| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/nss_util.h" | 5 #include "crypto/nss_util.h" |
| 6 #include "base/nss_util_internal.h" | 6 #include "crypto/nss_util_internal.h" |
| 7 | 7 |
| 8 #include <nss.h> | 8 #include <nss.h> |
| 9 #include <plarena.h> | 9 #include <plarena.h> |
| 10 #include <prerror.h> | 10 #include <prerror.h> |
| 11 #include <prinit.h> | 11 #include <prinit.h> |
| 12 #include <prtime.h> | 12 #include <prtime.h> |
| 13 #include <pk11pub.h> | 13 #include <pk11pub.h> |
| 14 #include <secmod.h> | 14 #include <secmod.h> |
| 15 | 15 |
| 16 #if defined(OS_LINUX) | 16 #if defined(OS_LINUX) |
| (...skipping 15 matching lines...) Expand all Loading... |
| 32 | 32 |
| 33 // USE_NSS means we use NSS for everything crypto-related. If USE_NSS is not | 33 // USE_NSS means we use NSS for everything crypto-related. If USE_NSS is not |
| 34 // defined, such as on Mac and Windows, we use NSS for SSL only -- we don't | 34 // defined, such as on Mac and Windows, we use NSS for SSL only -- we don't |
| 35 // use NSS for crypto or certificate verification, and we don't use the NSS | 35 // use NSS for crypto or certificate verification, and we don't use the NSS |
| 36 // certificate and key databases. | 36 // certificate and key databases. |
| 37 #if defined(USE_NSS) | 37 #if defined(USE_NSS) |
| 38 #include "base/crypto/crypto_module_blocking_password_delegate.h" | 38 #include "base/crypto/crypto_module_blocking_password_delegate.h" |
| 39 #include "base/synchronization/lock.h" | 39 #include "base/synchronization/lock.h" |
| 40 #endif // defined(USE_NSS) | 40 #endif // defined(USE_NSS) |
| 41 | 41 |
| 42 namespace base { | 42 namespace crypto { |
| 43 | 43 |
| 44 namespace { | 44 namespace { |
| 45 | 45 |
| 46 #if defined(USE_NSS) | 46 #if defined(USE_NSS) |
| 47 FilePath GetDefaultConfigDirectory() { | 47 FilePath GetDefaultConfigDirectory() { |
| 48 FilePath dir = file_util::GetHomeDir(); | 48 FilePath dir = file_util::GetHomeDir(); |
| 49 if (dir.empty()) { | 49 if (dir.empty()) { |
| 50 LOG(ERROR) << "Failed to get home directory."; | 50 LOG(ERROR) << "Failed to get home directory."; |
| 51 return dir; | 51 return dir; |
| 52 } | 52 } |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 136 return NULL; | 136 return NULL; |
| 137 } | 137 } |
| 138 #endif // defined(USE_NSS) | 138 #endif // defined(USE_NSS) |
| 139 | 139 |
| 140 // A singleton to initialize/deinitialize NSPR. | 140 // A singleton to initialize/deinitialize NSPR. |
| 141 // Separate from the NSS singleton because we initialize NSPR on the UI thread. | 141 // Separate from the NSS singleton because we initialize NSPR on the UI thread. |
| 142 // Now that we're leaking the singleton, we could merge back with the NSS | 142 // Now that we're leaking the singleton, we could merge back with the NSS |
| 143 // singleton. | 143 // singleton. |
| 144 class NSPRInitSingleton { | 144 class NSPRInitSingleton { |
| 145 private: | 145 private: |
| 146 friend struct DefaultLazyInstanceTraits<NSPRInitSingleton>; | 146 friend struct base::DefaultLazyInstanceTraits<NSPRInitSingleton>; |
| 147 | 147 |
| 148 NSPRInitSingleton() { | 148 NSPRInitSingleton() { |
| 149 PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); | 149 PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); |
| 150 } | 150 } |
| 151 | 151 |
| 152 // NOTE(willchan): We don't actually execute this code since we leak NSS to | 152 // NOTE(willchan): We don't actually execute this code since we leak NSS to |
| 153 // prevent non-joinable threads from using NSS after it's already been shut | 153 // prevent non-joinable threads from using NSS after it's already been shut |
| 154 // down. | 154 // down. |
| 155 ~NSPRInitSingleton() { | 155 ~NSPRInitSingleton() { |
| 156 PL_ArenaFinish(); | 156 PL_ArenaFinish(); |
| 157 PRStatus prstatus = PR_Cleanup(); | 157 PRStatus prstatus = PR_Cleanup(); |
| 158 if (prstatus != PR_SUCCESS) { | 158 if (prstatus != PR_SUCCESS) { |
| 159 LOG(ERROR) << "PR_Cleanup failed; was NSPR initialized on wrong thread?"; | 159 LOG(ERROR) << "PR_Cleanup failed; was NSPR initialized on wrong thread?"; |
