Fix additional-trust-anchors

rogerwang · rogerwang · commit 1976970e5a21 · 2019-11-15T01:34:03.000-07:00
diff --git a/BUILD.gn b/BUILD.gn
@@ -117,8 +117,8 @@ nw_chrome_browser_sources = [
         "src/browser/nw_chrome_browser_hooks.h",
         "src/browser/nw_extensions_browser_hooks.cc",
         "src/browser/nw_extensions_browser_hooks.h",
-        "src/policy_cert_verifier.cc",
-        "src/policy_cert_verifier.h",
+        #"src/policy_cert_verifier.cc",
+        #"src/policy_cert_verifier.h",
         "src/nw_content_verifier_delegate.cc",
         "src/nw_content_verifier_delegate.h",
 ]
diff --git a/src/browser/nw_chrome_browser_hooks.cc b/src/browser/nw_chrome_browser_hooks.cc
@@ -34,8 +34,10 @@
 #include "content/nw/src/common/shell_switches.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/child_process_security_policy.h"
+#include "content/public/browser/network_service_instance.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
+#include "content/public/browser/storage_partition.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/result_codes.h"
 
@@ -58,6 +60,7 @@
 #include "sql/meta_table.h"
 #include "sql/transaction.h"
 #include "storage/common/database/database_identifier.h"
+#include "services/network/network_service.h"
 
 #if defined(OS_WIN)
 #define _USE_MATH_DEFINES
@@ -188,32 +191,16 @@ bool GetDirUserData(base::FilePath *user_data_dir) {
   return base::PathService::Get(chrome::DIR_USER_DATA, user_data_dir);
 }
 
-#if 0
-void SetTrustAnchorsOnIOThread(const scoped_refptr<net::URLRequestContextGetter>& url_request_getter,
-                               IOThread* io_thread,
-                               const net::CertificateList& trust_anchors) {
-  PolicyCertVerifier* verifier =
-    (PolicyCertVerifier*)io_thread->globals()->system_request_context->cert_verifier();
-  verifier->SetTrustAnchors(trust_anchors);
-#if 1
-  net::URLRequestContext* url_request_context =
-    url_request_getter->GetURLRequestContext();
-  PolicyCertVerifier* verifier2 = (PolicyCertVerifier*)url_request_context->cert_verifier();
-  verifier2->SetTrustAnchors(trust_anchors);
-#endif
-}
-
 void SetTrustAnchors(net::CertificateList& trust_anchors) {
   // LOG(INFO)
   //   << "Added " << trust_anchors.size() << " certificates to trust anchors.";
+#if 0
   Profile* profile = ProfileManager::GetActiveUserProfile();
-  net::URLRequestContextGetter* url_request_context_getter = profile->GetRequestContext();
-  base::PostTaskWithTraits(FROM_HERE,
-    {content::BrowserThread::IO},
-    base::BindOnce(SetTrustAnchorsOnIOThread, base::WrapRefCounted(url_request_context_getter),
-               g_browser_process->io_thread(), trust_anchors));
-}
+  content::StoragePartition* storage_partition =
+    content::BrowserContext::GetDefaultStoragePartition(profile);
 #endif
+  content::GetNetworkService()->SetAdditionalTrustAnchors(trust_anchors);
+}
 
 void SetAppIcon(gfx::Image &icon) {
   g_app_icon = icon;
@@ -389,13 +376,7 @@ void MainPartsPreMainMessageLoopRunHook() {
       trust_anchors.insert(trust_anchors.end(), loaded.begin(), loaded.end());
     }
     if (!trust_anchors.empty()) {
-#if !defined(OS_MACOSX)
-      //SetTrustAnchors(trust_anchors);
-#else
-      net::TestRootCerts* certs = net::TestRootCerts::GetInstance();
-      for (size_t i = 0; i < trust_anchors.size(); i++)
-        certs->Add(trust_anchors[i].get());
-#endif
+      SetTrustAnchors(trust_anchors);
     }
   }
 }
diff --git a/src/policy_cert_verifier.cc b/src/policy_cert_verifier.cc
@@ -6,7 +6,6 @@
 
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
-#include "chrome/browser/browser_process.h"
 #include "content/public/browser/browser_thread.h"
 #include "net/base/net_errors.h"
 #include "net/cert/caching_cert_verifier.h"
@@ -20,7 +19,6 @@ namespace {
 void MaybeSignalAnchorUse(int error,
                           const base::Closure& anchor_used_callback,
                           const net::CertVerifyResult& verify_result) {
-  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
   if (error != net::OK || !verify_result.is_issued_by_additional_trust_anchor ||
       anchor_used_callback.is_null()) {
     return;
@@ -33,7 +31,6 @@ void CompleteAndSignalAnchorUse(
     net::CompletionOnceCallback completion_callback,
     const net::CertVerifyResult* verify_result,
     int error) {
-  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
   MaybeSignalAnchorUse(error, anchor_used_callback, *verify_result);
   std::move(completion_callback).Run(error);
 }
@@ -53,16 +50,15 @@ net::CertVerifier::Config ExtendTrustAnchors(
 PolicyCertVerifier::PolicyCertVerifier(
     const base::Closure& anchor_used_callback)
     : anchor_used_callback_(anchor_used_callback) {
+  LOG(WARNING) << "===> PolicyCertVerifier::PolicyCertVerifier";
   //DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
 }
 
 PolicyCertVerifier::~PolicyCertVerifier() {
-  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
 }
 
 void PolicyCertVerifier::InitializeOnIOThread(
     const scoped_refptr<net::CertVerifyProc>& verify_proc) {
-  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
   if (!verify_proc->SupportsAdditionalTrustAnchors()) {
     LOG(WARNING)
         << "Additional trust anchors not supported on the current platform!";
@@ -74,7 +70,7 @@ void PolicyCertVerifier::InitializeOnIOThread(
 
 void PolicyCertVerifier::SetTrustAnchors(
     const net::CertificateList& trust_anchors) {
-  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+  LOG(WARNING) << "===> PolicyCertVerifier::SetTrustAnchors";
   if (trust_anchors == trust_anchors_)
     return;
   trust_anchors_ = trust_anchors;
@@ -89,7 +85,6 @@ int PolicyCertVerifier::Verify(
     net::CompletionOnceCallback completion_callback,
     std::unique_ptr<Request>* out_req,
     const net::NetLogWithSource& net_log) {
-  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
   DCHECK(delegate_);
   net::CompletionOnceCallback wrapped_callback =
       base::BindOnce(&CompleteAndSignalAnchorUse,
@@ -104,7 +99,6 @@ int PolicyCertVerifier::Verify(
 }
 
 void PolicyCertVerifier::SetConfig(const Config& config) {
-  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
   orig_config_ = config;
   delegate_->SetConfig(ExtendTrustAnchors(orig_config_, trust_anchors_));
 }
