OLD | NEW |
---|---|
1 // Copyright (c) 2008-2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2008-2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/nss_util.h" | 5 #include "base/nss_util.h" |
6 #include "base/nss_util_internal.h" | 6 #include "base/nss_util_internal.h" |
7 | 7 |
8 #include <nss.h> | 8 #include <nss.h> |
9 #include <plarena.h> | 9 #include <plarena.h> |
10 #include <prerror.h> | 10 #include <prerror.h> |
11 #include <prinit.h> | 11 #include <prinit.h> |
12 #include <prtime.h> | 12 #include <prtime.h> |
13 #include <pk11pub.h> | 13 #include <pk11pub.h> |
14 #include <secmod.h> | 14 #include <secmod.h> |
15 | 15 |
16 #include "base/file_util.h" | 16 #include "base/file_util.h" |
17 #include "base/logging.h" | 17 #include "base/logging.h" |
18 #include "base/singleton.h" | 18 #include "base/singleton.h" |
19 #include "base/string_util.h" | 19 #include "base/string_util.h" |
20 | 20 |
21 #if defined(USE_NSS) | |
22 #include "base/lock.h" | |
23 #include "base/scoped_ptr.h" | |
24 #endif // defined(USE_NSS) | |
wtc
2010/06/21 22:40:53
Two spaces before the comment.
davidben
2010/06/22 02:54:56
Done.
| |
25 | |
21 // On some platforms, we use NSS for SSL only -- we don't use NSS for crypto | 26 // On some platforms, we use NSS for SSL only -- we don't use NSS for crypto |
22 // or certificate verification, and we don't use the NSS certificate and key | 27 // or certificate verification, and we don't use the NSS certificate and key |
23 // databases. | 28 // databases. |
24 #if defined(OS_MACOSX) || defined(OS_WIN) | 29 #if defined(OS_MACOSX) || defined(OS_WIN) |
25 #define USE_NSS_FOR_SSL_ONLY 1 | 30 #define USE_NSS_FOR_SSL_ONLY 1 |
26 #endif | 31 #endif |
27 | 32 |
28 namespace { | 33 namespace { |
29 | 34 |
30 #if !defined(USE_NSS_FOR_SSL_ONLY) | 35 #if !defined(USE_NSS_FOR_SSL_ONLY) |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
161 // If we haven't initialized the password for the NSS databases, | 166 // If we haven't initialized the password for the NSS databases, |
162 // initialize an empty-string password so that we don't need to | 167 // initialize an empty-string password so that we don't need to |
163 // log in. | 168 // log in. |
164 PK11SlotInfo* slot = PK11_GetInternalKeySlot(); | 169 PK11SlotInfo* slot = PK11_GetInternalKeySlot(); |
165 if (slot) { | 170 if (slot) { |
166 if (PK11_NeedUserInit(slot)) | 171 if (PK11_NeedUserInit(slot)) |
167 PK11_InitPin(slot, NULL, NULL); | 172 PK11_InitPin(slot, NULL, NULL); |
168 PK11_FreeSlot(slot); | 173 PK11_FreeSlot(slot); |
169 } | 174 } |
170 | 175 |
176 // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 | |
177 // is fixed, we will no longer need the lock. We should detect this and not | |
178 // initialize a Lock here. | |
179 write_lock_.reset(new Lock()); | |
180 | |
171 root_ = InitDefaultRootCerts(); | 181 root_ = InitDefaultRootCerts(); |
172 #endif // defined(USE_NSS_FOR_SSL_ONLY) | 182 #endif // defined(USE_NSS_FOR_SSL_ONLY) |
173 } | 183 } |
174 | 184 |
175 ~NSSInitSingleton() { | 185 ~NSSInitSingleton() { |
176 if (real_db_slot_) { | 186 if (real_db_slot_) { |
177 SECMOD_CloseUserDB(real_db_slot_); | 187 SECMOD_CloseUserDB(real_db_slot_); |
178 PK11_FreeSlot(real_db_slot_); | 188 PK11_FreeSlot(real_db_slot_); |
179 real_db_slot_ = NULL; | 189 real_db_slot_ = NULL; |
180 } | 190 } |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
