1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/net/nss_context.h" 6 7#include "content/public/browser/browser_thread.h" 8#include "crypto/nss_util_internal.h" 9#include "net/cert/nss_cert_database.h" 10 11namespace { 12net::NSSCertDatabase* g_nss_cert_database = NULL; 13} // namespace 14 15crypto::ScopedPK11Slot GetPublicNSSKeySlotForResourceContext( 16 content::ResourceContext* context) { 17 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); 18 return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot()); 19} 20 21crypto::ScopedPK11Slot GetPrivateNSSKeySlotForResourceContext( 22 content::ResourceContext* context, 23 const base::Callback<void(crypto::ScopedPK11Slot)>& callback) { 24 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); 25 return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot()); 26} 27 28net::NSSCertDatabase* GetNSSCertDatabaseForResourceContext( 29 content::ResourceContext* context, 30 const base::Callback<void(net::NSSCertDatabase*)>& callback) { 31 // This initialization is not thread safe. This CHECK ensures that this code 32 // is only run on a single thread. 33 CHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); 34 if (!g_nss_cert_database) { 35 // Linux has only a single persistent slot compared to ChromeOS's separate 36 // public and private slot. 37 // Redirect any slot usage to this persistent slot on Linux. 38 g_nss_cert_database = new net::NSSCertDatabase( 39 crypto::ScopedPK11Slot( 40 crypto::GetPersistentNSSKeySlot()) /* public slot */, 41 crypto::ScopedPK11Slot( 42 crypto::GetPersistentNSSKeySlot()) /* private slot */); 43 } 44 return g_nss_cert_database; 45} 46