Enable system NSS key slot.

crypto/nss_util.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "crypto/nss_util.h"
 #include "crypto/nss_util_internal.h"
 
 #include <nss.h>
 #include <pk11pub.h>
 #include <plarena.h>
@@ skipping 561 matching lines @@
     DCHECK(i != chromeos_user_map_.end());
     delete i->second;
     chromeos_user_map_.erase(i);
   }
 
   void SetSystemKeySlotForTesting(ScopedPK11Slot slot) {
     // Ensure that a previous value of test_system_slot_ is not overwritten.
     // Unsetting, i.e. setting a NULL, however is allowed.
     DCHECK(!slot || !test_system_slot_);
     test_system_slot_ = slot.Pass();
+    if (test_system_slot_) {
+      EnableTPMTokenForNSS();

[pneubeck (no reviews), 2014/07/31 06:31:25]

This one should actually not be necessary and I'll remove it.
Then, all effects of the ScopedTestSystemNSSKeySlot should be reverted on
destrction.

+      tpm_slot_.reset(PK11_ReferenceSlot(test_system_slot_.get()));

[mattm, 2014/07/30 22:57:34]

need to call tpm_ready_callback_list_ callbacks too?

[pneubeck (no reviews), 2014/07/31 06:31:25]

These callbacks are usually triggered by a InitializeTPMTokenAndSystemSlot call
from TPMTokenLoader.
However, in all tests that we currently have, the TPMTokenLoader skips this
initialization, see tpm_token_loader.cc:139 
  if (!base::SysInfo::IsRunningOnChromeOS())
    tpm_token_state_ = TPM_DISABLED;

Accordingly, currently no test can rely on the callbacks to be called, instead
they all assume that the TPM is disabled and instead software slots are set.

IMO very ugly, but I can't fix this in this CL.

[mattm, 2014/07/31 10:29:30]

Right, my point was when the test uses software slots for the system slot, the
code being tested that uses GetSystemNSSKeySlot would expect the callbacks to be
called.  Is the issue that tpm_ready_callback_list_ is used for signalling both
"tpm ready" and "system slot ready"?

[pneubeck (no reviews), 2014/07/31 10:48:54]

Setting tpm_slot_ toggles IsTPMTokenReady to true (which actually means "TPM
token for system slot is ready") and thus GetSsytemNSSKeySlot immediately
returns without using tpm_ready_callback_list_ .

[pneubeck (no reviews), 2014/08/01 10:02:28]

Thinking about this again, I see now what you mean.
I changed it to call the callbacks of tpm_ready_callback_list_.

+    } else {
+      tpm_slot_.reset();
+    }
   }
 #endif  // defined(OS_CHROMEOS)
 
 #if !defined(OS_CHROMEOS)
   PK11SlotInfo* GetPersistentNSSKeySlot() {
     // TODO(mattm): Change to DCHECK when callers have been fixed.
     if (!thread_checker_.CalledOnValidThread()) {
       DVLOG(1) << "Called on wrong thread.\n"
                << base::debug::StackTrace().ToString();
     }
@@ skipping 415 matching lines @@
 }
 #endif  // defined(USE_NSS)
 
 #if defined(OS_CHROMEOS)
 ScopedPK11Slot GetSystemNSSKeySlot(
     const base::Callback<void(ScopedPK11Slot)>& callback) {
   return g_nss_singleton.Get().GetSystemNSSKeySlot(callback);
 }
 
 void SetSystemKeySlotForTesting(ScopedPK11Slot slot) {
-  g_nss_singleton.Get().SetSystemKeySlotForTesting(ScopedPK11Slot());
+  g_nss_singleton.Get().SetSystemKeySlotForTesting(slot.Pass());
 }
 
 void EnableTPMTokenForNSS() {
   g_nss_singleton.Get().EnableTPMTokenForNSS();
 }
 
 bool IsTPMTokenEnabledForNSS() {
   return g_nss_singleton.Get().IsTPMTokenEnabledForNSS();
 }
 
@@ skipping 62 matching lines @@
   return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue();
 }
 
 #if !defined(OS_CHROMEOS)
 PK11SlotInfo* GetPersistentNSSKeySlot() {
   return g_nss_singleton.Get().GetPersistentNSSKeySlot();
 }
 #endif
 
 }  // namespace crypto