Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(53)

Side by Side Diff: crypto/nss_util.cc

Issue 317613004: Remove usage of singleton software_slot_ in nss on ChromeOS (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: method renames Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "crypto/nss_util.h" 5 #include "crypto/nss_util.h"
6 #include "crypto/nss_util_internal.h" 6 #include "crypto/nss_util_internal.h"
7 7
8 #include <nss.h> 8 #include <nss.h>
9 #include <pk11pub.h> 9 #include <pk11pub.h>
10 #include <plarena.h> 10 #include <plarena.h>
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
74 scoped_ptr<char[]> error_text(new char[PR_GetErrorTextLength() + 1]); 74 scoped_ptr<char[]> error_text(new char[PR_GetErrorTextLength() + 1]);
75 PRInt32 copied = PR_GetErrorText(error_text.get()); 75 PRInt32 copied = PR_GetErrorText(error_text.get());
76 result = std::string(error_text.get(), copied); 76 result = std::string(error_text.get(), copied);
77 } else { 77 } else {
78 result = base::StringPrintf("NSS error code: %d", PR_GetError()); 78 result = base::StringPrintf("NSS error code: %d", PR_GetError());
79 } 79 }
80 return result; 80 return result;
81 } 81 }
82 82
83 #if defined(USE_NSS) 83 #if defined(USE_NSS)
84 #if !defined(OS_CHROMEOS)
84 base::FilePath GetDefaultConfigDirectory() { 85 base::FilePath GetDefaultConfigDirectory() {
85 base::FilePath dir; 86 base::FilePath dir;
86 PathService::Get(base::DIR_HOME, &dir); 87 PathService::Get(base::DIR_HOME, &dir);
87 if (dir.empty()) { 88 if (dir.empty()) {
88 LOG(ERROR) << "Failed to get home directory."; 89 LOG(ERROR) << "Failed to get home directory.";
89 return dir; 90 return dir;
90 } 91 }
91 dir = dir.AppendASCII(".pki").AppendASCII("nssdb"); 92 dir = dir.AppendASCII(".pki").AppendASCII("nssdb");
92 if (!base::CreateDirectory(dir)) { 93 if (!base::CreateDirectory(dir)) {
93 LOG(ERROR) << "Failed to create " << dir.value() << " directory."; 94 LOG(ERROR) << "Failed to create " << dir.value() << " directory.";
94 dir.clear(); 95 dir.clear();
95 } 96 }
96 DVLOG(2) << "DefaultConfigDirectory: " << dir.value(); 97 DVLOG(2) << "DefaultConfigDirectory: " << dir.value();
97 return dir; 98 return dir;
98 } 99 }
100 #endif // !defined(IS_CHROMEOS)
99 101
100 // On non-Chrome OS platforms, return the default config directory. On Chrome OS 102 // On non-Chrome OS platforms, return the default config directory. On Chrome OS
101 // test images, return a read-only directory with fake root CA certs (which are 103 // test images, return a read-only directory with fake root CA certs (which are
102 // used by the local Google Accounts server mock we use when testing our login 104 // used by the local Google Accounts server mock we use when testing our login
103 // code). On Chrome OS non-test images (where the read-only directory doesn't 105 // code). On Chrome OS non-test images (where the read-only directory doesn't
104 // exist), return an empty path. 106 // exist), return an empty path.
