Chromium Code Reviews Chromium Code Reviews
Issue 394013005:
Remove NSSCertDatabase from ClientCertStoreChromeOS unittest. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/nss_util.h" | 5 #include "crypto/nss_util.h" |
| 6 #include "crypto/nss_util_internal.h" | 6 #include "crypto/nss_util_internal.h" |
| 7 | 7 |
| 8 #include <nss.h> | 8 #include <nss.h> |
| 9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
| 10 #include <plarena.h> | 10 #include <plarena.h> |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 50 #if defined(USE_NSS) | 50 #if defined(USE_NSS) |
| 51 #include "base/synchronization/lock.h" | 51 #include "base/synchronization/lock.h" |
| 52 #include "crypto/nss_crypto_module_delegate.h" | 52 #include "crypto/nss_crypto_module_delegate.h" |
| 53 #endif // defined(USE_NSS) | 53 #endif // defined(USE_NSS) |
| 54 | 54 |
| 55 namespace crypto { | 55 namespace crypto { |
| 56 | 56 |
| 57 namespace { | 57 namespace { |
| 58 | 58 |
| 59 #if defined(OS_CHROMEOS) | 59 #if defined(OS_CHROMEOS) |
| 60 const char kNSSDatabaseName[] = "Real NSS database"; | 60 const char kNSSDatabaseName[] = "Real NSS db"; |
|
pneubeck (no reviews)
2014/07/16 10:08:25
I reduced the length of this string because the ni
Ryan Sleevi
2014/07/16 19:32:18
pedantry: db -> DB
Nicknames have a fixed length.
pneubeck (no reviews)
2014/07/17 13:26:43
shortened the name further and change it to indica
| |
| 61 | 61 |
| 62 // Constants for loading the Chrome OS TPM-backed PKCS #11 library. | 62 // Constants for loading the Chrome OS TPM-backed PKCS #11 library. |
| 63 const char kChapsModuleName[] = "Chaps"; | 63 const char kChapsModuleName[] = "Chaps"; |
| 64 const char kChapsPath[] = "libchaps.so"; | 64 const char kChapsPath[] = "libchaps.so"; |
| 65 | 65 |
| 66 // Fake certificate authority database used for testing. | 66 // Fake certificate authority database used for testing. |
| 67 static const base::FilePath::CharType kReadOnlyCertDB[] = | 67 static const base::FilePath::CharType kReadOnlyCertDB[] = |
| 68 FILE_PATH_LITERAL("/etc/fake_root_ca/nssdb"); | 68 FILE_PATH_LITERAL("/etc/fake_root_ca/nssdb"); |
| 69 #endif // defined(OS_CHROMEOS) | 69 #endif // defined(OS_CHROMEOS) |
| 70 | 70 |
| (...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 280 public: | 280 public: |
| 281 #if defined(OS_CHROMEOS) | 281 #if defined(OS_CHROMEOS) |
| 282 // Used with PostTaskAndReply to pass handles to worker thread and back. | 282 // Used with PostTaskAndReply to pass handles to worker thread and back. |
| 283 struct TPMModuleAndSlot { | 283 struct TPMModuleAndSlot { |
| 284 explicit TPMModuleAndSlot(SECMODModule* init_chaps_module) | 284 explicit TPMModuleAndSlot(SECMODModule* init_chaps_module) |
| 285 : chaps_module(init_chaps_module), tpm_slot(NULL) {} | 285 : chaps_module(init_chaps_module), tpm_slot(NULL) {} |
| 286 SECMODModule* chaps_module; | 286 SECMODModule* chaps_module; |
| 287 PK11SlotInfo* tpm_slot; | 287 PK11SlotInfo* tpm_slot; |
| 288 }; | 288 }; |
| 289 | 289 |
| 290 PK11SlotInfo* OpenPersistentNSSDBForPath(const base::FilePath& path) { | 290 PK11SlotInfo* OpenPersistentNSSDBForPath(const std::string& db_name, |
| 291 const base::FilePath& path) { | |
| 291 DCHECK(thread_checker_.CalledOnValidThread()); | 292 DCHECK(thread_checker_.CalledOnValidThread()); |
| 292 // NSS is allowed to do IO on the current thread since dispatching | 293 // NSS is allowed to do IO on the current thread since dispatching |
| 293 // to a dedicated thread would still have the affect of blocking | 294 // to a dedicated thread would still have the affect of blocking |
| 294 // the current thread, due to NSS's internal locking requirements | 295 // the current thread, due to NSS's internal locking requirements |
| 295 base::ThreadRestrictions::ScopedAllowIO allow_io; | 296 base::ThreadRestrictions::ScopedAllowIO allow_io; |
| 296 | 297 |
| 297 base::FilePath nssdb_path = path.AppendASCII(".pki").AppendASCII("nssdb"); | 298 base::FilePath nssdb_path = path.AppendASCII(".pki").AppendASCII("nssdb"); |
| 298 if (!base::CreateDirectory(nssdb_path)) { | 299 if (!base::CreateDirectory(nssdb_path)) { |
| 299 LOG(ERROR) << "Failed to create " << nssdb_path.value() << " directory."; | 300 LOG(ERROR) << "Failed to create " << nssdb_path.value() << " directory."; |
| 300 return NULL; | 301 return NULL; |
| 301 } | 302 } |
| 302 return OpenUserDB(nssdb_path, kNSSDatabaseName); | 303 return OpenUserDB(nssdb_path, db_name); |
| 303 } | 304 } |
| 304 | 305 |
| 305 void EnableTPMTokenForNSS() { | 306 void EnableTPMTokenForNSS() { |
| 306 DCHECK(thread_checker_.CalledOnValidThread()); | 307 DCHECK(thread_checker_.CalledOnValidThread()); |
| 307 | 308 |
| 308 // If this gets set, then we'll use the TPM for certs with | 309 // If this gets set, then we'll use the TPM for certs with |
| 309 // private keys, otherwise we'll fall back to the software | 310 // private keys, otherwise we'll fall back to the software |
| 310 // implementation. | 311 // implementation. |
| 311 tpm_token_enabled_for_nss_ = true; | 312 tpm_token_enabled_for_nss_ = true; |
| 312 } | 313 } |
| (...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 462 return false; | 463 return false; |
| 463 } | 464 } |
| 464 | 465 |
| 465 // If test slot is set, slot getter methods will short circuit | 466 // If test slot is set, slot getter methods will short circuit |
| 466 // checking |chromeos_user_map_|, so there is nothing left to be | 467 // checking |chromeos_user_map_|, so there is nothing left to be |
| 467 // initialized. | 468 // initialized. |
| 468 if (test_slot_) | 469 if (test_slot_) |
| 469 return false; | 470 return false; |
| 470 | 471 |
| 471 DVLOG(2) << "Opening NSS DB " << path.value(); | 472 DVLOG(2) << "Opening NSS DB " << path.value(); |
| 472 ScopedPK11Slot public_slot(OpenPersistentNSSDBForPath(path)); | 473 std::string db_name = |
| 474 std::string(kNSSDatabaseName) + " for " + username_hash; | |
|
Ryan Sleevi
2014/07/16 21:41:40
base::StringPrintF, rather than string concatting?
