From 8691334ecdc7857effcf15a4638d543b3c8881b0 Mon Sep 17 00:00:00 2001
From: "ukai@chromium.org"
 <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Mon, 25 May 2009 02:14:34 +0000
Subject: Initialize NSS with databases.

BUG=12348
TEST=rm -rf ~/.pki/nssdb; visit https://bugs.webkit.org/ then ~/.pki/nssdb is created.

Review URL: http://codereview.chromium.org/115626

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@16845 0039d316-1c4b-4281-b951-d872f2087c98
---
 base/nss_init.cc | 32 +++++++++++++++++++++++++++++---
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/base/nss_init.cc b/base/nss_init.cc
index 3a90732..9f83898 100644
--- a/base/nss_init.cc
+++ b/base/nss_init.cc
@@ -19,9 +19,25 @@
 #include "base/file_util.h"
 #include "base/logging.h"
 #include "base/singleton.h"
+#include "base/string_util.h"
 
 namespace {
 
+std::string GetDefaultConfigDirectory() {
+  const char* home = getenv("HOME");
+  if (home == NULL) {
+    LOG(ERROR) << "$HOME is not set.";
+    return "";
+  }
+  FilePath dir(home);
+  dir = dir.AppendASCII(".pki").AppendASCII("nssdb");
+  if (!file_util::CreateDirectory(dir)) {
+    LOG(ERROR) << "Failed to create ~/.pki/nssdb directory.";
+    return "";
+  }
+  return dir.value();
+}
+
 // Load nss's built-in root certs.
 SECMODModule *InitDefaultRootCerts() {
   const char* kModulePath = "libnssckbi.so";
@@ -41,15 +57,25 @@ SECMODModule *InitDefaultRootCerts() {
 class NSSInitSingleton {
  public:
   NSSInitSingleton() {
-    // Initialize without using a persistant database (e.g. ~/.netscape)
-    SECStatus status = NSS_NoDB_Init(".");
+    SECStatus status;
+    std::string database_dir = GetDefaultConfigDirectory();
+    if (!database_dir.empty()) {
+      // Initialize with a persistant database (~/.pki/nssdb).
+      // Use "sql:" which can be shared by multiple processes safely.
+      status = NSS_InitReadWrite(
+          StringPrintf("sql:%s", database_dir.c_str()).c_str());
+    } else {
+      LOG(WARNING) << "Initialize NSS without using a persistent database "
+                   << "(~/.pki/nssdb).";
+      status = NSS_NoDB_Init(".");
+    }
     if (status != SECSuccess) {
       char buffer[513] = "Couldn't retrieve error";
       PRInt32 err_length = PR_GetErrorTextLength();
       if (err_length > 0 && static_cast<size_t>(err_length) < sizeof(buffer))
         PR_GetErrorText(buffer);
 
-      NOTREACHED() << "Error calling NSS_NoDB_Init: " << buffer;
+      NOTREACHED() << "Error initializing NSS: " << buffer;
     }
 
     root_ = InitDefaultRootCerts();
-- 
cgit v1.1