mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-11-24 14:26:09 +03:00
63 lines
2.0 KiB
C++
63 lines
2.0 KiB
C++
|
// Copyright 2014 The Chromium Authors. All rights reserved.
|
||
|
// Use of this source code is governed by a BSD-style license that can be
|
||
|
// found in the LICENSE file.
|
||
|
|
||
|
#include "crypto/scoped_test_nss_db.h"
|
||
|
|
||
|
#include <cert.h>
|
||
|
|
||
|
#include "base/logging.h"
|
||
|
#include "base/threading/thread_restrictions.h"
|
||
|
#include "crypto/nss_util.h"
|
||
|
#include "crypto/nss_util_internal.h"
|
||
|
|
||
|
namespace crypto {
|
||
|
|
||
|
ScopedTestNSSDB::ScopedTestNSSDB() {
|
||
|
EnsureNSSInit();
|
||
|
// NSS is allowed to do IO on the current thread since dispatching
|
||
|
// to a dedicated thread would still have the affect of blocking
|
||
|
// the current thread, due to NSS's internal locking requirements
|
||
|
base::ScopedAllowBlockingForTesting allow_blocking;
|
||
|
|
||
|
if (!temp_dir_.CreateUniqueTempDir())
|
||
|
return;
|
||
|
|
||
|
const char kTestDescription[] = "Test DB";
|
||
|
slot_ = OpenSoftwareNSSDB(temp_dir_.GetPath(), kTestDescription);
|
||
|
}
|
||
|
|
||
|
ScopedTestNSSDB::~ScopedTestNSSDB() {
|
||
|
// Remove trust from any certs in the test DB before closing it. Otherwise NSS
|
||
|
// may cache verification results even after the test DB is gone.
|
||
|
if (slot_) {
|
||
|
CERTCertList* cert_list = PK11_ListCertsInSlot(slot_.get());
|
||
|
for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
|
||
|
!CERT_LIST_END(node, cert_list);
|
||
|
node = CERT_LIST_NEXT(node)) {
|
||
|
CERTCertTrust trust = {0};
|
||
|
if (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), node->cert, &trust) !=
|
||
|
SECSuccess) {
|
||
|
LOG(ERROR) << "CERT_ChangeCertTrust failed: " << PORT_GetError();
|
||
|
}
|
||
|
}
|
||
|
CERT_DestroyCertList(cert_list);
|
||
|
}
|
||
|
|
||
|
// NSS is allowed to do IO on the current thread since dispatching
|
||
|
// to a dedicated thread would still have the affect of blocking
|
||
|
// the current thread, due to NSS's internal locking requirements
|
||
|
base::ScopedAllowBlockingForTesting allow_blocking;
|
||
|
|
||
|
if (slot_) {
|
||
|
SECStatus status = SECMOD_CloseUserDB(slot_.get());
|
||
|
if (status != SECSuccess)
|
||
|
PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError();
|
||
|
}
|
||
|
|
||
|
if (!temp_dir_.Delete())
|
||
|
LOG(ERROR) << "Could not delete temporary directory.";
|
||
|
}
|
||
|
|
||
|
} // namespace crypto
|