| 160 } | 160 } |
| 161 } | 161 } |
| 162 }; | 162 }; |
| 163 | 163 |
| 164 LazyInstance<NSPRInitSingleton, LeakyLazyInstanceTraits<NSPRInitSingleton> > | 164 base::LazyInstance<NSPRInitSingleton, |
| 165 g_nspr_singleton(LINKER_INITIALIZED); | 165 base::LeakyLazyInstanceTraits<NSPRInitSingleton> > |
| 166 g_nspr_singleton(base::LINKER_INITIALIZED); |
| 166 | 167 |
| 167 class NSSInitSingleton { | 168 class NSSInitSingleton { |
| 168 public: | 169 public: |
| 169 #if defined(OS_CHROMEOS) | 170 #if defined(OS_CHROMEOS) |
| 170 void OpenPersistentNSSDB() { | 171 void OpenPersistentNSSDB() { |
| 171 if (!chromeos_user_logged_in_) { | 172 if (!chromeos_user_logged_in_) { |
| 172 // GetDefaultConfigDirectory causes us to do blocking IO on UI thread. | 173 // GetDefaultConfigDirectory causes us to do blocking IO on UI thread. |
| 173 // Temporarily allow it until we fix http://crbug.com.70119 | 174 // Temporarily allow it until we fix http://crbug.com.70119 |
| 174 ThreadRestrictions::ScopedAllowIO allow_io; | 175 ThreadRestrictions::ScopedAllowIO allow_io; |
| 175 chromeos_user_logged_in_ = true; | 176 chromeos_user_logged_in_ = true; |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 208 } | 209 } |
| 209 #endif // defined(USE_NSS) | 210 #endif // defined(USE_NSS) |
| 210 | 211 |
| 211 // This method is used to force NSS to be initialized without a DB. | 212 // This method is used to force NSS to be initialized without a DB. |
| 212 // Call this method before NSSInitSingleton() is constructed. | 213 // Call this method before NSSInitSingleton() is constructed. |
| 213 static void ForceNoDBInit() { | 214 static void ForceNoDBInit() { |
| 214 force_nodb_init_ = true; | 215 force_nodb_init_ = true; |
| 215 } | 216 } |
| 216 | 217 |
| 217 private: | 218 private: |
| 218 friend struct DefaultLazyInstanceTraits<NSSInitSingleton>; | 219 friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>; |
| 219 | 220 |
| 220 NSSInitSingleton() | 221 NSSInitSingleton() |
| 221 : real_db_slot_(NULL), | 222 : real_db_slot_(NULL), |
| 222 test_db_slot_(NULL), | 223 test_db_slot_(NULL), |
| 223 root_(NULL), | 224 root_(NULL), |
| 224 chromeos_user_logged_in_(false) { | 225 chromeos_user_logged_in_(false) { |
| 225 EnsureNSPRInit(); | 226 EnsureNSPRInit(); |
| 226 | 227 |
| 227 // We *must* have NSS >= 3.12.3. See bug 26448. | 228 // We *must* have NSS >= 3.12.3. See bug 26448. |
| 228 COMPILE_ASSERT( | 229 COMPILE_ASSERT( |
| (...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 365 #if defined(USE_NSS) | 366 #if defined(USE_NSS) |
| 366 // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 | 367 // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 |
| 367 // is fixed, we will no longer need the lock. | 368 // is fixed, we will no longer need the lock. |
| 368 Lock write_lock_; | 369 Lock write_lock_; |
| 369 #endif // defined(USE_NSS) | 370 #endif // defined(USE_NSS) |
| 370 }; | 371 }; |
| 371 | 372 |
| 372 // static | 373 // static |
| 373 bool NSSInitSingleton::force_nodb_init_ = false; | 374 bool NSSInitSingleton::force_nodb_init_ = false; |
| 374 | 375 |
| 375 LazyInstance<NSSInitSingleton, LeakyLazyInstanceTraits<NSSInitSingleton> > | 376 base::LazyInstance<NSSInitSingleton, |
| 376 g_nss_singleton(LINKER_INITIALIZED); | 377 base::LeakyLazyInstanceTraits<NSSInitSingleton> > |
| 378 g_nss_singleton(base::LINKER_INITIALIZED); |
| 377 | 379 |
| 378 } // namespace | 380 } // namespace |
| 379 | 381 |
| 380 #if defined(USE_NSS) | 382 #if defined(USE_NSS) |
| 381 void EarlySetupForNSSInit() { | 383 void EarlySetupForNSSInit() { |
| 382 FilePath database_dir = GetInitialConfigDirectory(); | 384 FilePath database_dir = GetInitialConfigDirectory(); |
| 383 if (!database_dir.empty()) | 385 if (!database_dir.empty()) |
| 384 UseLocalCacheOfNSSDatabaseIfNFS(database_dir); | 386 UseLocalCacheOfNSSDatabaseIfNFS(database_dir); |
| 385 } | 387 } |
| 386 #endif | 388 #endif |
| 387 | 389 |
| 388 void EnsureNSPRInit() { | 390 void EnsureNSPRInit() { |
| 389 g_nspr_singleton.Get(); | 391 g_nspr_singleton.Get(); |
| 390 } | 392 } |
| 391 | 393 |
| 392 void EnsureNSSInit() { | 394 void EnsureNSSInit() { |
