Add a unit test to check KeygenHandler's thread-safety

base/nss_util.h

Index: base/nss_util.h
diff --git a/base/nss_util.h b/base/nss_util.h
index 94a81cbd233cba829562342ce743dd72e92a479b..a9a27091369644511d2922c346f95fff5fc07f9a 100644
--- a/base/nss_util.h
+++ b/base/nss_util.h
@@ -7,6 +7,10 @@
 
 #include "base/basictypes.h"
 
+#if defined(USE_NSS)
+class Lock;
+#endif // defined(USE_NSS)

[wtc, 2010/06/21 22:40:53]

Nit: two spaces before the comment.  See the Style Guide under
"Line Comments":
http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Implementation...

[davidben, 2010/06/22 02:54:56]

Done.

+
 // This file specifically doesn't depend on any NSS or NSPR headers because it
 // is included by various (non-crypto) parts of chrome to call the
 // initialization functions.
@@ -33,6 +37,30 @@ void OpenPersistentNSSDB();
 // We use a int64 instead of PRTime here to avoid depending on NSPR headers.
 Time PRTimeToBaseTime(int64 prtime);
 
+#if defined(USE_NSS)
+// NSS has a bug which can cause a deadlock or stall in some cases when writing
+// to the certDB. It also has a bug which causes concurrent key pair
+// generations to scribble over each other. To work around this, we synchronize
+// writes to the NSS databases with a global lock. The lock is hidden beneath a
+// function for easy disabling when the bug is fixed. Callers should allow for
+// it to return NULL in the future.
+//
+// See https://bugzilla.mozilla.org/show_bug.cgi?id=564011
+Lock* GetNSSWriteLock();
+
+// A helper class that acquires the NSS write Lock while the AutoNSSWriteLock
+// is in scope.
+class AutoNSSWriteLock {
+ public:
+  AutoNSSWriteLock();
+  ~AutoNSSWriteLock();
+ private:
+  Lock *lock_;
+  DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock);
+};
+
+#endif // defined(USE_NSS)

[davidben, 2010/06/22 02:54:56]

Also added a space here.

+
 }  // namespace base
 
 #endif  // BASE_NSS_UTIL_H_