OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/nss_util.h" | 5 #include "base/nss_util.h" |
6 #include "base/nss_util_internal.h" | 6 #include "base/nss_util_internal.h" |
7 | 7 |
8 #include <nss.h> | 8 #include <nss.h> |
9 #include <plarena.h> | 9 #include <plarena.h> |
10 #include <prerror.h> | 10 #include <prerror.h> |
(...skipping 11 matching lines...) Expand all Loading... |
22 #include "base/lazy_instance.h" | 22 #include "base/lazy_instance.h" |
23 #include "base/logging.h" | 23 #include "base/logging.h" |
24 #include "base/stringprintf.h" | 24 #include "base/stringprintf.h" |
25 #include "base/threading/thread_restrictions.h" | 25 #include "base/threading/thread_restrictions.h" |
26 | 26 |
27 // USE_NSS means we use NSS for everything crypto-related. If USE_NSS is not | 27 // USE_NSS means we use NSS for everything crypto-related. If USE_NSS is not |
28 // defined, such as on Mac and Windows, we use NSS for SSL only -- we don't | 28 // defined, such as on Mac and Windows, we use NSS for SSL only -- we don't |
29 // use NSS for crypto or certificate verification, and we don't use the NSS | 29 // use NSS for crypto or certificate verification, and we don't use the NSS |
30 // certificate and key databases. | 30 // certificate and key databases. |
31 #if defined(USE_NSS) | 31 #if defined(USE_NSS) |
| 32 #include "base/crypto/pk11_blocking_password_delegate.h" |
32 #include "base/environment.h" | 33 #include "base/environment.h" |
33 #include "base/lock.h" | 34 #include "base/lock.h" |
34 #include "base/scoped_ptr.h" | 35 #include "base/scoped_ptr.h" |
35 #endif // defined(USE_NSS) | 36 #endif // defined(USE_NSS) |
36 | 37 |
37 namespace base { | 38 namespace base { |
38 | 39 |
39 namespace { | 40 namespace { |
40 | 41 |
41 #if defined(USE_NSS) | 42 #if defined(USE_NSS) |
(...skipping 20 matching lines...) Expand all Loading... |
62 FilePath GetInitialConfigDirectory() { | 63 FilePath GetInitialConfigDirectory() { |
63 #if defined(OS_CHROMEOS) | 64 #if defined(OS_CHROMEOS) |
64 static const FilePath::CharType kReadOnlyCertDB[] = | 65 static const FilePath::CharType kReadOnlyCertDB[] = |
65 FILE_PATH_LITERAL("/etc/fake_root_ca/nssdb"); | 66 FILE_PATH_LITERAL("/etc/fake_root_ca/nssdb"); |
66 return FilePath(kReadOnlyCertDB); | 67 return FilePath(kReadOnlyCertDB); |
67 #else | 68 #else |
68 return GetDefaultConfigDirectory(); | 69 return GetDefaultConfigDirectory(); |
69 #endif // defined(OS_CHROMEOS) | 70 #endif // defined(OS_CHROMEOS) |
70 } | 71 } |
71 | 72 |
| 73 // This callback for NSS forwards all requests to a caller-specified |
| 74 // PK11BlockingPasswordDelegate object. |
| 75 char* PK11PasswordFunc(PK11SlotInfo* slot, PRBool retry, void* arg) { |
| 76 base::PK11BlockingPasswordDelegate* delegate = |
| 77 reinterpret_cast<base::PK11BlockingPasswordDelegate*>(arg); |
| 78 if (delegate) { |
| 79 bool cancelled = false; |
| 80 std::string password = delegate->RequestPassword(PK11_GetTokenName(slot), |
| 81 retry != PR_FALSE, |
| 82 &cancelled); |
| 83 if (cancelled) |
| 84 return NULL; |
| 85 char* result = PORT_Strdup(password.c_str()); |
| 86 password.replace(0, password.size(), password.size(), 0); |
| 87 return result; |
| 88 } |
| 89 DLOG(ERROR) << "PK11 password requested with NULL arg"; |
| 90 return NULL; |
| 91 } |
| 92 |
72 // NSS creates a local cache of the sqlite database if it detects that the | 93 // NSS creates a local cache of the sqlite database if it detects that the |
