1*635a8641SAndroid Build Coastguard Worker // Copyright 2014 The Chromium Authors. All rights reserved. 2*635a8641SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*635a8641SAndroid Build Coastguard Worker // found in the LICENSE file. 4*635a8641SAndroid Build Coastguard Worker 5*635a8641SAndroid Build Coastguard Worker #include "crypto/scoped_test_nss_db.h" 6*635a8641SAndroid Build Coastguard Worker 7*635a8641SAndroid Build Coastguard Worker #include <cert.h> 8*635a8641SAndroid Build Coastguard Worker 9*635a8641SAndroid Build Coastguard Worker #include "base/logging.h" 10*635a8641SAndroid Build Coastguard Worker #include "base/threading/thread_restrictions.h" 11*635a8641SAndroid Build Coastguard Worker #include "crypto/nss_util.h" 12*635a8641SAndroid Build Coastguard Worker #include "crypto/nss_util_internal.h" 13*635a8641SAndroid Build Coastguard Worker 14*635a8641SAndroid Build Coastguard Worker namespace crypto { 15*635a8641SAndroid Build Coastguard Worker ScopedTestNSSDB()16*635a8641SAndroid Build Coastguard WorkerScopedTestNSSDB::ScopedTestNSSDB() { 17*635a8641SAndroid Build Coastguard Worker EnsureNSSInit(); 18*635a8641SAndroid Build Coastguard Worker // NSS is allowed to do IO on the current thread since dispatching 19*635a8641SAndroid Build Coastguard Worker // to a dedicated thread would still have the affect of blocking 20*635a8641SAndroid Build Coastguard Worker // the current thread, due to NSS's internal locking requirements 21*635a8641SAndroid Build Coastguard Worker base::ScopedAllowBlockingForTesting allow_blocking; 22*635a8641SAndroid Build Coastguard Worker 23*635a8641SAndroid Build Coastguard Worker if (!temp_dir_.CreateUniqueTempDir()) 24*635a8641SAndroid Build Coastguard Worker return; 25*635a8641SAndroid Build Coastguard Worker 26*635a8641SAndroid Build Coastguard Worker const char kTestDescription[] = "Test DB"; 27*635a8641SAndroid Build Coastguard Worker slot_ = OpenSoftwareNSSDB(temp_dir_.GetPath(), kTestDescription); 28*635a8641SAndroid Build Coastguard Worker } 29*635a8641SAndroid Build Coastguard Worker ~ScopedTestNSSDB()30*635a8641SAndroid Build Coastguard WorkerScopedTestNSSDB::~ScopedTestNSSDB() { 31*635a8641SAndroid Build Coastguard Worker // Remove trust from any certs in the test DB before closing it. Otherwise NSS 32*635a8641SAndroid Build Coastguard Worker // may cache verification results even after the test DB is gone. 33*635a8641SAndroid Build Coastguard Worker if (slot_) { 34*635a8641SAndroid Build Coastguard Worker CERTCertList* cert_list = PK11_ListCertsInSlot(slot_.get()); 35*635a8641SAndroid Build Coastguard Worker for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); 36*635a8641SAndroid Build Coastguard Worker !CERT_LIST_END(node, cert_list); 37*635a8641SAndroid Build Coastguard Worker node = CERT_LIST_NEXT(node)) { 38*635a8641SAndroid Build Coastguard Worker CERTCertTrust trust = {0}; 39*635a8641SAndroid Build Coastguard Worker if (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), node->cert, &trust) != 40*635a8641SAndroid Build Coastguard Worker SECSuccess) { 41*635a8641SAndroid Build Coastguard Worker LOG(ERROR) << "CERT_ChangeCertTrust failed: " << PORT_GetError(); 42*635a8641SAndroid Build Coastguard Worker } 43*635a8641SAndroid Build Coastguard Worker } 44*635a8641SAndroid Build Coastguard Worker CERT_DestroyCertList(cert_list); 45*635a8641SAndroid Build Coastguard Worker } 46*635a8641SAndroid Build Coastguard Worker 47*635a8641SAndroid Build Coastguard Worker // NSS is allowed to do IO on the current thread since dispatching 48*635a8641SAndroid Build Coastguard Worker // to a dedicated thread would still have the affect of blocking 49*635a8641SAndroid Build Coastguard Worker // the current thread, due to NSS's internal locking requirements 50*635a8641SAndroid Build Coastguard Worker base::ScopedAllowBlockingForTesting allow_blocking; 51*635a8641SAndroid Build Coastguard Worker 52*635a8641SAndroid Build Coastguard Worker if (slot_) { 53*635a8641SAndroid Build Coastguard Worker SECStatus status = SECMOD_CloseUserDB(slot_.get()); 54*635a8641SAndroid Build Coastguard Worker if (status != SECSuccess) 55*635a8641SAndroid Build Coastguard Worker PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError(); 56*635a8641SAndroid Build Coastguard Worker } 57*635a8641SAndroid Build Coastguard Worker 58*635a8641SAndroid Build Coastguard Worker if (!temp_dir_.Delete()) 59*635a8641SAndroid Build Coastguard Worker LOG(ERROR) << "Could not delete temporary directory."; 60*635a8641SAndroid Build Coastguard Worker } 61*635a8641SAndroid Build Coastguard Worker 62*635a8641SAndroid Build Coastguard Worker } // namespace crypto 63