OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CRYPTO_NSS_UTIL_H_ | 5 #ifndef CRYPTO_NSS_UTIL_H_ |
6 #define CRYPTO_NSS_UTIL_H_ | 6 #define CRYPTO_NSS_UTIL_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
10 #include "base/callback.h" | 10 #include "base/callback.h" |
11 #include "base/compiler_specific.h" | 11 #include "base/compiler_specific.h" |
12 #include "base/files/scoped_temp_dir.h" | |
13 #include "crypto/crypto_export.h" | 12 #include "crypto/crypto_export.h" |
14 | 13 |
15 namespace base { | 14 namespace base { |
16 class FilePath; | 15 class FilePath; |
17 class Lock; | 16 class Lock; |
18 class Time; | 17 class Time; |
19 } // namespace base | 18 } // namespace base |
20 | 19 |
21 // This file specifically doesn't depend on any NSS or NSPR headers because it | 20 // This file specifically doesn't depend on any NSS or NSPR headers because it |
22 // is included by various (non-crypto) parts of chrome to call the | 21 // is included by various (non-crypto) parts of chrome to call the |
23 // initialization functions. | 22 // initialization functions. |
24 namespace crypto { | 23 namespace crypto { |
25 | 24 |
26 // The TPMToken name used for the NSS slot opened by ScopedTestNSSDB. | |
27 CRYPTO_EXPORT extern const char kTestTPMTokenName[]; | |
28 | |
29 #if defined(USE_NSS) | 25 #if defined(USE_NSS) |
30 // EarlySetupForNSSInit performs lightweight setup which must occur before the | 26 // EarlySetupForNSSInit performs lightweight setup which must occur before the |
31 // process goes multithreaded. This does not initialise NSS. For test, see | 27 // process goes multithreaded. This does not initialise NSS. For test, see |
32 // EnsureNSSInit. | 28 // EnsureNSSInit. |
33 CRYPTO_EXPORT void EarlySetupForNSSInit(); | 29 CRYPTO_EXPORT void EarlySetupForNSSInit(); |
34 #endif | 30 #endif |
35 | 31 |
36 // Initialize NRPR if it isn't already initialized. This function is | 32 // Initialize NRPR if it isn't already initialized. This function is |
37 // thread-safe, and NSPR will only ever be initialized once. | 33 // thread-safe, and NSPR will only ever be initialized once. |
38 CRYPTO_EXPORT void EnsureNSPRInit(); | 34 CRYPTO_EXPORT void EnsureNSPRInit(); |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
114 WARN_UNUSED_RESULT; | 110 WARN_UNUSED_RESULT; |
115 | 111 |
116 // Initialize the TPM token and system slot. The |callback| will run on the same | 112 // Initialize the TPM token and system slot. The |callback| will run on the same |
117 // thread with true if the token and slot were successfully loaded or were | 113 // thread with true if the token and slot were successfully loaded or were |
118 // already initialized. |callback| will be passed false if loading failed. Once | 114 // already initialized. |callback| will be passed false if loading failed. Once |
119 // called, InitializeTPMTokenAndSystemSlot must not be called again until the | 115 // called, InitializeTPMTokenAndSystemSlot must not be called again until the |
120 // |callback| has been run. | 116 // |callback| has been run. |
121 CRYPTO_EXPORT void InitializeTPMTokenAndSystemSlot( | 117 CRYPTO_EXPORT void InitializeTPMTokenAndSystemSlot( |
122 int system_slot_id, | 118 int system_slot_id, |
123 const base::Callback<void(bool)>& callback); | 119 const base::Callback<void(bool)>& callback); |
124 | |
125 // Exposed for unittests only. | |
126 class CRYPTO_EXPORT_PRIVATE ScopedTestNSSChromeOSUser { | |
127 public: | |
128 explicit ScopedTestNSSChromeOSUser(const std::string& username_hash); | |
129 ~ScopedTestNSSChromeOSUser(); | |
130 | |
131 std::string username_hash() const { return username_hash_; } | |
132 bool constructed_successfully() const { return constructed_successfully_; } | |
133 | |
134 // Completes initialization of user. Causes any waiting private slot callbacks | |
135 // to run. | |