212 } | 222 } |
213 } | 223 } |
214 #endif // defined(OS_CHROMEOS) | 224 #endif // defined(OS_CHROMEOS) |
215 | 225 |
216 PK11SlotInfo* GetDefaultKeySlot() { | 226 PK11SlotInfo* GetDefaultKeySlot() { |
217 if (real_db_slot_) | 227 if (real_db_slot_) |
218 return real_db_slot_; | 228 return real_db_slot_; |
219 return PK11_GetInternalKeySlot(); | 229 return PK11_GetInternalKeySlot(); |
220 } | 230 } |
221 | 231 |
232 #if defined(USE_NSS) | |
233 Lock* write_lock() { | |
234 return write_lock_.get(); | |
235 } | |
236 #endif // defined(USE_NSS) | |
237 | |
222 private: | 238 private: |
223 PK11SlotInfo* real_db_slot_; // Overrides internal key slot if non-NULL. | 239 PK11SlotInfo* real_db_slot_; // Overrides internal key slot if non-NULL. |
224 SECMODModule *root_; | 240 SECMODModule *root_; |
225 bool chromeos_user_logged_in_; | 241 bool chromeos_user_logged_in_; |
242 #if defined(USE_NSS) | |
243 scoped_ptr<Lock> write_lock_; | |
244 #endif // defined(USE_NSS) | |
226 }; | 245 }; |
227 | 246 |
228 } // namespace | 247 } // namespace |
229 | 248 |
230 namespace base { | 249 namespace base { |
231 | 250 |
232 void EnsureNSPRInit() { | 251 void EnsureNSPRInit() { |
233 Singleton<NSPRInitSingleton>::get(); | 252 Singleton<NSPRInitSingleton>::get(); |
234 } | 253 } |
235 | 254 |
236 void EnsureNSSInit() { | 255 void EnsureNSSInit() { |
237 Singleton<NSSInitSingleton>::get(); | 256 Singleton<NSSInitSingleton>::get(); |
238 } | 257 } |
239 | 258 |
259 #if defined(USE_NSS) | |
260 Lock* GetNSSWriteLock() { | |
261 return Singleton<NSSInitSingleton>::get()->write_lock(); | |
262 } | |
263 | |
264 AutoNSSWriteLock::AutoNSSWriteLock() : lock_(GetNSSWriteLock()) { | |
265 // May be NULL if the lock is not needed in our version of NSS. | |
266 if (lock_) | |
267 lock_->Acquire(); | |
268 } | |
269 | |
270 AutoNSSWriteLock::~AutoNSSWriteLock() { | |
271 if (lock_) { | |
272 lock_->AssertAcquired(); | |
273 lock_->Release(); | |
274 } | |
275 } | |
276 #endif // defined(USE_NSS) | |
277 | |
240 #if defined(OS_CHROMEOS) | 278 #if defined(OS_CHROMEOS) |
241 void OpenPersistentNSSDB() { | 279 void OpenPersistentNSSDB() { |
242 Singleton<NSSInitSingleton>::get()->OpenPersistentNSSDB(); | 280 Singleton<NSSInitSingleton>::get()->OpenPersistentNSSDB(); |
243 } | 281 } |
244 #endif | 282 #endif |
245 | 283 |
246 // TODO(port): Implement this more simply. We can convert by subtracting an | 284 // TODO(port): Implement this more simply. We can convert by subtracting an |
247 // offset (the difference between NSPR's and base::Time's epochs). | 285 // offset (the difference between NSPR's and base::Time's epochs). |
248 Time PRTimeToBaseTime(PRTime prtime) { | 286 Time PRTimeToBaseTime(PRTime prtime) { |
249 PRExplodedTime prxtime; | 287 PRExplodedTime prxtime; |
(...skipping 10 matching lines...) Expand all Loading... | |
260 exploded.millisecond = prxtime.tm_usec / 1000; | 298 exploded.millisecond = prxtime.tm_usec / 1000; |
261 | 299 |
262 return Time::FromUTCExploded(exploded); | 300 return Time::FromUTCExploded(exploded); |
263 } | 301 } |
264 | 302 |
265 PK11SlotInfo* GetDefaultNSSKeySlot() { | 303 PK11SlotInfo* GetDefaultNSSKeySlot() { |
266 return Singleton<NSSInitSingleton>::get()->GetDefaultKeySlot(); | 304 return Singleton<NSSInitSingleton>::get()->GetDefaultKeySlot(); |
267 } | 305 } |
268 | 306 |
269 } // namespace base | 307 } // namespace base |
OLD | NEW |