread_);
1017
1018 // TODO(jhawkins): Return to DCHECK once crbug.com/102004 is fixed.
1019 CHECK(profile_params_.get());
1020
1021 IOThread* const io_thread = profile_params_->io_thread;
1022 IOThread::Globals* const io_thread_globals = io_thread->globals();
1023 const base::CommandLine& command_line =
1024 *base::CommandLine::ForCurrentProcess();
1025
1026 // Create the common request contexts.
1027 main_request_context_.reset(new net::URLRequestContext());
1028 extensions_request_context_.reset(new net::URLRequestContext());
1029
1030 scoped_ptr<ChromeNetworkDelegate> network_delegate(
1031 new ChromeNetworkDelegate(
1032 #if defined(ENABLE_EXTENSIONS)
1033 io_thread_globals->extension_event_router_forwarder.get(),
1034 #else
1035 NULL,
1036 #endif
1037 &enable_referrers_));
1038 #if defined(ENABLE_EXTENSIONS)
1039 network_delegate->set_extension_info_map(
1040 profile_params_->extension_info_map.get());
1041 if (!command_line.HasSwitch(switches::kDisableExtensionsHttpThrottling)) {
1042 extension_throttle_manager_.reset(
1043 new extensions::ExtensionThrottleManager());
1044 }
1045 #endif
1046
1047 #if defined(ENABLE_CONFIGURATION_POLICY)
1048 network_delegate->set_url_blacklist_manager(url_blacklist_manager_.get());
1049 #endif
1050 network_delegate->set_profile(profile_params_->profile);
1051 network_delegate->set_profile_path(profile_params_->path);
1052 network_delegate->set_cookie_settings(profile_params_->cookie_settings.get());
1053 network_delegate->set_enable_do_not_track(&enable_do_not_track_);
1054 network_delegate->set_force_google_safe_search(&force_google_safesearch_);
1055 network_delegate->set_force_youtube_safety_mode(&force_youtube_safety_mode_);
1056
1057 // NOTE: Proxy service uses the default io thread network delegate, not the
1058 // delegate just created.
1059 proxy_service_.reset(
1060 ProxyServiceFactory::CreateProxyService(
1061 io_thread->net_log(),
1062 io_thread_globals->proxy_script_fetcher_context.get(),
1063 io_thread_globals->system_network_delegate.get(),
1064 profile_params_->proxy_config_service.release(),
1065 command_line,
1066 quick_check_enabled_.GetValue()));
1067 transport_security_state_.reset(new net::TransportSecurityState());
1068 base::SequencedWorkerPool* pool = BrowserThread::GetBlockingPool();
1069 transport_security_persister_.reset(
1070 new net::TransportSecurityPersister(
1071 transport_security_state_.get(),
1072 profile_params_->path,
1073 pool->GetSequencedTaskRunnerWithShutdownBehavior(
1074 pool->GetSequenceToken(),
1075 base::SequencedWorkerPool::BLOCK_SHUTDOWN),
1076 IsOffTheRecord()));
1077
1078 certificate_report_sender_.reset(new net::CertificateReportSender(
1079 main_request_context_.get(),
1080 net::CertificateReportSender::DO_NOT_SEND_COOKIES));
1081 transport_security_state_->SetReportSender(certificate_report_sender_.get());
1082
1083 // Take ownership over these parameters.
1084 cookie_settings_ = profile_params_->cookie_settings;
1085 host_content_settings_map_ = profile_params_->host_content_settings_map;
1086 #if defined(ENABLE_EXTENSIONS)
1087 extension_info_map_ = profile_params_->extension_info_map;
1088 #endif
1089
1090 resource_context_->host_resolver_ = io_thread_globals->host_resolver.get();
1091 resource_context_->request_context_ = main_request_context_.get();
1092
1093 if (profile_params_->resource_prefetch_predictor_observer_) {
1094 resource_prefetch_predictor_observer_.reset(
1095 profile_params_->resource_prefetch_predictor_observer_.release());
1096 }
1097
1098 #if defined(ENABLE_SUPERVISED_USERS)
1099 supervised_user_url_filter_ = profile_params_->supervised_user_url_filter;
1100 #endif
1101
1102 #if defined(OS_CHROMEOS)
1103 username_hash_ = profile_params_->username_hash;
1104 use_system_key_slot_ = profile_params_->use_system_key_slot;
1105 if (use_system_key_slot_)
1106 EnableNSSSystemKeySlotForResourceContext(resource_context_.get());
1107 #endif
1108
1109 if (g_cert_verifier_for_testing) {
1110 main_request_context_->set_cert_verifier(g_cert_verifier_for_testing);
1111 } else {
1112 #if defined(OS_CHROMEOS)
1113 crypto::ScopedPK11Slot public_slot =
1114 crypto::GetPublicSlotForChromeOSUser(username_hash_);
1115 // The private slot won't be ready by this point. It shouldn't be necessary
1116 // for cert trust purposes anyway.
