Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(168)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: crypto/nss_util.cc

Issue 394013005: Remove NSSCertDatabase from ClientCertStoreChromeOS unittest. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Addressed comments. Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/BUILD.gn » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "crypto/nss_util.h" 5 #include "crypto/nss_util.h"
6 #include "crypto/nss_util_internal.h" 6 #include "crypto/nss_util_internal.h"
7 7
8 #include <nss.h> 8 #include <nss.h>
9 #include <pk11pub.h> 9 #include <pk11pub.h>
10 #include <plarena.h> 10 #include <plarena.h>
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
50 #if defined(USE_NSS) 50 #if defined(USE_NSS)
51 #include "base/synchronization/lock.h" 51 #include "base/synchronization/lock.h"
52 #include "crypto/nss_crypto_module_delegate.h" 52 #include "crypto/nss_crypto_module_delegate.h"
53 #endif // defined(USE_NSS) 53 #endif // defined(USE_NSS)
54 54
55 namespace crypto { 55 namespace crypto {
56 56
57 namespace { 57 namespace {
58 58
59 #if defined(OS_CHROMEOS) 59 #if defined(OS_CHROMEOS)
60 const char kNSSDatabaseName[] = "Real NSS database"; 60 const char kUserNSSDatabaseName[] = "UserNSSDB";
61 61
62 // Constants for loading the Chrome OS TPM-backed PKCS #11 library. 62 // Constants for loading the Chrome OS TPM-backed PKCS #11 library.
63 const char kChapsModuleName[] = "Chaps"; 63 const char kChapsModuleName[] = "Chaps";
64 const char kChapsPath[] = "libchaps.so"; 64 const char kChapsPath[] = "libchaps.so";
65 65
66 // Fake certificate authority database used for testing. 66 // Fake certificate authority database used for testing.
67 static const base::FilePath::CharType kReadOnlyCertDB[] = 67 static const base::FilePath::CharType kReadOnlyCertDB[] =
68 FILE_PATH_LITERAL("/etc/fake_root_ca/nssdb"); 68 FILE_PATH_LITERAL("/etc/fake_root_ca/nssdb");
69 #endif // defined(OS_CHROMEOS) 69 #endif // defined(OS_CHROMEOS)
70 70
(...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after
280 public: 280 public:
281 #if defined(OS_CHROMEOS) 281 #if defined(OS_CHROMEOS)
282 // Used with PostTaskAndReply to pass handles to worker thread and back. 282 // Used with PostTaskAndReply to pass handles to worker thread and back.
283 struct TPMModuleAndSlot { 283 struct TPMModuleAndSlot {
284 explicit TPMModuleAndSlot(SECMODModule* init_chaps_module) 284 explicit TPMModuleAndSlot(SECMODModule* init_chaps_module)
285 : chaps_module(init_chaps_module), tpm_slot(NULL) {} 285 : chaps_module(init_chaps_module), tpm_slot(NULL) {}
286 SECMODModule* chaps_module; 286 SECMODModule* chaps_module;
287 PK11SlotInfo* tpm_slot; 287 PK11SlotInfo* tpm_slot;
288 }; 288 };
289 289
290 PK11SlotInfo* OpenPersistentNSSDBForPath(const base::FilePath& path) { 290 PK11SlotInfo* OpenPersistentNSSDBForPath(const std::string& db_name,
291 const base::FilePath& path) {
291 DCHECK(thread_checker_.CalledOnValidThread()); 292 DCHECK(thread_checker_.CalledOnValidThread());
292 // NSS is allowed to do IO on the current thread since dispatching 293 // NSS is allowed to do IO on the current thread since dispatching
293 // to a dedicated thread would still have the affect of blocking 294 // to a dedicated thread would still have the affect of blocking
294 // the current thread, due to NSS's internal locking requirements 295 // the current thread, due to NSS's internal locking requirements
295 base::ThreadRestrictions::ScopedAllowIO allow_io; 296 base::ThreadRestrictions::ScopedAllowIO allow_io;
296 297
297 base::FilePath nssdb_path = path.AppendASCII(".pki").AppendASCII("nssdb"); 298 base::FilePath nssdb_path = path.AppendASCII(".pki").AppendASCII("nssdb");
298 if (!base::CreateDirectory(nssdb_path)) { 299 if (!base::CreateDirectory(nssdb_path)) {
299 LOG(ERROR) << "Failed to create " << nssdb_path.value() << " directory."; 300 LOG(ERROR) << "Failed to create " << nssdb_path.value() << " directory.";
300 return NULL; 301 return NULL;
301 } 302 }
302 return OpenUserDB(nssdb_path, kNSSDatabaseName); 303 return OpenUserDB(nssdb_path, db_name);
303 } 304 }
304 305
305 void EnableTPMTokenForNSS() { 306 void EnableTPMTokenForNSS() {
306 DCHECK(thread_checker_.CalledOnValidThread()); 307 DCHECK(thread_checker_.CalledOnValidThread());
307 308
308 // If this gets set, then we'll use the TPM for certs with 309 // If this gets set, then we'll use the TPM for certs with
309 // private keys, otherwise we'll fall back to the software 310 // private keys, otherwise we'll fall back to the software
310 // implementation. 311 // implementation.
