naiveproxy/crypto/scoped_test_nss_db.cc

// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "crypto/scoped_test_nss_db.h"

#include <cert.h>

#include "base/logging.h"
#include "base/threading/thread_restrictions.h"
#include "crypto/nss_util.h"
#include "crypto/nss_util_internal.h"

namespace crypto {

ScopedTestNSSDB::ScopedTestNSSDB() {
  EnsureNSSInit();
  // NSS is allowed to do IO on the current thread since dispatching
  // to a dedicated thread would still have the affect of blocking
  // the current thread, due to NSS's internal locking requirements
  base::ScopedAllowBlockingForTesting allow_blocking;

  if (!temp_dir_.CreateUniqueTempDir())
    return;

  const char kTestDescription[] = "Test DB";
  slot_ = OpenSoftwareNSSDB(temp_dir_.GetPath(), kTestDescription);
}

ScopedTestNSSDB::~ScopedTestNSSDB() {
  // Remove trust from any certs in the test DB before closing it. Otherwise NSS
  // may cache verification results even after the test DB is gone.
  if (slot_) {
    CERTCertList* cert_list = PK11_ListCertsInSlot(slot_.get());
    for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
         !CERT_LIST_END(node, cert_list);
         node = CERT_LIST_NEXT(node)) {
      CERTCertTrust trust = {0};
      if (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), node->cert, &trust) !=
          SECSuccess) {
        LOG(ERROR) << "CERT_ChangeCertTrust failed: " << PORT_GetError();
      }
    }
    CERT_DestroyCertList(cert_list);
  }

  // NSS is allowed to do IO on the current thread since dispatching
  // to a dedicated thread would still have the affect of blocking
  // the current thread, due to NSS's internal locking requirements
  base::ScopedAllowBlockingForTesting allow_blocking;

  if (slot_) {
    SECStatus status = SECMOD_CloseUserDB(slot_.get());
    if (status != SECSuccess)
      PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError();
  }

  if (!temp_dir_.Delete())
    LOG(ERROR) << "Could not delete temporary directory.";
}

}  // namespace crypto
Import chromium-64.0.3282.119 2018-01-28 21:32:06 +03:00			`// Copyright 2014 The Chromium Authors. All rights reserved.`
			`// Use of this source code is governed by a BSD-style license that can be`
			`// found in the LICENSE file.`

			`#include "crypto/scoped_test_nss_db.h"`

			`#include <cert.h>`

			`#include "base/logging.h"`
			`#include "base/threading/thread_restrictions.h"`
			`#include "crypto/nss_util.h"`
			`#include "crypto/nss_util_internal.h"`

			`namespace crypto {`

			`ScopedTestNSSDB::ScopedTestNSSDB() {`
			`EnsureNSSInit();`
			`// NSS is allowed to do IO on the current thread since dispatching`
			`// to a dedicated thread would still have the affect of blocking`
			`// the current thread, due to NSS's internal locking requirements`
			`base::ScopedAllowBlockingForTesting allow_blocking;`

			`if (!temp_dir_.CreateUniqueTempDir())`
			`return;`

			`const char kTestDescription[] = "Test DB";`
			`slot_ = OpenSoftwareNSSDB(temp_dir_.GetPath(), kTestDescription);`
			`}`

			`ScopedTestNSSDB::~ScopedTestNSSDB() {`
			`// Remove trust from any certs in the test DB before closing it. Otherwise NSS`
			`// may cache verification results even after the test DB is gone.`
			`if (slot_) {`
			`CERTCertList* cert_list = PK11_ListCertsInSlot(slot_.get());`
			`for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);`
			`!CERT_LIST_END(node, cert_list);`
			`node = CERT_LIST_NEXT(node)) {`
			`CERTCertTrust trust = {0};`
			`if (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), node->cert, &trust) !=`
			`SECSuccess) {`
			`LOG(ERROR) << "CERT_ChangeCertTrust failed: " << PORT_GetError();`
			`}`
			`}`
			`CERT_DestroyCertList(cert_list);`
			`}`

			`// NSS is allowed to do IO on the current thread since dispatching`
			`// to a dedicated thread would still have the affect of blocking`
			`// the current thread, due to NSS's internal locking requirements`
			`base::ScopedAllowBlockingForTesting allow_blocking;`

			`if (slot_) {`
			`SECStatus status = SECMOD_CloseUserDB(slot_.get());`
			`if (status != SECSuccess)`
			`PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError();`
			`}`

			`if (!temp_dir_.Delete())`
			`LOG(ERROR) << "Could not delete temporary directory.";`
			`}`

			`} // namespace crypto`