105 base::FilePath GetInitialConfigDirectory() { 107 base::FilePath GetInitialConfigDirectory() {
106 #if defined(OS_CHROMEOS) 108 #if defined(OS_CHROMEOS)
107 base::FilePath database_dir = base::FilePath(kReadOnlyCertDB); 109 base::FilePath database_dir = base::FilePath(kReadOnlyCertDB);
108 if (!base::PathExists(database_dir)) 110 if (!base::PathExists(database_dir))
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after
209 base::debug::Alias(&nss_error); 211 base::debug::Alias(&nss_error);
210 base::debug::Alias(&os_error); 212 base::debug::Alias(&os_error);
211 LOG(ERROR) << "Error initializing NSS without a persistent database: " 213 LOG(ERROR) << "Error initializing NSS without a persistent database: "
212 << GetNSSErrorMessage(); 214 << GetNSSErrorMessage();
213 LOG(FATAL) << "nss_error=" << nss_error << ", os_error=" << os_error; 215 LOG(FATAL) << "nss_error=" << nss_error << ", os_error=" << os_error;
214 } 216 }
215 217
216 #if defined(OS_CHROMEOS) 218 #if defined(OS_CHROMEOS)
217 class ChromeOSUserData { 219 class ChromeOSUserData {
218 public: 220 public:
219 ChromeOSUserData(ScopedPK11Slot public_slot, bool is_primary_user) 221 explicit ChromeOSUserData(ScopedPK11Slot public_slot)
220 : public_slot_(public_slot.Pass()), 222 : public_slot_(public_slot.Pass()),
221 is_primary_user_(is_primary_user) {} 223 private_slot_initialization_started_(false) {}
222 ~ChromeOSUserData() { 224 ~ChromeOSUserData() {
223 if (public_slot_ && !is_primary_user_) { 225 if (public_slot_) {
224 SECStatus status = SECMOD_CloseUserDB(public_slot_.get()); 226 SECStatus status = SECMOD_CloseUserDB(public_slot_.get());
225 if (status != SECSuccess) 227 if (status != SECSuccess)
226 PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError(); 228 PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError();
227 } 229 }
228 } 230 }
229 231
230 ScopedPK11Slot GetPublicSlot() { 232 ScopedPK11Slot GetPublicSlot() {
231 return ScopedPK11Slot( 233 return ScopedPK11Slot(
232 public_slot_ ? PK11_ReferenceSlot(public_slot_.get()) : NULL); 234 public_slot_ ? PK11_ReferenceSlot(public_slot_.get()) : NULL);
233 } 235 }
(...skipping 13 matching lines...) Expand all
247 249
248 SlotReadyCallbackList callback_list; 250 SlotReadyCallbackList callback_list;
249 callback_list.swap(tpm_ready_callback_list_); 251 callback_list.swap(tpm_ready_callback_list_);
250 for (SlotReadyCallbackList::iterator i = callback_list.begin(); 252 for (SlotReadyCallbackList::iterator i = callback_list.begin();
251 i != callback_list.end(); 253 i != callback_list.end();
252 ++i) { 254 ++i) {
253 (*i).Run(ScopedPK11Slot(PK11_ReferenceSlot(private_slot_.get()))); 255 (*i).Run(ScopedPK11Slot(PK11_ReferenceSlot(private_slot_.get())));
254 } 256 }
255 } 257 }
256 258
259 bool private_slot_initialization_started() const {
260 return private_slot_initialization_started_;
261 }
262
263 void set_private_slot_initialization_started() {
264 private_slot_initialization_started_ = true;
265 }
266
257 private: 267 private:
258 ScopedPK11Slot public_slot_; 268 ScopedPK11Slot public_slot_;
259 ScopedPK11Slot private_slot_; 269 ScopedPK11Slot private_slot_;
260 bool is_primary_user_; 270
271 bool private_slot_initialization_started_;
261 272
262 typedef std::vector<base::Callback<void(ScopedPK11Slot)> > 273 typedef std::vector<base::Callback<void(ScopedPK11Slot)> >
263 SlotReadyCallbackList; 274 SlotReadyCallbackList;
264 SlotReadyCallbackList tpm_ready_callback_list_; 275 SlotReadyCallbackList tpm_ready_callback_list_;
265 }; 276 };
266 #endif // defined(OS_CHROMEOS) 277 #endif // defined(OS_CHROMEOS)
267 278
268 class NSSInitSingleton { 279 class NSSInitSingleton {
269 public: 280 public:
270 #if defined(OS_CHROMEOS) 281 #if defined(OS_CHROMEOS)
271 // Used with PostTaskAndReply to pass handles to worker thread and back. 282 // Used with PostTaskAndReply to pass handles to worker thread and back.
