From 190933f29103844bbc40a88bca8b14e49bf7e008 Mon Sep 17 00:00:00 2001 From: "pneubeck@chromium.org" Date: Mon, 28 Jul 2014 09:56:51 +0000 Subject: [PATCH] Extract ScopedTestNSSDB from nss_util. Before ScopedTestNSSDB affected several slot getters from nss_util.h . This change reduces ScopedTestNSSDB to solely setup a temporary test DB and not influencing the global state in nss_util anymore. As a replacement for some of its old behavior, a new ScopedTestSystemNSSKeySlot is added, which allows to override the slot returned by GetSystemNSSKeySlot(). With this change it's now possible to write tests that need both a user and system NSS DB by using ScopedTestSystemNSSKeySlot. As a side-effect, GetPersistentNSSKeySlot() is now compiled on !OS_CHROMEOS only. BUG=210525 (For include changes:) R=rsleevi@chromium.org TBR=nkostylev@chromium.org, stevenjb@chromium.org Review URL: https://codereview.chromium.org/401623006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@285881 0039d316-1c4b-4281-b951-d872f2087c98 --- .../auth/parallel_authenticator_unittest.cc | 2 +- .../net/cert_verify_proc_chromeos_unittest.cc | 2 +- .../policy_cert_verifier_browsertest.cc | 2 +- chrome/chrome_browser.gypi | 9 +- chrome/chrome_tests.gypi | 1 + chrome/chrome_tests_unit.gypi | 1 + .../net/x509_certificate_model_unittest.cc | 24 ++- chromeos/cert_loader_unittest.cc | 2 +- chromeos/chromeos.gyp | 1 + .../network/client_cert_resolver_unittest.cc | 2 +- .../network/network_cert_migrator_unittest.cc | 2 +- .../network_connection_handler_unittest.cc | 2 +- .../onc_certificate_importer_impl_unittest.cc | 2 +- crypto/BUILD.gn | 34 ++++ crypto/crypto.gyp | 44 +++++ crypto/nss_util.cc | 172 +++++------------- crypto/nss_util.h | 42 ----- crypto/nss_util_internal.h | 29 ++- crypto/rsa_private_key_nss_unittest.cc | 2 +- crypto/scoped_test_nss_chromeos_user.cc | 37 ++++ crypto/scoped_test_nss_chromeos_user.h | 43 +++++ crypto/scoped_test_nss_db.cc | 48 +++++ crypto/scoped_test_nss_db.h | 35 ++++ crypto/scoped_test_system_nss_key_slot.cc | 28 +++ crypto/scoped_test_system_nss_key_slot.h | 39 ++++ net/BUILD.gn | 1 + net/base/keygen_handler_unittest.cc | 7 +- .../nss_cert_database_chromeos_unittest.cc | 2 +- net/cert/nss_cert_database_unittest.cc | 13 +- .../nss_profile_filter_chromeos_unittest.cc | 2 +- net/net.gyp | 1 + .../client_cert_store_chromeos_unittest.cc | 1 + 32 files changed, 424 insertions(+), 208 deletions(-) create mode 100644 crypto/scoped_test_nss_chromeos_user.cc create mode 100644 crypto/scoped_test_nss_chromeos_user.h create mode 100644 crypto/scoped_test_nss_db.cc create mode 100644 crypto/scoped_test_nss_db.h create mode 100644 crypto/scoped_test_system_nss_key_slot.cc create mode 100644 crypto/scoped_test_system_nss_key_slot.h diff --git a/chrome/browser/chromeos/login/auth/parallel_authenticator_unittest.cc b/chrome/browser/chromeos/login/auth/parallel_authenticator_unittest.cc index 9985b8d73666e3..248defa4007a1e 100644 --- a/chrome/browser/chromeos/login/auth/parallel_authenticator_unittest.cc +++ b/chrome/browser/chromeos/login/auth/parallel_authenticator_unittest.cc @@ -37,8 +37,8 @@ #include "chromeos/login/auth/user_context.h" #include "components/user_manager/user.h" #include "content/public/test/test_browser_thread_bundle.h" -#include "crypto/nss_util.h" #include "crypto/nss_util_internal.h" +#include "crypto/scoped_test_nss_chromeos_user.h" #include "google_apis/gaia/mock_url_fetcher_factory.h" #include "net/base/net_errors.h" #include "net/url_request/url_request_status.h" diff --git a/chrome/browser/chromeos/net/cert_verify_proc_chromeos_unittest.cc b/chrome/browser/chromeos/net/cert_verify_proc_chromeos_unittest.cc index f03876e2ecb22d..0080355713f13c 100644 --- a/chrome/browser/chromeos/net/cert_verify_proc_chromeos_unittest.cc +++ b/chrome/browser/chromeos/net/cert_verify_proc_chromeos_unittest.cc @@ -4,8 +4,8 @@ #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h" -#include "crypto/nss_util.h" #include "crypto/nss_util_internal.h" +#include "crypto/scoped_test_nss_chromeos_user.h" #include "net/base/net_errors.h" #include "net/base/test_data_directory.h" #include "net/cert/cert_verify_proc.h" diff --git a/chrome/browser/chromeos/policy/policy_cert_verifier_browsertest.cc b/chrome/browser/chromeos/policy/policy_cert_verifier_browsertest.cc index bcb5057602f9f6..37a3243b057ebd 100644 --- a/chrome/browser/chromeos/policy/policy_cert_verifier_browsertest.cc +++ b/chrome/browser/chromeos/policy/policy_cert_verifier_browsertest.cc @@ -13,8 +13,8 @@ #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h" #include "content/public/browser/browser_thread.h" #include "content/public/test/test_browser_thread_bundle.h" -#include "crypto/nss_util.h" #include "crypto/nss_util_internal.h" +#include "crypto/scoped_test_nss_chromeos_user.h" #include "net/base/net_log.h" #include "net/base/test_completion_callback.h" #include "net/base/test_data_directory.h" diff --git a/chrome/chrome_browser.gypi b/chrome/chrome_browser.gypi index d60a26923d05ce..2b995bf106dcec 100644 --- a/chrome/chrome_browser.gypi +++ b/chrome/chrome_browser.gypi @@ -1835,8 +1835,8 @@ 'browser/certificate_manager_model.cc', 'browser/certificate_manager_model.h', 'browser/net/nss_context.cc', - 'browser/net/nss_context_chromeos.cc', 'browser/net/nss_context.h', + 'browser/net/nss_context_chromeos.cc', 'browser/net/nss_context_linux.cc', 'third_party/mozilla_security_manager/nsNSSCertHelper.cpp', 'third_party/mozilla_security_manager/nsNSSCertHelper.h', @@ -3234,6 +3234,13 @@ }], ['use_nss==1', { 'sources': [ '<@(chrome_browser_nss_sources)' ], + 'conditions': [ + ['chromeos==1', { + 'sources!': [ 'browser/net/nss_context_linux.cc' ], + }, { # chromeos==0 + 'sources!': [ 'browser/net/nss_context_chromeos.cc' ], + }], + ], }], ['notifications==1', { 'sources': [ '<@(chrome_browser_notifications_sources)' ], diff --git a/chrome/chrome_tests.gypi b/chrome/chrome_tests.gypi index 7d7736b839fb5e..c9500578a0c400 100644 --- a/chrome/chrome_tests.gypi +++ b/chrome/chrome_tests.gypi @@ -796,6 +796,7 @@ '../components/components.gyp:translate_core_common', '../components/components_resources.gyp:components_resources', '../components/components_strings.gyp:components_strings', + '../crypto/crypto.gyp:crypto_test_support', '../device/bluetooth/bluetooth.gyp:device_bluetooth_mocks', '../device/serial/serial.gyp:device_serial_test_util', '../extensions/common/api/api.gyp:extensions_api', diff --git a/chrome/chrome_tests_unit.gypi b/chrome/chrome_tests_unit.gypi index 4a23bc5ffd0e96..f6e9c6a06ccc3d 100644 --- a/chrome/chrome_tests_unit.gypi +++ b/chrome/chrome_tests_unit.gypi @@ -490,6 +490,7 @@ '../components/components_resources.gyp:components_resources', '../content/content_shell_and_tests.gyp:test_support_content', '../content/content.gyp:content_app_both', + '../crypto/crypto.gyp:crypto_test_support', '../net/net.gyp:net', '../net/net.gyp:net_test_support', '../sync/sync.gyp:test_support_sync_api', diff --git a/chrome/common/net/x509_certificate_model_unittest.cc b/chrome/common/net/x509_certificate_model_unittest.cc index 8d010d77a60b58..37f3fe487a41eb 100644 --- a/chrome/common/net/x509_certificate_model_unittest.cc +++ b/chrome/common/net/x509_certificate_model_unittest.cc @@ -11,7 +11,7 @@ #include "testing/gtest/include/gtest/gtest.h" #if defined(USE_NSS) -#include "crypto/nss_util_internal.h" +#include "crypto/scoped_test_nss_db.h" #include "net/cert/nss_cert_database.h" #endif @@ -224,12 +224,11 @@ TEST(X509CertificateModelTest, GetTypeCA) { EXPECT_EQ(net::CA_CERT, x509_certificate_model::GetType(cert->os_cert_handle())); - // Additional parantheses required to disambiguate from function declaration. - net::NSSCertDatabase db( - (crypto::ScopedPK11Slot( - crypto::GetPersistentNSSKeySlot())) /* public slot */, - crypto::ScopedPK11Slot( - crypto::GetPersistentNSSKeySlot()) /* private lot */); + crypto::ScopedTestNSSDB test_nssdb; + net::NSSCertDatabase db(crypto::ScopedPK11Slot(PK11_ReferenceSlot( + test_nssdb.slot())) /* public slot */, + crypto::ScopedPK11Slot(PK11_ReferenceSlot( + test_nssdb.slot())) /* private slot */); // Test that explicitly distrusted CA certs are still returned as CA_CERT // type. See http://crbug.com/96654. @@ -259,12 +258,11 @@ TEST(X509CertificateModelTest, GetTypeServer) { EXPECT_EQ(net::OTHER_CERT, x509_certificate_model::GetType(cert->os_cert_handle())); - // Additional parantheses required to disambiguate from function declaration. - net::NSSCertDatabase db( - (crypto::ScopedPK11Slot( - crypto::GetPersistentNSSKeySlot())) /* public slot */, - crypto::ScopedPK11Slot( - crypto::GetPersistentNSSKeySlot()) /* private lot */); + crypto::ScopedTestNSSDB test_nssdb; + net::NSSCertDatabase db(crypto::ScopedPK11Slot(PK11_ReferenceSlot( + test_nssdb.slot())) /* public slot */, + crypto::ScopedPK11Slot(PK11_ReferenceSlot( + test_nssdb.slot())) /* private slot */); // Test GetCertType with server certs and explicit trust. EXPECT_TRUE(db.SetCertTrust( diff --git a/chromeos/cert_loader_unittest.cc b/chromeos/cert_loader_unittest.cc index 216a8db1eb2058..a7efa2120adc39 100644 --- a/chromeos/cert_loader_unittest.cc +++ b/chromeos/cert_loader_unittest.cc @@ -9,9 +9,9 @@ #include "base/memory/scoped_ptr.h" #include "base/message_loop/message_loop.h" #include "base/run_loop.h" -#include "crypto/nss_util.h" #include "crypto/nss_util_internal.h" #include "crypto/scoped_nss_types.h" +#include "crypto/scoped_test_nss_chromeos_user.h" #include "net/base/net_errors.h" #include "net/base/test_data_directory.h" #include "net/cert/nss_cert_database_chromeos.h" diff --git a/chromeos/chromeos.gyp b/chromeos/chromeos.gyp index 9b070402d97716..da8646027e5d26 100644 --- a/chromeos/chromeos.gyp +++ b/chromeos/chromeos.gyp @@ -511,6 +511,7 @@ '../build/linux/system.gyp:ssl', '../components/components.gyp:onc_component', '../crypto/crypto.gyp:crypto', + '../crypto/crypto.gyp:crypto_test_support', '../dbus/dbus.gyp:dbus_test_support', '../net/net.gyp:net', '../net/net.gyp:net_test_support', diff --git a/chromeos/network/client_cert_resolver_unittest.cc b/chromeos/network/client_cert_resolver_unittest.cc index 4ca251e1cf722d..86f45acb606714 100644 --- a/chromeos/network/client_cert_resolver_unittest.cc +++ b/chromeos/network/client_cert_resolver_unittest.cc @@ -23,8 +23,8 @@ #include "chromeos/network/network_state_handler.h" #include "chromeos/tpm_token_loader.h" #include "components/onc/onc_constants.h" -#include "crypto/nss_util.h" #include "crypto/nss_util_internal.h" +#include "crypto/scoped_test_nss_chromeos_user.h" #include "net/base/crypto_module.h" #include "net/base/net_errors.h" #include "net/base/test_data_directory.h" diff --git a/chromeos/network/network_cert_migrator_unittest.cc b/chromeos/network/network_cert_migrator_unittest.cc index 1482ec36c59b63..2f72cfdfd800df 100644 --- a/chromeos/network/network_cert_migrator_unittest.cc +++ b/chromeos/network/network_cert_migrator_unittest.cc @@ -14,8 +14,8 @@ #include "chromeos/dbus/shill_service_client.h" #include "chromeos/network/network_state_handler.h" #include "chromeos/tpm_token_loader.h" -#include "crypto/nss_util.h" #include "crypto/nss_util_internal.h" +#include "crypto/scoped_test_nss_chromeos_user.h" #include "net/base/crypto_module.h" #include "net/base/net_errors.h" #include "net/base/test_data_directory.h" diff --git a/chromeos/network/network_connection_handler_unittest.cc b/chromeos/network/network_connection_handler_unittest.cc index 5dc9de31899bcf..57254326a43d2d 100644 --- a/chromeos/network/network_connection_handler_unittest.cc +++ b/chromeos/network/network_connection_handler_unittest.cc @@ -25,8 +25,8 @@ #include "chromeos/network/onc/onc_utils.h" #include "chromeos/tpm_token_loader.h" #include "components/onc/onc_constants.h" -#include "crypto/nss_util.h" #include "crypto/nss_util_internal.h" +#include "crypto/scoped_test_nss_chromeos_user.h" #include "net/base/net_errors.h" #include "net/base/test_data_directory.h" #include "net/cert/nss_cert_database_chromeos.h" diff --git a/chromeos/network/onc/onc_certificate_importer_impl_unittest.cc b/chromeos/network/onc/onc_certificate_importer_impl_unittest.cc index fef05080deb48d..bb05d14b48b869 100644 --- a/chromeos/network/onc/onc_certificate_importer_impl_unittest.cc +++ b/chromeos/network/onc/onc_certificate_importer_impl_unittest.cc @@ -16,8 +16,8 @@ #include "base/values.h" #include "chromeos/network/onc/onc_test_utils.h" #include "components/onc/onc_constants.h" -#include "crypto/nss_util.h" #include "crypto/nss_util_internal.h" +#include "crypto/scoped_test_nss_chromeos_user.h" #include "net/base/crypto_module.h" #include "net/cert/cert_type.h" #include "net/cert/nss_cert_database_chromeos.h" diff --git a/crypto/BUILD.gn b/crypto/BUILD.gn index bd7f06d0e4830d..6871bda0f73771 100644 --- a/crypto/BUILD.gn +++ b/crypto/BUILD.gn @@ -131,6 +131,7 @@ component("crypto") { "hmac_nss.cc", "nss_util.cc", "nss_util.h", + "nss_util_internal.h", "rsa_private_key_nss.cc", "secure_hash_default.cc", "signature_creator_nss.cc", @@ -229,6 +230,7 @@ test("crypto_unittests") { deps = [ ":crypto", ":platform", + ":test_support", "//base", "//base/test:run_all_unittests", "//base/test:test_support", @@ -237,6 +239,38 @@ test("crypto_unittests") { ] } +source_set("test_support") { + sources = [ + "scoped_test_nss_db.cc", + "scoped_test_nss_db.h", + "scoped_test_nss_chromeos_user.cc", + "scoped_test_nss_chromeos_user.h", + "scoped_test_system_nss_key_slot.cc", + "scoped_test_system_nss_key_slot.h", + ] + deps = [ + ":crypto", + ":platform", + "//base", + ] + + if (!use_nss_certs) { + sources -= [ + "scoped_test_nss_db.cc", + "scoped_test_nss_db.h", + ] + } + + if (!is_chromeos) { + sources -= [ + "scoped_test_nss_chromeos_user.cc", + "scoped_test_nss_chromeos_user.h", + "scoped_test_system_nss_key_slot.cc", + "scoped_test_system_nss_key_slot.h", + ] + } +} + # This is a meta-target that forwards to NSS's SSL library or OpenSSL, # according to the state of the crypto flags. A target just wanting to depend # on the current SSL library should just depend on this. diff --git a/crypto/crypto.gyp b/crypto/crypto.gyp index 42f3cad4fb0115..3cdc151f3286ee 100644 --- a/crypto/crypto.gyp +++ b/crypto/crypto.gyp @@ -111,6 +111,7 @@ 'hmac_nss.cc', 'nss_util.cc', 'nss_util.h', + 'nss_util_internal.h', 'rsa_private_key_nss.cc', 'secure_hash_default.cc', 'signature_creator_nss.cc', @@ -174,6 +175,7 @@ ], 'dependencies': [ 'crypto', + 'crypto_test_support', '../base/base.gyp:base', '../base/base.gyp:run_all_unittests', '../base/base.gyp:test_support_base', @@ -254,5 +256,47 @@ }, ], }], + ['use_nss==1', { + 'targets': [ + { + 'target_name': 'crypto_test_support', + 'type': 'static_library', + 'dependencies': [ + '../base/base.gyp:base', + 'crypto', + ], + 'sources': [ + 'scoped_test_nss_db.cc', + 'scoped_test_nss_db.h', + 'scoped_test_nss_chromeos_user.cc', + 'scoped_test_nss_chromeos_user.h', + 'scoped_test_system_nss_key_slot.cc', + 'scoped_test_system_nss_key_slot.h', + ], + 'conditions': [ + ['use_nss==0', { + 'sources!': [ + 'scoped_test_nss_db.cc', + 'scoped_test_nss_db.h', + ], + }], + [ 'chromeos==0', { + 'sources!': [ + 'scoped_test_nss_chromeos_user.cc', + 'scoped_test_nss_chromeos_user.h', + 'scoped_test_system_nss_key_slot.cc', + 'scoped_test_system_nss_key_slot.h', + ], + }], + ], + } + ]}, { # use_nss==0 + 'targets': [ + { + 'target_name': 'crypto_test_support', + 'type': 'none', + 'sources': [], + } + ]}], ], } diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc index 6ab07bc8ca47b8..64489dc3c4a9a3 100644 --- a/crypto/nss_util.cc +++ b/crypto/nss_util.cc @@ -198,12 +198,6 @@ class NSPRInitSingleton { base::LazyInstance::Leaky g_nspr_singleton = LAZY_INSTANCE_INITIALIZER; -// This is a LazyInstance so that it will be deleted automatically when the -// unittest exits. NSSInitSingleton is a LeakySingleton, so it would not be -// deleted if it were a regular member. -base::LazyInstance g_test_nss_db_dir = - LAZY_INSTANCE_INITIALIZER; - // Force a crash with error info on NSS_NoDB_Init failure. void CrashOnNSSInitFailure() { int nss_error = PR_GetError(); @@ -287,8 +281,8 @@ class NSSInitSingleton { PK11SlotInfo* tpm_slot; }; - PK11SlotInfo* OpenPersistentNSSDBForPath(const std::string& db_name, - const base::FilePath& path) { + ScopedPK11Slot OpenPersistentNSSDBForPath(const std::string& db_name, + const base::FilePath& path) { DCHECK(thread_checker_.CalledOnValidThread()); // NSS is allowed to do IO on the current thread since dispatching // to a dedicated