| 393 // Initializing SSL causes us to do blocking IO. | 395 // Initializing SSL causes us to do blocking IO. |
| 394 // Temporarily allow it until we fix | 396 // Temporarily allow it until we fix |
| 395 // http://code.google.com/p/chromium/issues/detail?id=59847 | 397 // http://code.google.com/p/chromium/issues/detail?id=59847 |
| 396 ThreadRestrictions::ScopedAllowIO allow_io; | 398 base::ThreadRestrictions::ScopedAllowIO allow_io; |
| 397 g_nss_singleton.Get(); | 399 g_nss_singleton.Get(); |
| 398 } | 400 } |
| 399 | 401 |
| 400 void ForceNSSNoDBInit() { | 402 void ForceNSSNoDBInit() { |
| 401 NSSInitSingleton::ForceNoDBInit(); | 403 NSSInitSingleton::ForceNoDBInit(); |
| 402 } | 404 } |
| 403 | 405 |
| 404 void DisableNSSForkCheck() { | 406 void DisableNSSForkCheck() { |
| 405 scoped_ptr<Environment> env(Environment::Create()); | 407 scoped_ptr<base::Environment> env(base::Environment::Create()); |
| 406 env->SetVar("NSS_STRICT_NOFORK", "DISABLED"); | 408 env->SetVar("NSS_STRICT_NOFORK", "DISABLED"); |
| 407 } | 409 } |
| 408 | 410 |
| 409 void LoadNSSLibraries() { | 411 void LoadNSSLibraries() { |
| 410 // Some NSS libraries are linked dynamically so load them here. | 412 // Some NSS libraries are linked dynamically so load them here. |
| 411 #if defined(USE_NSS) | 413 #if defined(USE_NSS) |
| 412 // Try to search for multiple directories to load the libraries. | 414 // Try to search for multiple directories to load the libraries. |
| 413 std::vector<FilePath> paths; | 415 std::vector<FilePath> paths; |
| 414 | 416 |
| 415 // Use relative path to Search PATH for the library files. | 417 // Use relative path to Search PATH for the library files. |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 479 #endif // defined(USE_NSS) | 481 #endif // defined(USE_NSS) |
| 480 | 482 |
| 481 #if defined(OS_CHROMEOS) | 483 #if defined(OS_CHROMEOS) |
| 482 void OpenPersistentNSSDB() { | 484 void OpenPersistentNSSDB() { |
| 483 g_nss_singleton.Get().OpenPersistentNSSDB(); | 485 g_nss_singleton.Get().OpenPersistentNSSDB(); |
| 484 } | 486 } |
| 485 #endif | 487 #endif |
| 486 | 488 |
| 487 // TODO(port): Implement this more simply. We can convert by subtracting an | 489 // TODO(port): Implement this more simply. We can convert by subtracting an |
| 488 // offset (the difference between NSPR's and base::Time's epochs). | 490 // offset (the difference between NSPR's and base::Time's epochs). |
| 489 Time PRTimeToBaseTime(PRTime prtime) { | 491 base::Time PRTimeToBaseTime(PRTime prtime) { |
| 490 PRExplodedTime prxtime; | 492 PRExplodedTime prxtime; |
| 491 PR_ExplodeTime(prtime, PR_GMTParameters, &prxtime); | 493 PR_ExplodeTime(prtime, PR_GMTParameters, &prxtime); |
| 492 | 494 |
| 493 Time::Exploded exploded; | 495 base::Time::Exploded exploded; |
| 494 exploded.year = prxtime.tm_year; | 496 exploded.year = prxtime.tm_year; |
| 495 exploded.month = prxtime.tm_month + 1; | 497 exploded.month = prxtime.tm_month + 1; |
| 496 exploded.day_of_week = prxtime.tm_wday; | 498 exploded.day_of_week = prxtime.tm_wday; |
| 497 exploded.day_of_month = prxtime.tm_mday; | 499 exploded.day_of_month = prxtime.tm_mday; |
| 498 exploded.hour = prxtime.tm_hour; | 500 exploded.hour = prxtime.tm_hour; |
| 499 exploded.minute = prxtime.tm_min; | 501 exploded.minute = prxtime.tm_min; |
| 500 exploded.second = prxtime.tm_sec; | 502 exploded.second = prxtime.tm_sec; |
| 501 exploded.millisecond = prxtime.tm_usec / 1000; | 503 exploded.millisecond = prxtime.tm_usec / 1000; |
| 502 | 504 |
| 503 return Time::FromUTCExploded(exploded); | 505 return base::Time::FromUTCExploded(exploded); |
| 504 } | 506 } |
| 505 | 507 |
| 506 PK11SlotInfo* GetDefaultNSSKeySlot() { | 508 PK11SlotInfo* GetDefaultNSSKeySlot() { |
| 507 return g_nss_singleton.Get().GetDefaultKeySlot(); | 509 return g_nss_singleton.Get().GetDefaultKeySlot(); |
| 508 } | 510 } |
| 509 | 511 |
| 510 } // namespace base | 512 } // namespace crypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6805019:
Move crypto files out of base, to a top level directory. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/