272 struct TPMModuleAndSlot { 283 struct TPMModuleAndSlot {
273 explicit TPMModuleAndSlot(SECMODModule* init_chaps_module) 284 explicit TPMModuleAndSlot(SECMODModule* init_chaps_module)
274 : chaps_module(init_chaps_module), tpm_slot(NULL) {} 285 : chaps_module(init_chaps_module), tpm_slot(NULL) {}
275 SECMODModule* chaps_module; 286 SECMODModule* chaps_module;
276 PK11SlotInfo* tpm_slot; 287 PK11SlotInfo* tpm_slot;
277 }; 288 };
278 289
279 void OpenPersistentNSSDB() {
280 DCHECK(thread_checker_.CalledOnValidThread());
281
282 if (!chromeos_user_logged_in_) {
283 // GetDefaultConfigDirectory causes us to do blocking IO on UI thread.
284 // Temporarily allow it until we fix http://crbug.com/70119
285 base::ThreadRestrictions::ScopedAllowIO allow_io;
286 chromeos_user_logged_in_ = true;
287
288 // This creates another DB slot in NSS that is read/write, unlike
289 // the fake root CA cert DB and the "default" crypto key
290 // provider, which are still read-only (because we initialized
291 // NSS before we had a cryptohome mounted).
292 software_slot_ = OpenUserDB(GetDefaultConfigDirectory(),
293 kNSSDatabaseName);
294 }
295 }
296
297 PK11SlotInfo* OpenPersistentNSSDBForPath(const base::FilePath& path) { 290 PK11SlotInfo* OpenPersistentNSSDBForPath(const base::FilePath& path) {
298 DCHECK(thread_checker_.CalledOnValidThread()); 291 DCHECK(thread_checker_.CalledOnValidThread());
299 // NSS is allowed to do IO on the current thread since dispatching 292 // NSS is allowed to do IO on the current thread since dispatching
300 // to a dedicated thread would still have the affect of blocking 293 // to a dedicated thread would still have the affect of blocking
301 // the current thread, due to NSS's internal locking requirements 294 // the current thread, due to NSS's internal locking requirements
302 base::ThreadRestrictions::ScopedAllowIO allow_io; 295 base::ThreadRestrictions::ScopedAllowIO allow_io;
303 296
304 base::FilePath nssdb_path = path.AppendASCII(".pki").AppendASCII("nssdb"); 297 base::FilePath nssdb_path = path.AppendASCII(".pki").AppendASCII("nssdb");
305 if (!base::CreateDirectory(nssdb_path)) { 298 if (!base::CreateDirectory(nssdb_path)) {
306 LOG(ERROR) << "Failed to create " << nssdb_path.value() << " directory."; 299 LOG(ERROR) << "Failed to create " << nssdb_path.value() << " directory.";
(...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after
452 445
453 PK11SlotInfo* slot = SECMOD_LookupSlot(chaps_module->moduleID, slot_id); 446 PK11SlotInfo* slot = SECMOD_LookupSlot(chaps_module->moduleID, slot_id);
454 if (!slot) 447 if (!slot)
455 LOG(ERROR) << "TPM slot " << slot_id << " not found."; 448 LOG(ERROR) << "TPM slot " << slot_id << " not found.";
456 return slot; 449 return slot;
457 } 450 }
458 451
459 bool InitializeNSSForChromeOSUser( 452 bool InitializeNSSForChromeOSUser(
460 const std::string& email, 453 const std::string& email,
461 const std::string& username_hash, 454 const std::string& username_hash,
462 bool is_primary_user,
463 const base::FilePath& path) { 455 const base::FilePath& path) {
464 DCHECK(thread_checker_.CalledOnValidThread()); 456 DCHECK(thread_checker_.CalledOnValidThread());
465 if (chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()) { 457 if (chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()) {
466 // This user already exists in our mapping. 458 // This user already exists in our mapping.
467 DVLOG(2) << username_hash << " already initialized."; 459 DVLOG(2) << username_hash << " already initialized.";
468 return false; 460 return false;
469 } 461 }
470 ScopedPK11Slot public_slot; 462
471 if (is_primary_user) { 463 // If test slot is set, slot getter methods will short circuit
472 DVLOG(2) << "Primary user, using GetPublicNSSKeySlot()"; 464 // checking |chromeos_user_map_|, so there is nothing left to be
473 public_slot.reset(GetPublicNSSKeySlot()); 465 // initialized.
