Add NSS PKCS12 import/export functions to CertDatabase.

Use sql: prefix when opening NSS UserDB (this will affect existing Chromeos installations, which had been using the old berkelydb format.) BUG=19991,51327,51328,51330,51332 TEST=net/base/cert_database_nss_unittest.cc Review URL: http://codereview.chromium.org/3018038 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55798 0039d316-1c4b-4281-b951-d872f2087c98
author: mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-08-11 22:03:39 +0000
committer: mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-08-11 22:03:39 +0000
commit: 5c8e00570c198b8705f5674a1e18518a186f7fbb (patch)
tree: ebc85145c09acb9d45e6dd7ee0c967bd2e928db6 /base
parent: c113e9510e7135107358db42397c0797c83ab12f (diff)
download: chromium_src-5c8e00570c198b8705f5674a1e18518a186f7fbb.zip
chromium_src-5c8e00570c198b8705f5674a1e18518a186f7fbb.tar.gz
chromium_src-5c8e00570c198b8705f5674a1e18518a186f7fbb.tar.bz2
2 files changed, 48 insertions, 7 deletions
diff --git a/base/nss_util.cc b/base/nss_util.cc
index cd44fed..d4ace40 100644
--- a/base/nss_util.cc
+++ b/base/nss_util.cc
@@ -127,6 +127,7 @@ class NSSInitSingleton {
  public:
   NSSInitSingleton()
       : real_db_slot_(NULL),
+        test_db_slot_(NULL),
         root_(NULL),
         chromeos_user_logged_in_(false) {
     base::EnsureNSPRInit();
@@ -218,6 +219,7 @@ class NSSInitSingleton {
       PK11_FreeSlot(real_db_slot_);
       real_db_slot_ = NULL;
     }
+    CloseTestNSSDB();
     if (root_) {
       SECMOD_UnloadUserModule(root_);
       SECMOD_DestroyModule(root_);
@@ -237,23 +239,33 @@ class NSSInitSingleton {
   void OpenPersistentNSSDB() {
     if (!chromeos_user_logged_in_) {
       chromeos_user_logged_in_ = true;
+      real_db_slot_ = OpenUserDB(GetDefaultConfigDirectory(),
+                                 "Real NSS database");
 
-      const std::string modspec =
-          StringPrintf("configDir='%s' tokenDescription='Real NSS database'",
-                       GetDefaultConfigDirectory().value().c_str());
-      real_db_slot_ = SECMOD_OpenUserDB(modspec.c_str());
       if (real_db_slot_ == NULL) {
         LOG(ERROR) << "Error opening persistent database (" << modspec
                    << "): NSS error code " << PR_GetError();
-      } else {
-        if (PK11_NeedUserInit(real_db_slot_))
-          PK11_InitPin(real_db_slot_, NULL, NULL);
       }
     }
   }
 #endif  // defined(OS_CHROMEOS)
 
+  bool OpenTestNSSDB(const FilePath& path, const char* description) {
+    test_db_slot_ = OpenUserDB(path, description);
+    return !!test_db_slot_;
+  }
+
+  void CloseTestNSSDB() {
+    if (test_db_slot_) {
+      SECMOD_CloseUserDB(test_db_slot_);
+      PK11_FreeSlot(test_db_slot_);
+      test_db_slot_ = NULL;
+    }
+  }
+
   PK11SlotInfo* GetDefaultKeySlot() {
+    if (test_db_slot_)
+      return PK11_ReferenceSlot(test_db_slot_);
     if (real_db_slot_)
       return PK11_ReferenceSlot(real_db_slot_);
     return PK11_GetInternalKeySlot();
@@ -266,7 +278,21 @@ class NSSInitSingleton {
 #endif  // defined(USE_NSS)
 
  private:
+  static PK11SlotInfo* OpenUserDB(const FilePath& path,
+                                  const char* description) {
+    const std::string modspec =
+        StringPrintf("configDir='sql:%s' tokenDescription='%s'",
+                     path.value().c_str(), description);
+    PK11SlotInfo* db_slot = SECMOD_OpenUserDB(modspec.c_str());
+    if (db_slot) {
+      if (PK11_NeedUserInit(db_slot))
+        PK11_InitPin(db_slot, NULL, NULL);
+    }
+    return db_slot;
+  }
+
   PK11SlotInfo* real_db_slot_;  // Overrides internal key slot if non-NULL.
+  PK11SlotInfo* test_db_slot_;  // Overrides internal key slot and real_db_slot_
   SECMODModule *root_;
   bool chromeos_user_logged_in_;
 #if defined(USE_NSS)
@@ -287,6 +313,14 @@ void EnsureNSSInit() {
 }
 
 #if defined(USE_NSS)
+bool OpenTestNSSDB(const FilePath& path, const char* description) {
+  return Singleton<NSSInitSingleton>::get()->OpenTestNSSDB(path, description);
+}
+
+void CloseTestNSSDB() {
+  Singleton<NSSInitSingleton>::get()->CloseTestNSSDB();
+}
+
 Lock* GetNSSWriteLock() {
   return Singleton<NSSInitSingleton>::get()->write_lock();
 }
diff --git a/base/nss_util.h b/base/nss_util.h
index b869e46..15b624c 100644
--- a/base/nss_util.h
+++ b/base/nss_util.h
@@ -9,6 +9,7 @@
 #include "base/basictypes.h"
 
 #if defined(USE_NSS)
+class FilePath;
 class Lock;
 #endif  // defined(USE_NSS)
 
@@ -39,6 +40,12 @@ void OpenPersistentNSSDB();
 Time PRTimeToBaseTime(int64 prtime);
 
 #if defined(USE_NSS)
+// Exposed for unittests only.  |path| should be an existing directory under
+// which the DB files will be placed.  |description| is a user-visible name for
+// the DB, as a utf8 string, which will be truncated at 32 bytes.
+bool OpenTestNSSDB(const FilePath& path, const char* description);
+void CloseTestNSSDB();
+
 // NSS has a bug which can cause a deadlock or stall in some cases when writing
 // to the certDB and keyDB. It also has a bug which causes concurrent key pair
 // generations to scribble over each other. To work around this, we synchronize
author	mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-08-11 22:03:39 +0000
committer	mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-08-11 22:03:39 +0000
commit	5c8e00570c198b8705f5674a1e18518a186f7fbb (patch)
tree	ebc85145c09acb9d45e6dd7ee0c967bd2e928db6 /base
parent	c113e9510e7135107358db42397c0797c83ab12f (diff)
download	chromium_src-5c8e00570c198b8705f5674a1e18518a186f7fbb.zip chromium_src-5c8e00570c198b8705f5674a1e18518a186f7fbb.tar.gz chromium_src-5c8e00570c198b8705f5674a1e18518a186f7fbb.tar.bz2