1117 scoped_refptr<net::CertVerifyProc> verify_proc(
1118 new chromeos::CertVerifyProcChromeOS(public_slot.Pass()));
1119 if (policy_cert_verifier_) {
1120 DCHECK_EQ(policy_cert_verifier_, cert_verifier_.get());
1121 policy_cert_verifier_->InitializeOnIOThread(verify_proc);
1122 } else {
1123 cert_verifier_.reset(
1124 new net::MultiThreadedCertVerifier(verify_proc.get()));
1125 }
1126 main_request_context_->set_cert_verifier(cert_verifier_.get());
1127 #else
1128 main_request_context_->set_cert_verifier(
1129 io_thread_globals->cert_verifier.get());
1130 #endif
1131 }
1132
1133 // Install the New Tab Page Interceptor.
1134 if (profile_params_->new_tab_page_interceptor.get()) {
1135 request_interceptors.push_back(
1136 profile_params_->new_tab_page_interceptor.release());
1137 }
1138
1139 InitializeInternal(
1140 network_delegate.Pass(), profile_params_.get(),
1141 protocol_handlers, request_interceptors.Pass());
1142
1143 profile_params_.reset();
1144 initialized_ = true;
1145 }
1146
1147 void ProfileIOData::ApplyProfileParamsToContext(
1148 net::URLRequestContext* context) const {
1149 context->set_http_user_agent_settings(
1150 chrome_http_user_agent_settings_.get());
1151 context->set_ssl_config_service(profile_params_->ssl_config_service.get());
1152 }
1153
1154 scoped_ptr<net::URLRequestJobFactory> ProfileIOData::SetUpJobFactoryDefaults(
1155 scoped_ptr<net::URLRequestJobFactoryImpl> job_factory,
1156 content::URLRequestInterceptorScopedVector request_interceptors,
1157 scoped_ptr<ProtocolHandlerRegistry::JobInterceptorFactory>
1158 protocol_handler_interceptor,
1159 net::NetworkDelegate* network_delegate,
1160 net::FtpTransactionFactory* ftp_transaction_factory) const {
1161 // NOTE(willchan): Keep these protocol handlers in sync with
1162 // ProfileIOData::IsHandledProtocol().
1163 bool set_protocol = job_factory->SetProtocolHandler(
1164 url::kFileScheme,
1165 make_scoped_ptr(new net::FileProtocolHandler(
1166 content::BrowserThread::GetBlockingPool()
1167 ->GetTaskRunnerWithShutdownBehavior(
1168 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN))));
1169 DCHECK(set_protocol);
1170
1171 #if defined(ENABLE_EXTENSIONS)
1172 DCHECK(extension_info_map_.get());
1173 // Check only for incognito (and not Chrome OS guest mode GUEST_PROFILE).
1174 bool is_incognito = profile_type() == Profile::INCOGNITO_PROFILE;
1175 set_protocol = job_factory->SetProtocolHandler(
1176 extensions::kExtensionScheme,
1177 extensions::CreateExtensionProtocolHandler(is_incognito,
1178 extension_info_map_.get()));
1179 DCHECK(set_protocol);
1180 set_protocol = job_factory->SetProtocolHandler(
1181 extensions::kExtensionResourceScheme,
1182 CreateExtensionResourceProtocolHandler());
1183 DCHECK(set_protocol);
1184 #endif
1185 set_protocol = job_factory->SetProtocolHandler(
1186 url::kDataScheme, make_scoped_ptr(new net::DataProtocolHandler()));
1187 DCHECK(set_protocol);
1188 #if defined(OS_CHROMEOS)
1189 if (profile_params_) {
1190 set_protocol = job_factory->SetProtocolHandler(
1191 content::kExternalFileScheme,
1192 make_scoped_ptr(new chromeos::ExternalFileProtocolHandler(
1193 profile_params_->profile)));
1194 DCHECK(set_protocol);
1195 }
1196 #endif // defined(OS_CHROMEOS)
1197 #if defined(OS_ANDROID)
1198 set_protocol = job_factory->SetProtocolHandler(
1199 url::kContentScheme,
1200 content::ContentProtocolHandler::Create(
1201 content::BrowserThread::GetBlockingPool()
1202 ->GetTaskRunnerWithShutdownBehavior(
1203 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN)));
1204 #endif
1205
1206 job_factory->SetProtocolHandler(
1207 url::kAboutScheme,
1208 make_scoped_ptr(new about_handler::AboutProtocolHandler()));
1209 #if !defined(DISABLE_FTP_SUPPORT)
1210 DCHECK(ftp_transaction_factory);
1211 job_factory->SetProtocolHandler(
1212 url::kFtpScheme,
1213 make_scoped_ptr(new net::FtpProtocolHandler(ftp_transaction_factory)));
1214 #endif // !defined(DISABLE_FTP_SUPPORT)
1215
1216 #if defined(DEBUG_DEVTOOLS)
1217 request_interceptors.push_back(new DebugDevToolsInterceptor);
1218 #endif
1219
1220 // Set up interceptors in the reverse order.
