| [email protected] | 190933f | 2014-07-28 09:56:51 | [diff] [blame] | 1 | // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "crypto/scoped_test_nss_db.h" |
| 6 | |
| mattm | b3dfdd8 | 2015-12-28 22:18:22 | [diff] [blame^] | 7 | #include <cert.h> |
| 8 | |
| [email protected] | 190933f | 2014-07-28 09:56:51 | [diff] [blame] | 9 | #include "base/logging.h" |
| 10 | #include "base/threading/thread_restrictions.h" |
| 11 | #include "crypto/nss_util.h" |
| 12 | #include "crypto/nss_util_internal.h" |
| 13 | |
| 14 | namespace crypto { |
| 15 | |
| 16 | ScopedTestNSSDB::ScopedTestNSSDB() { |
| 17 | EnsureNSSInit(); |
| 18 | // NSS is allowed to do IO on the current thread since dispatching |
| 19 | // to a dedicated thread would still have the affect of blocking |
| 20 | // the current thread, due to NSS's internal locking requirements |
| 21 | base::ThreadRestrictions::ScopedAllowIO allow_io; |
| 22 | |
| 23 | if (!temp_dir_.CreateUniqueTempDir()) |
| 24 | return; |
| 25 | |
| 26 | const char kTestDescription[] = "Test DB"; |
| 27 | slot_ = OpenSoftwareNSSDB(temp_dir_.path(), kTestDescription); |
| 28 | } |
| 29 | |
| 30 | ScopedTestNSSDB::~ScopedTestNSSDB() { |
| mattm | b3dfdd8 | 2015-12-28 22:18:22 | [diff] [blame^] | 31 | // Remove trust from any certs in the test DB before closing it. Otherwise NSS |
| 32 | // may cache verification results even after the test DB is gone. |
| 33 | if (slot_) { |
| 34 | CERTCertList* cert_list = PK11_ListCertsInSlot(slot_.get()); |
| 35 | for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); |
| 36 | !CERT_LIST_END(node, cert_list); |
| 37 | node = CERT_LIST_NEXT(node)) { |
| 38 | CERTCertTrust trust = {0}; |
| 39 | if (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), node->cert, &trust) != |
| 40 | SECSuccess) { |
| 41 | LOG(ERROR) << "CERT_ChangeCertTrust failed: " << PORT_GetError(); |
| 42 | } |
| 43 | } |
| 44 | CERT_DestroyCertList(cert_list); |
| 45 | } |
| 46 | |
| [email protected] | 190933f | 2014-07-28 09:56:51 | [diff] [blame] | 47 | // Don't close when NSS is < 3.15.1, because it would require an additional |
| 48 | // sleep for 1 second after closing the database, due to |
| 49 | // http://bugzil.la/875601. |
| [email protected] | d09565c4 | 2014-08-03 12:47:44 | [diff] [blame] | 50 | if (!NSS_VersionCheck("3.15.1")) { |
| 51 | LOG(ERROR) << "NSS version is < 3.15.1, test DB will not be closed."; |
| 52 | temp_dir_.Take(); |
| [email protected] | 190933f | 2014-07-28 09:56:51 | [diff] [blame] | 53 | return; |
| [email protected] | d09565c4 | 2014-08-03 12:47:44 | [diff] [blame] | 54 | } |
| [email protected] | 190933f | 2014-07-28 09:56:51 | [diff] [blame] | 55 | |
| 56 | // NSS is allowed to do IO on the current thread since dispatching |
| 57 | // to a dedicated thread would still have the affect of blocking |
| 58 | // the current thread, due to NSS's internal locking requirements |
| 59 | base::ThreadRestrictions::ScopedAllowIO allow_io; |
| 60 | |
| [email protected] | d09565c4 | 2014-08-03 12:47:44 | [diff] [blame] | 61 | if (slot_) { |
| 62 | SECStatus status = SECMOD_CloseUserDB(slot_.get()); |
| 63 | if (status != SECSuccess) |
| 64 | PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError(); |
| 65 | } |
| [email protected] | 190933f | 2014-07-28 09:56:51 | [diff] [blame] | 66 | |
| 67 | if (!temp_dir_.Delete()) |
| 68 | LOG(ERROR) << "Could not delete temporary directory."; |
| 69 | } |
| 70 | |
| 71 | } // namespace crypto |