474 } else { 466 if (test_slot_)
475 DVLOG(2) << "Opening NSS DB " << path.value(); 467 return false;
476 public_slot.reset(OpenPersistentNSSDBForPath(path)); 468
477 } 469 DVLOG(2) << "Opening NSS DB " << path.value();
470 ScopedPK11Slot public_slot(OpenPersistentNSSDBForPath(path));
478 chromeos_user_map_[username_hash] = 471 chromeos_user_map_[username_hash] =
479 new ChromeOSUserData(public_slot.Pass(), is_primary_user); 472 new ChromeOSUserData(public_slot.Pass());
480 return true; 473 return true;
481 } 474 }
482 475
476 bool GetAndSetStartedInitializeTPMForChromeOSUser(
477 const std::string& username_hash) {
478 DCHECK(thread_checker_.CalledOnValidThread());
479 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end());
480
481 ChromeOSUserData* user_data = chromeos_user_map_[username_hash];
482 bool result = !user_data->private_slot_initialization_started();
483 user_data->set_private_slot_initialization_started();
484 return result;
485 }
486
483 void InitializeTPMForChromeOSUser(const std::string& username_hash, 487 void InitializeTPMForChromeOSUser(const std::string& username_hash,
484 CK_SLOT_ID slot_id) { 488 CK_SLOT_ID slot_id) {
485 DCHECK(thread_checker_.CalledOnValidThread()); 489 DCHECK(thread_checker_.CalledOnValidThread());
486 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); 490 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end());
491 DCHECK(chromeos_user_map_[username_hash]->
492 private_slot_initialization_started());
487 493
488 if (!chaps_module_) 494 if (!chaps_module_)
489 return; 495 return;
490 496
491 // Note that a reference is not taken to chaps_module_. This is safe since 497 // Note that a reference is not taken to chaps_module_. This is safe since
492 // NSSInitSingleton is Leaky, so the reference it holds is never released. 498 // NSSInitSingleton is Leaky, so the reference it holds is never released.
493 scoped_ptr<TPMModuleAndSlot> tpm_args(new TPMModuleAndSlot(chaps_module_)); 499 scoped_ptr<TPMModuleAndSlot> tpm_args(new TPMModuleAndSlot(chaps_module_));
494 TPMModuleAndSlot* tpm_args_ptr = tpm_args.get(); 500 TPMModuleAndSlot* tpm_args_ptr = tpm_args.get();
495 base::WorkerPool::PostTaskAndReply( 501 base::WorkerPool::PostTaskAndReply(
496 FROM_HERE, 502 FROM_HERE,
(...skipping 15 matching lines...) Expand all
512 << !!tpm_args->tpm_slot; 518 << !!tpm_args->tpm_slot;
513 chromeos_user_map_[username_hash]->SetPrivateSlot( 519 chromeos_user_map_[username_hash]->SetPrivateSlot(
514 ScopedPK11Slot(tpm_args->tpm_slot)); 520 ScopedPK11Slot(tpm_args->tpm_slot));
515 } 521 }
516 522
517 void InitializePrivateSoftwareSlotForChromeOSUser( 523 void InitializePrivateSoftwareSlotForChromeOSUser(
518 const std::string& username_hash) { 524 const std::string& username_hash) {
519 DCHECK(thread_checker_.CalledOnValidThread()); 525 DCHECK(thread_checker_.CalledOnValidThread());
520 VLOG(1) << "using software private slot for " << username_hash; 526 VLOG(1) << "using software private slot for " << username_hash;
521 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); 527 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end());
528 DCHECK(chromeos_user_map_[username_hash]->
529 private_slot_initialization_started());
530
522 chromeos_user_map_[username_hash]->SetPrivateSlot( 531 chromeos_user_map_[username_hash]->SetPrivateSlot(
523 chromeos_user_map_[username_hash]->GetPublicSlot()); 532 chromeos_user_map_[username_hash]->GetPublicSlot());
524 } 533 }
525 534
526 ScopedPK11Slot GetPublicSlotForChromeOSUser( 535 ScopedPK11Slot GetPublicSlotForChromeOSUser(
527 const std::string& username_hash) { 536 const std::string& username_hash) {
528 DCHECK(thread_checker_.CalledOnValidThread()); 537 DCHECK(thread_checker_.CalledOnValidThread());
529 538
530 if (username_hash.empty()) { 539 if (username_hash.empty()) {
531 DVLOG(2) << "empty username_hash"; 540 DVLOG(2) << "empty username_hash";
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after
612 621
613 PK11SlotInfo* GetPublicNSSKeySlot() { 622 PK11SlotInfo* GetPublicNSSKeySlot() {
614 // TODO(mattm): Change to DCHECK when callers have been fixed. 623 // TODO(mattm): Change to DCHECK when callers have been fixed.