311 tpm_token_enabled_for_nss_ = true; 312 tpm_token_enabled_for_nss_ = true;
312 } 313 }
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after
462 return false; 463 return false;
463 } 464 }
464 465
465 // If test slot is set, slot getter methods will short circuit 466 // If test slot is set, slot getter methods will short circuit
466 // checking |chromeos_user_map_|, so there is nothing left to be 467 // checking |chromeos_user_map_|, so there is nothing left to be
467 // initialized. 468 // initialized.
468 if (test_slot_) 469 if (test_slot_)
469 return false; 470 return false;
470 471
471 DVLOG(2) << "Opening NSS DB " << path.value(); 472 DVLOG(2) << "Opening NSS DB " << path.value();
472 ScopedPK11Slot public_slot(OpenPersistentNSSDBForPath(path)); 473 std::string db_name = base::StringPrintf(
474 "%s %s", kUserNSSDatabaseName, username_hash.c_str());
475 ScopedPK11Slot public_slot(OpenPersistentNSSDBForPath(db_name, path));
473 chromeos_user_map_[username_hash] = 476 chromeos_user_map_[username_hash] =
474 new ChromeOSUserData(public_slot.Pass()); 477 new ChromeOSUserData(public_slot.Pass());
475 return true; 478 return true;
476 } 479 }
477 480
478 bool ShouldInitializeTPMForChromeOSUser(const std::string& username_hash) { 481 bool ShouldInitializeTPMForChromeOSUser(const std::string& username_hash) {
479 DCHECK(thread_checker_.CalledOnValidThread()); 482 DCHECK(thread_checker_.CalledOnValidThread());
480 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); 483 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end());
481 484
482 return !chromeos_user_map_[username_hash] 485 return !chromeos_user_map_[username_hash]
(...skipping 371 matching lines...) Expand 10 before | Expand all | Expand 10 after
854 LOG(ERROR) << "After loading " << name << ", loaded==false: " 857 LOG(ERROR) << "After loading " << name << ", loaded==false: "
855 << GetNSSErrorMessage(); 858 << GetNSSErrorMessage();
856 SECMOD_DestroyModule(module); 859 SECMOD_DestroyModule(module);
857 return NULL; 860 return NULL;
858 } 861 }
859 return module; 862 return module;
860 } 863 }
861 #endif 864 #endif
862 865
863 static PK11SlotInfo* OpenUserDB(const base::FilePath& path, 866 static PK11SlotInfo* OpenUserDB(const base::FilePath& path,
864 const char* description) { 867 const std::string& description) {
865 const std::string modspec = 868 const std::string modspec =
866 base::StringPrintf("configDir='sql:%s' tokenDescription='%s'", 869 base::StringPrintf("configDir='sql:%s' tokenDescription='%s'",
867 path.value().c_str(), description); 870 path.value().c_str(),
871 description.c_str());
868 PK11SlotInfo* db_slot = SECMOD_OpenUserDB(modspec.c_str()); 872 PK11SlotInfo* db_slot = SECMOD_OpenUserDB(modspec.c_str());
869 if (db_slot) { 873 if (db_slot) {
870 if (PK11_NeedUserInit(db_slot)) 874 if (PK11_NeedUserInit(db_slot))
871 PK11_InitPin(db_slot, NULL, NULL); 875 PK11_InitPin(db_slot, NULL, NULL);
872 } 876 }
873 else { 877 else {
874 LOG(ERROR) << "Error opening persistent database (" << modspec 878 LOG(ERROR) << "Error opening persistent database (" << modspec
875 << "): " << GetNSSErrorMessage(); 879 << "): " << GetNSSErrorMessage();
876 } 880 }
877 return db_slot; 881 return db_slot;
(...skipping 280 matching lines...) Expand 10 before | Expand all | Expand 10 after
1158 1162
1159 PRTime BaseTimeToPRTime(base::Time time) { 1163 PRTime BaseTimeToPRTime(base::Time time) {
1160 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); 1164 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue();
1161 } 1165 }
1162 1166
1163 PK11SlotInfo* GetPersistentNSSKeySlot() { 1167 PK11SlotInfo* GetPersistentNSSKeySlot() {
1164 return g_nss_singleton.Get().GetPersistentNSSKeySlot(); 1168 return g_nss_singleton.Get().GetPersistentNSSKeySlot();
1165 } 1169 }
1166 1170
1167 } // namespace crypto 1171 } // namespace crypto
OLDNEW
« no previous file with comments | « no previous file | net/BUILD.gn » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698