1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/net/nss_context.h"
6
7#include "content/public/browser/browser_thread.h"
8#include "crypto/nss_util_internal.h"
9#include "net/cert/nss_cert_database.h"
10
11namespace {
12net::NSSCertDatabase* g_nss_cert_database = NULL;
13}  // namespace
14
15crypto::ScopedPK11Slot GetPublicNSSKeySlotForResourceContext(
16    content::ResourceContext* context) {
17  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
18  return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot());
19}
20
21crypto::ScopedPK11Slot GetPrivateNSSKeySlotForResourceContext(
22    content::ResourceContext* context,
23    const base::Callback<void(crypto::ScopedPK11Slot)>& callback) {
24  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
25  return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot());
26}
27
28net::NSSCertDatabase* GetNSSCertDatabaseForResourceContext(
29    content::ResourceContext* context,
30    const base::Callback<void(net::NSSCertDatabase*)>& callback) {
31  // This initialization is not thread safe. This CHECK ensures that this code
32  // is only run on a single thread.
33  CHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
34  if (!g_nss_cert_database) {
35    // Linux has only a single persistent slot compared to ChromeOS's separate
36    // public and private slot.
37    // Redirect any slot usage to this persistent slot on Linux.
38    g_nss_cert_database = new net::NSSCertDatabase(
39        crypto::ScopedPK11Slot(
40            crypto::GetPersistentNSSKeySlot()) /* public slot */,
41        crypto::ScopedPK11Slot(
42            crypto::GetPersistentNSSKeySlot()) /* private slot */);
43  }
44  return g_nss_cert_database;
45}
46