615 if (!thread_checker_.CalledOnValidThread()) { 624 if (!thread_checker_.CalledOnValidThread()) {
616 DVLOG(1) << "Called on wrong thread.\n" 625 DVLOG(1) << "Called on wrong thread.\n"
617 << base::debug::StackTrace().ToString(); 626 << base::debug::StackTrace().ToString();
618 } 627 }
619 628
620 if (test_slot_) 629 if (test_slot_)
621 return PK11_ReferenceSlot(test_slot_); 630 return PK11_ReferenceSlot(test_slot_);
622 if (software_slot_)
623 return PK11_ReferenceSlot(software_slot_);
624 return PK11_GetInternalKeySlot(); 631 return PK11_GetInternalKeySlot();
625 } 632 }
626 633
627 PK11SlotInfo* GetPrivateNSSKeySlot() { 634 PK11SlotInfo* GetPrivateNSSKeySlot() {
628 // TODO(mattm): Change to DCHECK when callers have been fixed. 635 // TODO(mattm): Change to DCHECK when callers have been fixed.
629 if (!thread_checker_.CalledOnValidThread()) { 636 if (!thread_checker_.CalledOnValidThread()) {
630 DVLOG(1) << "Called on wrong thread.\n" 637 DVLOG(1) << "Called on wrong thread.\n"
631 << base::debug::StackTrace().ToString(); 638 << base::debug::StackTrace().ToString();
632 } 639 }
633 640
634 if (test_slot_) 641 if (test_slot_)
635 return PK11_ReferenceSlot(test_slot_); 642 return PK11_ReferenceSlot(test_slot_);
636 643
637 #if defined(OS_CHROMEOS) 644 #if defined(OS_CHROMEOS)
638 if (tpm_token_enabled_for_nss_) { 645 if (tpm_token_enabled_for_nss_) {
639 if (IsTPMTokenReady(base::Closure())) { 646 if (IsTPMTokenReady(base::Closure())) {
640 return PK11_ReferenceSlot(tpm_slot_); 647 return PK11_ReferenceSlot(tpm_slot_);
641 } else { 648 } else {
642 // If we were supposed to get the hardware token, but were 649 // If we were supposed to get the hardware token, but were
643 // unable to, return NULL rather than fall back to sofware. 650 // unable to, return NULL rather than fall back to sofware.
644 return NULL; 651 return NULL;
645 } 652 }
646 } 653 }
647 #endif 654 #endif
648 // If we weren't supposed to enable the TPM for NSS, then return
649 // the software slot.
650 if (software_slot_)
651 return PK11_ReferenceSlot(software_slot_);
652 return PK11_GetInternalKeySlot(); 655 return PK11_GetInternalKeySlot();
653 } 656 }
654 657
655 #if defined(USE_NSS) 658 #if defined(USE_NSS)
656 base::Lock* write_lock() { 659 base::Lock* write_lock() {
657 return &write_lock_; 660 return &write_lock_;
658 } 661 }
659 #endif // defined(USE_NSS) 662 #endif // defined(USE_NSS)
660 663
661 // This method is used to force NSS to be initialized without a DB. 664 // This method is used to force NSS to be initialized without a DB.
662 // Call this method before NSSInitSingleton() is constructed. 665 // Call this method before NSSInitSingleton() is constructed.
