OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/nss_util.h" | 5 #include "base/nss_util.h" |
6 #include "base/nss_util_internal.h" | 6 #include "base/nss_util_internal.h" |
7 | 7 |
8 #include <nss.h> | 8 #include <nss.h> |
9 #include <plarena.h> | 9 #include <plarena.h> |
10 #include <prerror.h> | 10 #include <prerror.h> |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
61 FilePath GetInitialConfigDirectory() { | 61 FilePath GetInitialConfigDirectory() { |
62 #if defined(OS_CHROMEOS) | 62 #if defined(OS_CHROMEOS) |
63 static const FilePath::CharType kReadOnlyCertDB[] = | 63 static const FilePath::CharType kReadOnlyCertDB[] = |
64 FILE_PATH_LITERAL("/etc/fake_root_ca/nssdb"); | 64 FILE_PATH_LITERAL("/etc/fake_root_ca/nssdb"); |
65 return FilePath(kReadOnlyCertDB); | 65 return FilePath(kReadOnlyCertDB); |
66 #else | 66 #else |
67 return GetDefaultConfigDirectory(); | 67 return GetDefaultConfigDirectory(); |
68 #endif // defined(OS_CHROMEOS) | 68 #endif // defined(OS_CHROMEOS) |
69 } | 69 } |
70 | 70 |
| 71 // This callback for NSS forwards all requests to a caller-specified |
| 72 // PK11BlockingPasswordDelegate object. |
| 73 char* PK11PasswordFunc(PK11SlotInfo* slot, PRBool retry, void* arg) { |
| 74 base::PK11BlockingPasswordDelegate* delegate = |
| 75 reinterpret_cast<base::PK11BlockingPasswordDelegate*>(arg); |
| 76 if (delegate) |
| 77 return delegate->RequestPassword(slot, retry); |
| 78 DLOG(ERROR) << "PK11 password requested with NULL arg"; |
| 79 return NULL; |
| 80 } |
| 81 |
71 // NSS creates a local cache of the sqlite database if it detects that the | 82 // NSS creates a local cache of the sqlite database if it detects that the |
72 // filesystem the database is on is much slower than the local disk. The | 83 // filesystem the database is on is much slower than the local disk. The |
73 // detection doesn't work with the latest versions of sqlite, such as 3.6.22 | 84 // detection doesn't work with the latest versions of sqlite, such as 3.6.22 |
74 // (NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=578561). So we set | 85 // (NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=578561). So we set |
75 // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's | 86 // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's |
76 // detection when database_dir is on NFS. See http://crbug.com/48585. | 87 // detection when database_dir is on NFS. See http://crbug.com/48585. |
77 // | 88 // |
78 // TODO(wtc): port this function to other USE_NSS platforms. It is defined | 89 // TODO(wtc): port this function to other USE_NSS platforms. It is defined |
79 // only for OS_LINUX simply because the statfs structure is OS-specific. | 90 // only for OS_LINUX simply because the statfs structure is OS-specific. |
80 void UseLocalCacheOfNSSDatabaseIfNFS(const FilePath& database_dir) { | 91 void UseLocalCacheOfNSSDatabaseIfNFS(const FilePath& database_dir) { |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
187 LOG(WARNING) << "Initialize NSS without a persistent database " | 198 LOG(WARNING) << "Initialize NSS without a persistent database " |
188 "(~/.pki/nssdb)."; | 199 "(~/.pki/nssdb)."; |
189 status = NSS_NoDB_Init(NULL); | 200 status = NSS_NoDB_Init(NULL); |
190 if (status != SECSuccess) { | 201 if (status != SECSuccess) { |
191 LOG(ERROR) << "Error initializing NSS without a persistent " | 202 LOG(ERROR) << "Error initializing NSS without a persistent " |
192 "database: NSS error code " << PR_GetError(); | 203 "database: NSS error code " << PR_GetError(); |
193 return; | 204 return; |
194 } | 205 } |
195 } | 206 } |
196 | 207 |
| 208 PK11_SetPasswordFunc(PK11PasswordFunc); |
| 209 |
197 // If we haven't initialized the password for the NSS databases, | 210 // If we haven't initialized the password for the NSS databases, |
198 // initialize an empty-string password so that we don't need to | 211 // initialize an empty-string password so that we don't need to |
199 // log in. | 212 // log in. |
200 PK11SlotInfo* slot = PK11_GetInternalKeySlot(); | 213 PK11SlotInfo* slot = PK11_GetInternalKeySlot(); |
201 if (slot) { | 214 if (slot) { |
202 // PK11_InitPin may write to the keyDB, but no other thread can use NSS | 215 // PK11_InitPin may write to the keyDB, but no other thread can use NSS |
203 // yet, so we don't need to lock. | 216 // yet, so we don't need to lock. |
204 if (PK11_NeedUserInit(slot)) | 217 if (PK11_NeedUserInit(slot)) |
205 PK11_InitPin(slot, NULL, NULL); | 218 PK11_InitPin(slot, NULL, NULL); |
206 PK11_FreeSlot(slot); | 219 PK11_FreeSlot(slot); |
(...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
363 exploded.millisecond = prxtime.tm_usec / 1000; | 376 exploded.millisecond = prxtime.tm_usec / 1000; |
364 | 377 |
365 return Time::FromUTCExploded(exploded); | 378 return Time::FromUTCExploded(exploded); |
366 } | 379 } |
367 | 380 |
368 PK11SlotInfo* GetDefaultNSSKeySlot() { | 381 PK11SlotInfo* GetDefaultNSSKeySlot() { |
369 return Singleton<NSSInitSingleton>::get()->GetDefaultKeySlot(); | 382 return Singleton<NSSInitSingleton>::get()->GetDefaultKeySlot(); |
370 } | 383 } |
371 | 384 |
372 } // namespace base | 385 } // namespace base |
OLD | NEW |