blob: dc58031ce5dd63ea11f1c704c711df545442c081 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "crypto/scoped_test_nss_db.h"
#include <cert.h>
#include "base/logging.h"
#include "base/threading/thread_restrictions.h"
#include "crypto/nss_util.h"
#include "crypto/nss_util_internal.h"
namespace crypto {
ScopedTestNSSDB::ScopedTestNSSDB() {
EnsureNSSInit();
// NSS is allowed to do IO on the current thread since dispatching
// to a dedicated thread would still have the affect of blocking
// the current thread, due to NSS's internal locking requirements
base::ThreadRestrictions::ScopedAllowIO allow_io;
if (!temp_dir_.CreateUniqueTempDir())
return;
const char kTestDescription[] = "Test DB";
slot_ = OpenSoftwareNSSDB(temp_dir_.path(), kTestDescription);
}
ScopedTestNSSDB::~ScopedTestNSSDB() {
// Remove trust from any certs in the test DB before closing it. Otherwise NSS
// may cache verification results even after the test DB is gone.
if (slot_) {
CERTCertList* cert_list = PK11_ListCertsInSlot(slot_.get());
for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
!CERT_LIST_END(node, cert_list);
node = CERT_LIST_NEXT(node)) {
CERTCertTrust trust = {0};
if (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), node->cert, &trust) !=
SECSuccess) {
LOG(ERROR) << "CERT_ChangeCertTrust failed: " << PORT_GetError();
}
}
CERT_DestroyCertList(cert_list);
}
// Don't close when NSS is < 3.15.1, because it would require an additional
// sleep for 1 second after closing the database, due to
// http://bugzil.la/875601.
if (!NSS_VersionCheck("3.15.1")) {
LOG(ERROR) << "NSS version is < 3.15.1, test DB will not be closed.";
temp_dir_.Take();
return;
}
// NSS is allowed to do IO on the current thread since dispatching
// to a dedicated thread would still have the affect of blocking
// the current thread, due to NSS's internal locking requirements
base::ThreadRestrictions::ScopedAllowIO allow_io;
if (slot_) {
SECStatus status = SECMOD_CloseUserDB(slot_.get());
if (status != SECSuccess)
PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError();
}
if (!temp_dir_.Delete())
LOG(ERROR) << "Could not delete temporary directory.";
}
} // namespace crypto
|