136 void FinishInit(); | |
137 | |
138 private: | |
139 const std::string username_hash_; | |
140 base::ScopedTempDir temp_dir_; | |
141 bool constructed_successfully_; | |
142 DISALLOW_COPY_AND_ASSIGN(ScopedTestNSSChromeOSUser); | |
143 }; | |
144 #endif | 120 #endif |
145 | 121 |
146 // Convert a NSS PRTime value into a base::Time object. | 122 // Convert a NSS PRTime value into a base::Time object. |
147 // We use a int64 instead of PRTime here to avoid depending on NSPR headers. | 123 // We use a int64 instead of PRTime here to avoid depending on NSPR headers. |
148 CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64 prtime); | 124 CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64 prtime); |
149 | 125 |
150 // Convert a base::Time object into a PRTime value. | 126 // Convert a base::Time object into a PRTime value. |
151 // We use a int64 instead of PRTime here to avoid depending on NSPR headers. | 127 // We use a int64 instead of PRTime here to avoid depending on NSPR headers. |
152 CRYPTO_EXPORT int64 BaseTimeToPRTime(base::Time time); | 128 CRYPTO_EXPORT int64 BaseTimeToPRTime(base::Time time); |
153 | 129 |
154 #if defined(USE_NSS) | 130 #if defined(USE_NSS) |
155 // Exposed for unittests only. | |
156 // TODO(mattm): When NSS 3.14 is the minimum version required, | |
157 // switch back to using a separate user DB for each test. | |
158 // Because of https://bugzilla.mozilla.org/show_bug.cgi?id=588269 , the | |
159 // opened user DB is not automatically closed. | |
160 class CRYPTO_EXPORT_PRIVATE ScopedTestNSSDB { | |
161 public: | |
162 ScopedTestNSSDB(); | |
163 ~ScopedTestNSSDB(); | |
164 | |
165 bool is_open() { return is_open_; } | |
166 | |
167 private: | |
168 bool is_open_; | |
169 DISALLOW_COPY_AND_ASSIGN(ScopedTestNSSDB); | |
170 }; | |
171 | |
172 // NSS has a bug which can cause a deadlock or stall in some cases when writing | 131 // NSS has a bug which can cause a deadlock or stall in some cases when writing |
173 // to the certDB and keyDB. It also has a bug which causes concurrent key pair | 132 // to the certDB and keyDB. It also has a bug which causes concurrent key pair |
174 // generations to scribble over each other. To work around this, we synchronize | 133 // generations to scribble over each other. To work around this, we synchronize |
175 // writes to the NSS databases with a global lock. The lock is hidden beneath a | 134 // writes to the NSS databases with a global lock. The lock is hidden beneath a |
176 // function for easy disabling when the bug is fixed. Callers should allow for | 135 // function for easy disabling when the bug is fixed. Callers should allow for |
177 // it to return NULL in the future. | 136 // it to return NULL in the future. |
178 // | 137 // |
179 // See https://bugzilla.mozilla.org/show_bug.cgi?id=564011 | 138 // See https://bugzilla.mozilla.org/show_bug.cgi?id=564011 |
180 base::Lock* GetNSSWriteLock(); | 139 base::Lock* GetNSSWriteLock(); |
181 | 140 |
182 // A helper class that acquires the NSS write Lock while the AutoNSSWriteLock | 141 // A helper class that acquires the NSS write Lock while the AutoNSSWriteLock |
183 // is in scope. | 142 // is in scope. |
184 class CRYPTO_EXPORT AutoNSSWriteLock { | 143 class CRYPTO_EXPORT AutoNSSWriteLock { |
185 public: | 144 public: |
186 AutoNSSWriteLock(); | 145 AutoNSSWriteLock(); |
187 ~AutoNSSWriteLock(); | 146 ~AutoNSSWriteLock(); |
188 private: | 147 private: |
189 base::Lock *lock_; | 148 base::Lock *lock_; |
190 DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); | 149 DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); |
191 }; | 150 }; |
192 | |
193 #endif // defined(USE_NSS) | 151 #endif // defined(USE_NSS) |
194 | 152 |
195 } // namespace crypto | 153 } // namespace crypto |
196 | 154 |
197 #endif // CRYPTO_NSS_UTIL_H_ | 155 #endif // CRYPTO_NSS_UTIL_H_ |
OLD | NEW |