OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CRYPTO_NSS_UTIL_H_ | 5 #ifndef CRYPTO_NSS_UTIL_H_ |
6 #define CRYPTO_NSS_UTIL_H_ | 6 #define CRYPTO_NSS_UTIL_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
10 #include "base/callback.h" | 10 #include "base/callback.h" |
11 #include "base/compiler_specific.h" | 11 #include "base/compiler_specific.h" |
12 #include "base/files/scoped_temp_dir.h" | 12 #include "base/files/scoped_temp_dir.h" |
13 #include "crypto/crypto_export.h" | 13 #include "crypto/crypto_export.h" |
14 | 14 |
15 namespace base { | 15 namespace base { |
16 class FilePath; | 16 class FilePath; |
17 class Lock; | 17 class Lock; |
18 class Time; | 18 class Time; |
19 } // namespace base | 19 } // namespace base |
20 | 20 |
21 // This file specifically doesn't depend on any NSS or NSPR headers because it | 21 // This file specifically doesn't depend on any NSS or NSPR headers because it |
22 // is included by various (non-crypto) parts of chrome to call the | 22 // is included by various (non-crypto) parts of chrome to call the |
23 // initialization functions. | 23 // initialization functions. |
24 namespace crypto { | 24 namespace crypto { |
25 | 25 |
26 // The TPMToken name used for the NSS slot opened by ScopedTestNSSDB. | 26 class ScopedTestNSSDB; |
27 CRYPTO_EXPORT extern const char kTestTPMTokenName[]; | |
28 | 27 |
29 #if defined(USE_NSS) | 28 #if defined(USE_NSS) |
30 // EarlySetupForNSSInit performs lightweight setup which must occur before the | 29 // EarlySetupForNSSInit performs lightweight setup which must occur before the |
31 // process goes multithreaded. This does not initialise NSS. For test, see | 30 // process goes multithreaded. This does not initialise NSS. For test, see |
32 // EnsureNSSInit. | 31 // EnsureNSSInit. |
33 CRYPTO_EXPORT void EarlySetupForNSSInit(); | 32 CRYPTO_EXPORT void EarlySetupForNSSInit(); |
34 #endif | 33 #endif |
35 | 34 |
36 // Initialize NRPR if it isn't already initialized. This function is | 35 // Initialize NRPR if it isn't already initialized. This function is |
37 // thread-safe, and NSPR will only ever be initialized once. | 36 // thread-safe, and NSPR will only ever be initialized once. |
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
145 | 144 |
146 // Convert a NSS PRTime value into a base::Time object. | 145 // Convert a NSS PRTime value into a base::Time object. |
147 // We use a int64 instead of PRTime here to avoid depending on NSPR headers. | 146 // We use a int64 instead of PRTime here to avoid depending on NSPR headers. |
148 CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64 prtime); | 147 CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64 prtime); |
149 | 148 |
150 // Convert a base::Time object into a PRTime value. | 149 // Convert a base::Time object into a PRTime value. |
151 // We use a int64 instead of PRTime here to avoid depending on NSPR headers. | 150 // We use a int64 instead of PRTime here to avoid depending on NSPR headers. |
152 CRYPTO_EXPORT int64 BaseTimeToPRTime(base::Time time); | 151 CRYPTO_EXPORT int64 BaseTimeToPRTime(base::Time time); |
153 | 152 |
154 #if defined(USE_NSS) | 153 #if defined(USE_NSS) |
155 // Exposed for unittests only. | 154 #if defined(OS_CHROMEOS) |
156 // TODO(mattm): When NSS 3.14 is the minimum version required, | 155 // Exposed for tests only. |
157 // switch back to using a separate user DB for each test. | 156 class CRYPTO_EXPORT_PRIVATE ScopedTestSystemNSSKeySlot { |
Ryan Sleevi
2014/07/22 01:25:32
1) Document more what this does - and what it affe
pneubeck (no reviews)
2014/07/22 08:34:30
ACK. I only placed it here because of ScopedTestNS
pneubeck (no reviews)
2014/07/22 14:11:05
One other reason why I put it here was that it acc
| |
158 // Because of https://bugzilla.mozilla.org/show_bug.cgi?id=588269 , the | |
159 // opened user DB is not automatically closed. | |
160 class CRYPTO_EXPORT_PRIVATE ScopedTestNSSDB { | |
161 public: | 157 public: |
162 ScopedTestNSSDB(); | 158 explicit ScopedTestSystemNSSKeySlot(); |
163 ~ScopedTestNSSDB(); | 159 ~ScopedTestSystemNSSKeySlot(); |
164 | 160 |
165 bool is_open() { return is_open_; } | 161 bool ConstructedSuccessfully() const; |
166 | 162 |
167 private: | 163 private: |
168 bool is_open_; | 164 scoped_ptr<ScopedTestNSSDB> test_db_; |
169 DISALLOW_COPY_AND_ASSIGN(ScopedTestNSSDB); | 165 |
166 DISALLOW_COPY_AND_ASSIGN(ScopedTestSystemNSSKeySlot); | |
170 }; | 167 }; |
168 #endif | |
171 | 169 |
172 // NSS has a bug which can cause a deadlock or stall in some cases when writing | 170 // NSS has a bug which can cause a deadlock or stall in some cases when writing |
173 // to the certDB and keyDB. It also has a bug which causes concurrent key pair | 171 // to the certDB and keyDB. It also has a bug which causes concurrent key pair |
174 // generations to scribble over each other. To work around this, we synchronize | 172 // generations to scribble over each other. To work around this, we synchronize |
175 // writes to the NSS databases with a global lock. The lock is hidden beneath a | 173 // writes to the NSS databases with a global lock. The lock is hidden beneath a |
176 // function for easy disabling when the bug is fixed. Callers should allow for | 174 // function for easy disabling when the bug is fixed. Callers should allow for |
177 // it to return NULL in the future. | 175 // it to return NULL in the future. |
178 // | 176 // |
179 // See https://bugzilla.mozilla.org/show_bug.cgi?id=564011 | 177 // See https://bugzilla.mozilla.org/show_bug.cgi?id=564011 |
180 base::Lock* GetNSSWriteLock(); | 178 base::Lock* GetNSSWriteLock(); |
181 | 179 |
182 // A helper class that acquires the NSS write Lock while the AutoNSSWriteLock | 180 // A helper class that acquires the NSS write Lock while the AutoNSSWriteLock |
183 // is in scope. | 181 // is in scope. |
184 class CRYPTO_EXPORT AutoNSSWriteLock { | 182 class CRYPTO_EXPORT AutoNSSWriteLock { |
185 public: | 183 public: |
186 AutoNSSWriteLock(); | 184 AutoNSSWriteLock(); |
187 ~AutoNSSWriteLock(); | 185 ~AutoNSSWriteLock(); |
188 private: | 186 private: |
189 base::Lock *lock_; | 187 base::Lock *lock_; |
190 DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); | 188 DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); |
191 }; | 189 }; |
192 | 190 |
193 #endif // defined(USE_NSS) | 191 #endif // defined(USE_NSS) |
194 | 192 |
195 } // namespace crypto | 193 } // namespace crypto |
196 | 194 |
197 #endif // CRYPTO_NSS_UTIL_H_ | 195 #endif // CRYPTO_NSS_UTIL_H_ |
OLD | NEW |