1a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// found in the LICENSE file. 4a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 5a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "chrome/browser/net/nss_context.h" 6a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 7a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "content/public/browser/browser_thread.h" 8a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "crypto/nss_util_internal.h" 95d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "net/cert/nss_cert_database.h" 10a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 115f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)namespace { 125f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)net::NSSCertDatabase* g_nss_cert_database = NULL; 135f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} // namespace 145f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 15a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)crypto::ScopedPK11Slot GetPublicNSSKeySlotForResourceContext( 16a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) content::ResourceContext* context) { 17a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); 18116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot()); 19a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)} 20a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 21a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)crypto::ScopedPK11Slot GetPrivateNSSKeySlotForResourceContext( 22a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) content::ResourceContext* context, 23a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) const base::Callback<void(crypto::ScopedPK11Slot)>& callback) { 24a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); 25116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot()); 26a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)} 275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)net::NSSCertDatabase* GetNSSCertDatabaseForResourceContext( 295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::ResourceContext* context, 305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const base::Callback<void(net::NSSCertDatabase*)>& callback) { 315f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // This initialization is not thread safe. This CHECK ensures that this code 325f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // is only run on a single thread. 335f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) CHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); 345f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) if (!g_nss_cert_database) { 355f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Linux has only a single persistent slot compared to ChromeOS's separate 365f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // public and private slot. 375f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Redirect any slot usage to this persistent slot on Linux. 385f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) g_nss_cert_database = new net::NSSCertDatabase( 395f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) crypto::ScopedPK11Slot( 405f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) crypto::GetPersistentNSSKeySlot()) /* public slot */, 415f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) crypto::ScopedPK11Slot( 425f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) crypto::GetPersistentNSSKeySlot()) /* private slot */); 435f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 445f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return g_nss_cert_database; 455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 46