pneubeck (no reviews)
2014/07/17 13:26:43
Done.
| |
| 475 ScopedPK11Slot public_slot(OpenPersistentNSSDBForPath(db_name, path)); | |
| 473 chromeos_user_map_[username_hash] = | 476 chromeos_user_map_[username_hash] = |
| 474 new ChromeOSUserData(public_slot.Pass()); | 477 new ChromeOSUserData(public_slot.Pass()); |
| 475 return true; | 478 return true; |
| 476 } | 479 } |
| 477 | 480 |
| 478 bool ShouldInitializeTPMForChromeOSUser(const std::string& username_hash) { | 481 bool ShouldInitializeTPMForChromeOSUser(const std::string& username_hash) { |
| 479 DCHECK(thread_checker_.CalledOnValidThread()); | 482 DCHECK(thread_checker_.CalledOnValidThread()); |
| 480 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); | 483 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); |
| 481 | 484 |
| 482 return !chromeos_user_map_[username_hash] | 485 return !chromeos_user_map_[username_hash] |
| (...skipping 371 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 854 LOG(ERROR) << "After loading " << name << ", loaded==false: " | 857 LOG(ERROR) << "After loading " << name << ", loaded==false: " |
| 855 << GetNSSErrorMessage(); | 858 << GetNSSErrorMessage(); |
| 856 SECMOD_DestroyModule(module); | 859 SECMOD_DestroyModule(module); |
| 857 return NULL; | 860 return NULL; |
| 858 } | 861 } |
| 859 return module; | 862 return module; |
| 860 } | 863 } |
| 861 #endif | 864 #endif |
| 862 | 865 |
| 863 static PK11SlotInfo* OpenUserDB(const base::FilePath& path, | 866 static PK11SlotInfo* OpenUserDB(const base::FilePath& path, |
| 864 const char* description) { | 867 const std::string& description) { |
| 865 const std::string modspec = | 868 const std::string modspec = |
| 866 base::StringPrintf("configDir='sql:%s' tokenDescription='%s'", | 869 base::StringPrintf("configDir='sql:%s' tokenDescription='%s'", |
| 867 path.value().c_str(), description); | 870 path.value().c_str(), description.c_str()); |
| 868 PK11SlotInfo* db_slot = SECMOD_OpenUserDB(modspec.c_str()); | 871 PK11SlotInfo* db_slot = SECMOD_OpenUserDB(modspec.c_str()); |
| 869 if (db_slot) { | 872 if (db_slot) { |
| 870 if (PK11_NeedUserInit(db_slot)) | 873 if (PK11_NeedUserInit(db_slot)) |
| 871 PK11_InitPin(db_slot, NULL, NULL); | 874 PK11_InitPin(db_slot, NULL, NULL); |
| 872 } | 875 } |
| 873 else { | 876 else { |
| 874 LOG(ERROR) << "Error opening persistent database (" << modspec | 877 LOG(ERROR) << "Error opening persistent database (" << modspec |
| 875 << "): " << GetNSSErrorMessage(); | 878 << "): " << GetNSSErrorMessage(); |
| 876 } | 879 } |
| 877 return db_slot; | 880 return db_slot; |
| (...skipping 280 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1158 | 1161 |
| 1159 PRTime BaseTimeToPRTime(base::Time time) { | 1162 PRTime BaseTimeToPRTime(base::Time time) { |
| 1160 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); | 1163 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); |
| 1161 } | 1164 } |
| 1162 | 1165 |
| 1163 PK11SlotInfo* GetPersistentNSSKeySlot() { | 1166 PK11SlotInfo* GetPersistentNSSKeySlot() { |
| 1164 return g_nss_singleton.Get().GetPersistentNSSKeySlot(); | 1167 return g_nss_singleton.Get().GetPersistentNSSKeySlot(); |
| 1165 } | 1168 } |
| 1166 | 1169 |
| 1167 } // namespace crypto | 1170 } // namespace crypto |
| OLD | NEW |
