diff options
author | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-07-18 10:57:07 +0000 |
---|---|---|
committer | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-07-18 10:57:07 +0000 |
commit | 83e1ae34e3774ba031cec21aaa14aa081734e5d1 (patch) | |
tree | 78ccc411ac13983f467c1825a7c3cd92dd717dbb /crypto/nss_util.cc | |
parent | fdc67c496828c005b108be85730a4b830bd3b69b (diff) | |
download | chromium_src-83e1ae34e3774ba031cec21aaa14aa081734e5d1.zip chromium_src-83e1ae34e3774ba031cec21aaa14aa081734e5d1.tar.gz chromium_src-83e1ae34e3774ba031cec21aaa14aa081734e5d1.tar.bz2 |
Remove NSSCertDatabase from ClientCertStoreChromeOS unittest.
The database was only used to import a PKCS#12 file. By changing to separate key (PKCS#8 format) and cert (X509 in PEM encoding), only dependencies on the lower level RSAPrivateKey, X509Certificate and PK11_* NSS functions are required.
Note this removes at the same time a call to the deprecated NSSCertDatabase::GetInstance().
Also
- fixes multi profile cases of the unit test and the CA matching (the latter is now identical to all other platforms).
- fixes a bug in the matching of client certs from software slots, because of reused cert database names
- gets rid of the error output that occurred during the PKCS12 import because the file contained also a CA cert:
[ERROR:nsPKCS12Blob.cpp(219)] Could not grab a handle to the certificate in the slot from the corresponding PKCS#12 DER certificate.
BUG=210525, 329735,315285
Review URL: https://codereview.chromium.org/394013005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@284056 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto/nss_util.cc')
-rw-r--r-- | crypto/nss_util.cc | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc index ea4b59c..f6b6133 100644 --- a/crypto/nss_util.cc +++ b/crypto/nss_util.cc @@ -57,7 +57,7 @@ namespace crypto { namespace { #if defined(OS_CHROMEOS) -const char kNSSDatabaseName[] = "Real NSS database"; +const char kUserNSSDatabaseName[] = "UserNSSDB"; // Constants for loading the Chrome OS TPM-backed PKCS #11 library. const char kChapsModuleName[] = "Chaps"; @@ -287,7 +287,8 @@ class NSSInitSingleton { PK11SlotInfo* tpm_slot; }; - PK11SlotInfo* OpenPersistentNSSDBForPath(const base::FilePath& path) { + PK11SlotInfo* OpenPersistentNSSDBForPath(const std::string& db_name, + const base::FilePath& path) { DCHECK(thread_checker_.CalledOnValidThread()); // NSS is allowed to do IO on the current thread since dispatching // to a dedicated thread would still have the affect of blocking @@ -299,7 +300,7 @@ class NSSInitSingleton { LOG(ERROR) << "Failed to create " << nssdb_path.value() << " directory."; return NULL; } - return OpenUserDB(nssdb_path, kNSSDatabaseName); + return OpenUserDB(nssdb_path, db_name); } void EnableTPMTokenForNSS() { @@ -469,7 +470,9 @@ class NSSInitSingleton { return false; DVLOG(2) << "Opening NSS DB " << path.value(); - ScopedPK11Slot public_slot(OpenPersistentNSSDBForPath(path)); + std::string db_name = base::StringPrintf( + "%s %s", kUserNSSDatabaseName, username_hash.c_str()); + ScopedPK11Slot public_slot(OpenPersistentNSSDBForPath(db_name, path)); chromeos_user_map_[username_hash] = new ChromeOSUserData(public_slot.Pass()); return true; @@ -861,10 +864,11 @@ class NSSInitSingleton { #endif static PK11SlotInfo* OpenUserDB(const base::FilePath& path, - const char* description) { + const std::string& description) { const std::string modspec = base::StringPrintf("configDir='sql:%s' tokenDescription='%s'", - path.value().c_str(), description); + path.value().c_str(), + description.c_str()); PK11SlotInfo* db_slot = SECMOD_OpenUserDB(modspec.c_str()); if (db_slot) { if (PK11_NeedUserInit(db_slot)) |