663 static void ForceNoDBInit() { 666 static void ForceNoDBInit() {
664 force_nodb_init_ = true; 667 force_nodb_init_ = true;
665 } 668 }
666 669
667 private: 670 private:
668 friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>; 671 friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>;
669 672
670 NSSInitSingleton() 673 NSSInitSingleton()
671 : tpm_token_enabled_for_nss_(false), 674 : tpm_token_enabled_for_nss_(false),
672 initializing_tpm_token_(false), 675 initializing_tpm_token_(false),
673 chaps_module_(NULL), 676 chaps_module_(NULL),
674 software_slot_(NULL),
675 test_slot_(NULL), 677 test_slot_(NULL),
676 tpm_slot_(NULL), 678 tpm_slot_(NULL),
677 root_(NULL), 679 root_(NULL) {
678 chromeos_user_logged_in_(false) {
679 base::TimeTicks start_time = base::TimeTicks::Now(); 680 base::TimeTicks start_time = base::TimeTicks::Now();
680 681
681 // It's safe to construct on any thread, since LazyInstance will prevent any 682 // It's safe to construct on any thread, since LazyInstance will prevent any
682 // other threads from accessing until the constructor is done. 683 // other threads from accessing until the constructor is done.
683 thread_checker_.DetachFromThread(); 684 thread_checker_.DetachFromThread();
684 685
685 DisableAESNIIfNeeded(); 686 DisableAESNIIfNeeded();
686 687
687 EnsureNSPRInit(); 688 EnsureNSPRInit();
688 689
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after
788 // prevent non-joinable threads from using NSS after it's already been shut 789 // prevent non-joinable threads from using NSS after it's already been shut
789 // down. 790 // down.
790 ~NSSInitSingleton() { 791 ~NSSInitSingleton() {
791 #if defined(OS_CHROMEOS) 792 #if defined(OS_CHROMEOS)
792 STLDeleteValues(&chromeos_user_map_); 793 STLDeleteValues(&chromeos_user_map_);
793 #endif 794 #endif
794 if (tpm_slot_) { 795 if (tpm_slot_) {
795 PK11_FreeSlot(tpm_slot_); 796 PK11_FreeSlot(tpm_slot_);
796 tpm_slot_ = NULL; 797 tpm_slot_ = NULL;
797 } 798 }
798 if (software_slot_) {
799 SECMOD_CloseUserDB(software_slot_);
800 PK11_FreeSlot(software_slot_);
801 software_slot_ = NULL;
802 }
803 CloseTestNSSDB(); 799 CloseTestNSSDB();
804 if (root_) { 800 if (root_) {
805 SECMOD_UnloadUserModule(root_); 801 SECMOD_UnloadUserModule(root_);
806 SECMOD_DestroyModule(root_); 802 SECMOD_DestroyModule(root_);
807 root_ = NULL; 803 root_ = NULL;
808 } 804 }
809 if (chaps_module_) { 805 if (chaps_module_) {
810 SECMOD_UnloadUserModule(chaps_module_); 806 SECMOD_UnloadUserModule(chaps_module_);
811 SECMOD_DestroyModule(chaps_module_); 807 SECMOD_DestroyModule(chaps_module_);
812 chaps_module_ = NULL; 808 chaps_module_ = NULL;
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after
895 } 891 }
896 892
897 // If this is set to true NSS is forced to be initialized without a DB. 893 // If this is set to true NSS is forced to be initialized without a DB.