73 // filesystem the database is on is much slower than the local disk. The | 94 // filesystem the database is on is much slower than the local disk. The |
74 // detection doesn't work with the latest versions of sqlite, such as 3.6.22 | 95 // detection doesn't work with the latest versions of sqlite, such as 3.6.22 |
75 // (NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=578561). So we set | 96 // (NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=578561). So we set |
76 // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's | 97 // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's |
77 // detection when database_dir is on NFS. See http://crbug.com/48585. | 98 // detection when database_dir is on NFS. See http://crbug.com/48585. |
78 // | 99 // |
79 // TODO(wtc): port this function to other USE_NSS platforms. It is defined | 100 // TODO(wtc): port this function to other USE_NSS platforms. It is defined |
80 // only for OS_LINUX simply because the statfs structure is OS-specific. | 101 // only for OS_LINUX simply because the statfs structure is OS-specific. |
81 void UseLocalCacheOfNSSDatabaseIfNFS(const FilePath& database_dir) { | 102 void UseLocalCacheOfNSSDatabaseIfNFS(const FilePath& database_dir) { |
(...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
240 LOG(WARNING) << "Initialize NSS without a persistent database " | 261 LOG(WARNING) << "Initialize NSS without a persistent database " |
241 "(~/.pki/nssdb)."; | 262 "(~/.pki/nssdb)."; |
242 status = NSS_NoDB_Init(NULL); | 263 status = NSS_NoDB_Init(NULL); |
243 if (status != SECSuccess) { | 264 if (status != SECSuccess) { |
244 LOG(ERROR) << "Error initializing NSS without a persistent " | 265 LOG(ERROR) << "Error initializing NSS without a persistent " |
245 "database: NSS error code " << PR_GetError(); | 266 "database: NSS error code " << PR_GetError(); |
246 return; | 267 return; |
247 } | 268 } |
248 } | 269 } |
249 | 270 |
| 271 PK11_SetPasswordFunc(PK11PasswordFunc); |
| 272 |
250 // If we haven't initialized the password for the NSS databases, | 273 // If we haven't initialized the password for the NSS databases, |
251 // initialize an empty-string password so that we don't need to | 274 // initialize an empty-string password so that we don't need to |
252 // log in. | 275 // log in. |
253 PK11SlotInfo* slot = PK11_GetInternalKeySlot(); | 276 PK11SlotInfo* slot = PK11_GetInternalKeySlot(); |
254 if (slot) { | 277 if (slot) { |
255 // PK11_InitPin may write to the keyDB, but no other thread can use NSS | 278 // PK11_InitPin may write to the keyDB, but no other thread can use NSS |
256 // yet, so we don't need to lock. | 279 // yet, so we don't need to lock. |
257 if (PK11_NeedUserInit(slot)) | 280 if (PK11_NeedUserInit(slot)) |
258 PK11_InitPin(slot, NULL, NULL); | 281 PK11_InitPin(slot, NULL, NULL); |
259 PK11_FreeSlot(slot); | 282 PK11_FreeSlot(slot); |
(...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
387 exploded.millisecond = prxtime.tm_usec / 1000; | 410 exploded.millisecond = prxtime.tm_usec / 1000; |
388 | 411 |
389 return Time::FromUTCExploded(exploded); | 412 return Time::FromUTCExploded(exploded); |
390 } | 413 } |
391 | 414 |
392 PK11SlotInfo* GetDefaultNSSKeySlot() { | 415 PK11SlotInfo* GetDefaultNSSKeySlot() { |
393 return g_nss_singleton.Get().GetDefaultKeySlot(); | 416 return g_nss_singleton.Get().GetDefaultKeySlot(); |
394 } | 417 } |
395 | 418 |
396 } // namespace base | 419 } // namespace base |
OLD | NEW |