1221 scoped_ptr<net::URLRequestJobFactory> top_job_factory = job_factory.Pass();
1222 for (content::URLRequestInterceptorScopedVector::reverse_iterator i =
1223 request_interceptors.rbegin();
1224 i != request_interceptors.rend();
1225 ++i) {
1226 top_job_factory.reset(new net::URLRequestInterceptingJobFactory(
1227 top_job_factory.Pass(), make_scoped_ptr(*i)));
1228 }
1229 request_interceptors.weak_clear();
1230
1231 if (protocol_handler_interceptor) {
1232 protocol_handler_interceptor->Chain(top_job_factory.Pass());
1233 return protocol_handler_interceptor.Pass();
1234 } else {
1235 return top_job_factory.Pass();
1236 }
1237 }
1238
1239 void ProfileIOData::ShutdownOnUIThread(
1240 scoped_ptr<ChromeURLRequestContextGetterVector> context_getters) {
1241 DCHECK_CURRENTLY_ON(BrowserThread::UI);
1242
1243 google_services_user_account_id_.Destroy();
1244 enable_referrers_.Destroy();
1245 enable_do_not_track_.Destroy();
1246 force_google_safesearch_.Destroy();
1247 force_youtube_safety_mode_.Destroy();
1248 #if !defined(OS_CHROMEOS)
1249 enable_metrics_.Destroy();
1250 #endif
1251 safe_browsing_enabled_.Destroy();
1252 sync_disabled_.Destroy();
1253 signin_allowed_.Destroy();
1254 network_prediction_options_.Destroy();
1255 quick_check_enabled_.Destroy();
1256 if (media_device_id_salt_.get())
1257 media_device_id_salt_->ShutdownOnUIThread();
1258 session_startup_pref_.Destroy();
1259 #if defined(ENABLE_CONFIGURATION_POLICY)
1260 if (url_blacklist_manager_)
1261 url_blacklist_manager_->ShutdownOnUIThread();
1262 #endif
1263 if (chrome_http_user_agent_settings_)
1264 chrome_http_user_agent_settings_->CleanupOnUIThread();
1265 incognito_availibility_pref_.Destroy();
1266
1267 if (!context_getters->empty()) {
1268 if (BrowserThread::IsMessageLoopValid(BrowserThread::IO)) {
1269 BrowserThread::PostTask(
1270 BrowserThread::IO, FROM_HERE,
1271 base::Bind(&NotifyContextGettersOfShutdownOnIO,
1272 base::Passed(&context_getters)));
1273 }
1274 }
1275
1276 bool posted = BrowserThread::DeleteSoon(BrowserThread::IO, FROM_HERE, this);
1277 if (!posted)
1278 delete this;
1279 }
1280
1281 void ProfileIOData::set_channel_id_service(
1282 net::ChannelIDService* channel_id_service) const {
1283 channel_id_service_.reset(channel_id_service);
1284 }
1285
1286 void ProfileIOData::DestroyResourceContext() {
1287 resource_context_.reset();
1288 }
1289
1290 scoped_ptr<net::HttpCache> ProfileIOData::CreateMainHttpFactory(
1291 const ProfileParams* profile_params,
1292 net::HttpCache::BackendFactory* main_backend) const {
1293 net::HttpNetworkSession::Params params;
1294 net::URLRequestContext* context = main_request_context();
1295
1296 IOThread* const io_thread = profile_params->io_thread;
1297
1298 io_thread->InitializeNetworkSessionParams(&params);
1299
1300 params.host_resolver = context->host_resolver();
1301 params.cert_verifier = context->cert_verifier();
1302 params.channel_id_service = context->channel_id_service();
1303 params.transport_security_state = context->transport_security_state();
1304 params.cert_transparency_verifier = context->cert_transparency_verifier();
1305 params.proxy_service = context->proxy_service();
1306 params.ssl_session_cache_shard = GetSSLSessionCacheShard();
1307 params.ssl_config_service = context->ssl_config_service();
1308 params.http_auth_handler_factory = context->http_auth_handler_factory();
1309 params.network_delegate = context->network_delegate();
1310 params.http_server_properties = context->http_server_properties();
1311 params.net_log = context->net_log();
1312 if (data_reduction_proxy_io_data_.get())
1313 params.proxy_delegate = data_reduction_proxy_io_data_->proxy_delegate();
1314
1315 net::HttpNetworkSession* session = new net::HttpNetworkSession(params);
1316 return scoped_ptr<net::HttpCache>(new net::HttpCache(
1317 new DevToolsNetworkTransactionFactory(
1318 network_controller_handle_.GetController(), session),
1319 context->net_log(), main_backend));
1320 }
1321
1322 scoped_ptr<net::HttpCache> ProfileIOData::CreateHttpFactory(
1323 net::HttpNetworkSession* shared_session,
1324 net::HttpCache::BackendFactory* backend) const {
1325 return scoped_ptr<net::HttpCache>(new net::HttpCache(
1326 new DevToolsNetworkTransactionFactory(
1327 network_controller_handle_.GetController(), shared_session),
1328 shared_session->net_log(), backend));
1329 }
1330
1331 void ProfileIOData::SetCookieSettingsForTesting(
1332 content_settings::CookieSettings* cookie_settings) {
1333 DCHECK(!cookie_settings_.get());
1334 cookie_settings_ = cookie_settings;
1335 }