898 static bool force_nodb_init_; 894 static bool force_nodb_init_;
899 895
900 bool tpm_token_enabled_for_nss_; 896 bool tpm_token_enabled_for_nss_;
901 bool initializing_tpm_token_; 897 bool initializing_tpm_token_;
902 typedef std::vector<base::Closure> TPMReadyCallbackList; 898 typedef std::vector<base::Closure> TPMReadyCallbackList;
903 TPMReadyCallbackList tpm_ready_callback_list_; 899 TPMReadyCallbackList tpm_ready_callback_list_;
904 SECMODModule* chaps_module_; 900 SECMODModule* chaps_module_;
905 PK11SlotInfo* software_slot_;
906 PK11SlotInfo* test_slot_; 901 PK11SlotInfo* test_slot_;
907 PK11SlotInfo* tpm_slot_; 902 PK11SlotInfo* tpm_slot_;
908 SECMODModule* root_; 903 SECMODModule* root_;
909 bool chromeos_user_logged_in_;
910 #if defined(OS_CHROMEOS) 904 #if defined(OS_CHROMEOS)
911 typedef std::map<std::string, ChromeOSUserData*> ChromeOSUserMap; 905 typedef std::map<std::string, ChromeOSUserData*> ChromeOSUserMap;
912 ChromeOSUserMap chromeos_user_map_; 906 ChromeOSUserMap chromeos_user_map_;
913 #endif 907 #endif
914 #if defined(USE_NSS) 908 #if defined(USE_NSS)
915 // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 909 // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011
916 // is fixed, we will no longer need the lock. 910 // is fixed, we will no longer need the lock.
917 base::Lock write_lock_; 911 base::Lock write_lock_;
918 #endif // defined(USE_NSS) 912 #endif // defined(USE_NSS)
919 913
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after
1063 SECMOD_GetReadLock(lock_); 1057 SECMOD_GetReadLock(lock_);
1064 } 1058 }
1065 1059
1066 AutoSECMODListReadLock::~AutoSECMODListReadLock() { 1060 AutoSECMODListReadLock::~AutoSECMODListReadLock() {
1067 SECMOD_ReleaseReadLock(lock_); 1061 SECMOD_ReleaseReadLock(lock_);
1068 } 1062 }
1069 1063
1070 #endif // defined(USE_NSS) 1064 #endif // defined(USE_NSS)
1071 1065
1072 #if defined(OS_CHROMEOS) 1066 #if defined(OS_CHROMEOS)
1073 void OpenPersistentNSSDB() {
1074 g_nss_singleton.Get().OpenPersistentNSSDB();
1075 }
1076
1077 void EnableTPMTokenForNSS() { 1067 void EnableTPMTokenForNSS() {
1078 g_nss_singleton.Get().EnableTPMTokenForNSS(); 1068 g_nss_singleton.Get().EnableTPMTokenForNSS();
1079 } 1069 }
1080 1070
1081 bool IsTPMTokenEnabledForNSS() { 1071 bool IsTPMTokenEnabledForNSS() {
1082 return g_nss_singleton.Get().IsTPMTokenEnabledForNSS(); 1072 return g_nss_singleton.Get().IsTPMTokenEnabledForNSS();
1083 } 1073 }
1084 1074
1085 bool IsTPMTokenReady(const base::Closure& callback) { 1075 bool IsTPMTokenReady(const base::Closure& callback) {
1086 return g_nss_singleton.Get().IsTPMTokenReady(callback); 1076 return g_nss_singleton.Get().IsTPMTokenReady(callback);
1087 } 1077 }
1088 1078
1089 void InitializeTPMToken(int token_slot_id, 1079 void InitializeTPMToken(int token_slot_id,
1090 const base::Callback<void(bool)>& callback) { 1080 const base::Callback<void(bool)>& callback) {
1091 g_nss_singleton.Get().InitializeTPMToken(token_slot_id, callback); 1081 g_nss_singleton.Get().InitializeTPMToken(token_slot_id, callback);
1092 } 1082 }
1093 1083
1094 ScopedTestNSSChromeOSUser::ScopedTestNSSChromeOSUser( 1084 ScopedTestNSSChromeOSUser::ScopedTestNSSChromeOSUser(
1095 const std::string& username_hash) 1085 const std::string& username_hash)
1096 : username_hash_(username_hash), constructed_successfully_(false) { 1086 : username_hash_(username_hash), constructed_successfully_(false) {
1097 if (!temp_dir_.CreateUniqueTempDir()) 1087 if (!temp_dir_.CreateUniqueTempDir())
1098 return; 1088 return;
1099 constructed_successfully_ = 1089 constructed_successfully_ =
1100 InitializeNSSForChromeOSUser(username_hash, 1090 InitializeNSSForChromeOSUser(username_hash,
1101 username_hash, 1091 username_hash,
1102 false /* is_primary_user */,
1103 temp_dir_.path()); 1092 temp_dir_.path());
1104 } 1093 }
1105 1094
1106 ScopedTestNSSChromeOSUser::~ScopedTestNSSChromeOSUser() { 1095 ScopedTestNSSChromeOSUser::~ScopedTestNSSChromeOSUser() {
1107 if (constructed_successfully_) 1096 if (constructed_successfully_)
1108 g_nss_singleton.Get().CloseTestChromeOSUser(username_hash_); 1097 g_nss_singleton.Get().CloseTestChromeOSUser(username_hash_);
1109 } 1098 }
1110 1099
1111 void ScopedTestNSSChromeOSUser::FinishInit() { 1100 void ScopedTestNSSChromeOSUser::FinishInit() {
1101 DCHECK(constructed_successfully_);
1102 if (!GetAndSetStartedInitializeTPMForChromeOSUser(username_hash_))
1103 return;
1112 InitializePrivateSoftwareSlotForChromeOSUser(username_hash_); 1104 InitializePrivateSoftwareSlotForChromeOSUser(username_hash_);
1113 } 1105 }
1114 1106
1115 bool InitializeNSSForChromeOSUser( 1107 bool InitializeNSSForChromeOSUser(
1116 const std::string& email, 1108 const std::string& email,
1117 const std::string& username_hash, 1109 const std::string& username_hash,
1118 bool is_primary_user,
1119 const base::FilePath& path) { 1110 const base::FilePath& path) {
1120 return g_nss_singleton.Get().InitializeNSSForChromeOSUser( 1111 return g_nss_singleton.Get().InitializeNSSForChromeOSUser(
1121 email, username_hash, is_primary_user, path); 1112 email, username_hash, path);
1113 }
1114 bool GetAndSetStartedInitializeTPMForChromeOSUser(
1115 const std::string& username_hash) {
1116 return g_nss_singleton.Get().GetAndSetStartedInitializeTPMForChromeOSUser(
1117 username_hash);
1122 } 1118 }
1123 void InitializeTPMForChromeOSUser( 1119 void InitializeTPMForChromeOSUser(
1124 const std::string& username_hash, 1120 const std::string& username_hash,
1125 CK_SLOT_ID slot_id) { 1121 CK_SLOT_ID slot_id) {
1126 g_nss_singleton.Get().InitializeTPMForChromeOSUser(username_hash, slot_id); 1122 g_nss_singleton.Get().InitializeTPMForChromeOSUser(username_hash, slot_id);
1127 } 1123 }
1128 void InitializePrivateSoftwareSlotForChromeOSUser( 1124 void InitializePrivateSoftwareSlotForChromeOSUser(
1129 const std::string& username_hash) { 1125 const std::string& username_hash) {
1130 g_nss_singleton.Get().InitializePrivateSoftwareSlotForChromeOSUser( 1126 g_nss_singleton.Get().InitializePrivateSoftwareSlotForChromeOSUser(
1131 username_hash); 1127 username_hash);
(...skipping 20 matching lines...) Expand all
1152 1148
1153 PK11SlotInfo* GetPublicNSSKeySlot() { 1149 PK11SlotInfo* GetPublicNSSKeySlot() {
1154 return g_nss_singleton.Get().GetPublicNSSKeySlot(); 1150 return g_nss_singleton.Get().GetPublicNSSKeySlot();
1155 } 1151 }
1156 1152
1157 PK11SlotInfo* GetPrivateNSSKeySlot() { 1153 PK11SlotInfo* GetPrivateNSSKeySlot() {
1158 return g_nss_singleton.Get().GetPrivateNSSKeySlot(); 1154 return g_nss_singleton.Get().GetPrivateNSSKeySlot();
1159 } 1155 }
1160 1156
1161 } // namespace crypto 1157 } // namespace crypto
OLDNEW
« no previous file with comments | « crypto/nss_util.h ('k') | crypto/nss_util_internal.h » ('j') | crypto/nss_util_internal.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698