thread would still have the affect of blocking @@ -298,9 +292,9 @@ class NSSInitSingleton { base::FilePath nssdb_path = path.AppendASCII(".pki").AppendASCII("nssdb"); if (!base::CreateDirectory(nssdb_path)) { LOG(ERROR) << "Failed to create " << nssdb_path.value() << " directory."; - return NULL; + return ScopedPK11Slot(); } - return OpenUserDB(nssdb_path, db_name); + return OpenSoftwareNSSDB(nssdb_path, db_name); } void EnableTPMTokenForNSS() { @@ -393,10 +387,10 @@ class NSSInitSingleton { chaps_module_ = tpm_args->chaps_module; tpm_slot_ = tpm_args->tpm_slot; - if (!chaps_module_ && test_slot_) { + if (!chaps_module_ && test_system_slot_) { // chromeos_unittests try to test the TPM initialization process. If we // have a test DB open, pretend that it is the TPM slot. - tpm_slot_ = PK11_ReferenceSlot(test_slot_); + tpm_slot_ = PK11_ReferenceSlot(test_system_slot_.get()); } initializing_tpm_token_ = false; @@ -463,12 +457,6 @@ class NSSInitSingleton { return false; } - // If test slot is set, slot getter methods will short circuit - // checking |chromeos_user_map_|, so there is nothing left to be - // initialized. - if (test_slot_) - return false; - DVLOG(2) << "Opening NSS DB " << path.value(); std::string db_name = base::StringPrintf( "%s %s", kUserNSSDatabaseName, username_hash.c_str()); @@ -551,11 +539,6 @@ class NSSInitSingleton { return ScopedPK11Slot(); } - if (test_slot_) { - DVLOG(2) << "returning test_slot_ for " << username_hash; - return ScopedPK11Slot(PK11_ReferenceSlot(test_slot_)); - } - if (chromeos_user_map_.find(username_hash) == chromeos_user_map_.end()) { LOG(ERROR) << username_hash << " not initialized."; return ScopedPK11Slot(); @@ -579,56 +562,26 @@ class NSSInitSingleton { DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); - if (test_slot_) { - DVLOG(2) << "returning test_slot_ for " << username_hash; - return ScopedPK11Slot(PK11_ReferenceSlot(test_slot_)); - } - return chromeos_user_map_[username_hash]->GetPrivateSlot(callback); } - void CloseTestChromeOSUser(const std::string& username_hash) { + void CloseChromeOSUserForTesting(const std::string& username_hash) { DCHECK(thread_checker_.CalledOnValidThread()); ChromeOSUserMap::iterator i = chromeos_user_map_.find(username_hash); DCHECK(i != chromeos_user_map_.end()); delete i->second; chromeos_user_map_.erase(i); } -#endif // defined(OS_CHROMEOS) - - bool OpenTestNSSDB() { - DCHECK(thread_checker_.CalledOnValidThread()); - // NSS is allowed to do IO on the current thread since dispatching - // to a dedicated thread would still have the affect of blocking - // the current thread, due to NSS's internal locking requirements - base::ThreadRestrictions::ScopedAllowIO allow_io; - - if (test_slot_) - return true; - if (!g_test_nss_db_dir.Get().CreateUniqueTempDir()) - return false; - test_slot_ = OpenUserDB(g_test_nss_db_dir.Get().path(), kTestTPMTokenName); - return !!test_slot_; - } - - void CloseTestNSSDB() { - DCHECK(thread_checker_.CalledOnValidThread()); - // NSS is allowed to do IO on the current thread since dispatching - // to a dedicated thread would still have the affect of blocking - // the current thread, due to NSS's internal locking requirements - base::ThreadRestrictions::ScopedAllowIO allow_io; - - if (!test_slot_) - return; - SECStatus status = SECMOD_CloseUserDB(test_slot_); - if (status != SECSuccess) - PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError(); - PK11_FreeSlot(test_slot_); - test_slot_ = NULL; - ignore_result(g_test_nss_db_dir.Get().Delete()); + void SetSystemKeySlotForTesting(ScopedPK11Slot slot) { + // Ensure that a previous value of test_system_slot_ is not overwritten. + // Unsetting, i.e. setting a NULL, however is allowed. + DCHECK(!slot || !test_system_slot_); + test_system_slot_ = slot.Pass(); } +#endif // defined(OS_CHROMEOS) +#if !defined(OS_CHROMEOS) PK11SlotInfo* GetPersistentNSSKeySlot() { // TODO(mattm): Change to DCHECK when callers have been fixed. if (!thread_checker_.CalledOnValidThread()) { @@ -636,18 +589,14 @@ class NSSInitSingleton { << base::debug::StackTrace().ToString(); } - if (test_slot_) - return PK11_ReferenceSlot(test_slot_); return PK11_GetInternalKeySlot(); } +#endif #if defined(OS_CHROMEOS) PK11SlotInfo* GetSystemNSSKeySlot() { DCHECK(thread_checker_.CalledOnValidThread()); - if (test_slot_) - return PK11_ReferenceSlot(test_slot_); - // TODO(mattm): chromeos::TPMTokenloader always calls // InitializeTPMTokenAndSystemSlot with slot 0. If the system slot is // disabled, tpm_slot_ will be the first user's slot instead. Can that be @@ -679,7 +628,6 @@ class NSSInitSingleton { : tpm_token_enabled_for_nss_(false), initializing_tpm_token_(false), chaps_module_(NULL), - test_slot_(NULL), tpm_slot_(NULL), root_(NULL) { base::TimeTicks start_time = base::TimeTicks::Now(); @@ -801,7 +749,6 @@ class NSSInitSingleton { PK11_FreeSlot(tpm_slot_); tpm_slot_ = NULL; } - CloseTestNSSDB(); if (root_) { SECMOD_UnloadUserModule(root_); SECMOD_DestroyModule(root_); @@ -863,23 +810,6 @@ class NSSInitSingleton { } #endif - static PK11SlotInfo* OpenUserDB(const base::FilePath& path, - const std::string& description) { - const std::string modspec = - base::StringPrintf("configDir='sql:%s' tokenDescription='%s'", - path.value().c_str(), - description.c_str()); - PK11SlotInfo* db_slot = SECMOD_OpenUserDB(modspec.c_str()); - if (db_slot) { - if (PK11_NeedUserInit(db_slot)) - PK11_InitPin(db_slot, NULL, NULL); - } else { - LOG(ERROR) << "Error opening persistent database (" << modspec - << "): " << GetNSSErrorMessage(); - } - return db_slot; - } - static void DisableAESNIIfNeeded() { if (NSS_VersionCheck("3.15") && !NSS_VersionCheck("3.15.4")) { // Some versions of NSS have a bug that causes AVX instructions to be @@ -903,12 +833,12 @@ class NSSInitSingleton { typedef std::vector TPMReadyCallbackList; TPMReadyCallbackList tpm_ready_callback_list_; SECMODModule* chaps_module_; - PK11SlotInfo* test_slot_; PK11SlotInfo* tpm_slot_; SECMODModule* root_; #if defined(OS_CHROMEOS) typedef std::map ChromeOSUserMap; ChromeOSUserMap chromeos_user_map_; + ScopedPK11Slot test_system_slot_; #endif #if defined(USE_NSS) // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 @@ -926,9 +856,24 @@ base::LazyInstance::Leaky g_nss_singleton = LAZY_INSTANCE_INITIALIZER; } // namespace -const char kTestTPMTokenName[] = "Test DB"; - #if defined(USE_NSS) +ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path, + const std::string& description) { + const std::string modspec = + base::StringPrintf("configDir='sql:%s' tokenDescription='%s'", + path.value().c_str(), + description.c_str()); + PK11SlotInfo* db_slot = SECMOD_OpenUserDB(modspec.c_str()); + if (db_slot) { + if (PK11_NeedUserInit(db_slot)) + PK11_InitPin(db_slot, NULL, NULL); + } else { + LOG(ERROR) << "Error opening persistent database (" << modspec + << "): " << GetNSSErrorMessage(); + } + return ScopedPK11Slot(db_slot); +} + void EarlySetupForNSSInit() { base::FilePath database_dir = GetInitialConfigDirectory(); if (!database_dir.empty()) @@ -1027,19 +972,6 @@ bool CheckNSSVersion(const char* version) { } #if defined(USE_NSS) -ScopedTestNSSDB::ScopedTestNSSDB() - : is_open_(g_nss_singleton.Get().OpenTestNSSDB()) { -} - -ScopedTestNSSDB::~ScopedTestNSSDB() { - // Don't close when NSS is < 3.15.1, because it would require an additional - // sleep for 1 second after closing the database, due to - // http://bugzil.la/875601. - if (NSS_VersionCheck("3.15.1")) { - g_nss_singleton.Get().CloseTestNSSDB(); - } -} - base::Lock* GetNSSWriteLock() { return g_nss_singleton.Get().write_lock(); } @@ -1065,7 +997,6 @@ AutoSECMODListReadLock::AutoSECMODListReadLock() AutoSECMODListReadLock::~AutoSECMODListReadLock() { SECMOD_ReleaseReadLock(lock_); } - #endif // defined(USE_NSS) #if defined(OS_CHROMEOS) @@ -1073,6 +1004,10 @@ PK11SlotInfo* GetSystemNSSKeySlot() { return g_nss_singleton.Get().GetSystemNSSKeySlot(); } +void SetSystemKeySlotForTesting(ScopedPK11Slot slot) { + g_nss_singleton.Get().SetSystemKeySlotForTesting(ScopedPK11Slot()); +} + void EnableTPMTokenForNSS() { g_nss_singleton.Get().EnableTPMTokenForNSS(); } @@ -1092,30 +1027,6 @@ void InitializeTPMTokenAndSystemSlot( callback); } -ScopedTestNSSChromeOSUser::ScopedTestNSSChromeOSUser( - const std::string& username_hash) - : username_hash_(username_hash), constructed_successfully_(false) { - if (!temp_dir_.CreateUniqueTempDir()) - return; - constructed_successfully_ = - InitializeNSSForChromeOSUser(username_hash, - username_hash, - temp_dir_.path()); -} - -ScopedTestNSSChromeOSUser::~ScopedTestNSSChromeOSUser() { - if (constructed_successfully_) - g_nss_singleton.Get().CloseTestChromeOSUser(username_hash_); -} - -void ScopedTestNSSChromeOSUser::FinishInit() { - DCHECK(constructed_successfully_); - if (!ShouldInitializeTPMForChromeOSUser(username_hash_)) - return; - WillInitializeTPMForChromeOSUser(username_hash_); - InitializePrivateSoftwareSlotForChromeOSUser(username_hash_); -} - bool InitializeNSSForChromeOSUser( const std::string& email, const std::string& username_hash, @@ -1138,20 +1049,27 @@ void InitializeTPMForChromeOSUser( CK_SLOT_ID slot_id) { g_nss_singleton.Get().InitializeTPMForChromeOSUser(username_hash, slot_id); } + void InitializePrivateSoftwareSlotForChromeOSUser( const std::string& username_hash) { g_nss_singleton.Get().InitializePrivateSoftwareSlotForChromeOSUser( username_hash); } + ScopedPK11Slot GetPublicSlotForChromeOSUser(const std::string& username_hash) { return g_nss_singleton.Get().GetPublicSlotForChromeOSUser(username_hash); } + ScopedPK11Slot GetPrivateSlotForChromeOSUser( const std::string& username_hash, const base::Callback& callback) { return g_nss_singleton.Get().GetPrivateSlotForChromeOSUser(username_hash, callback); } + +void CloseChromeOSUserForTesting(const std::string& username_hash) { + g_nss_singleton.Get().CloseChromeOSUserForTesting(username_hash); +} #endif // defined(OS_CHROMEOS) base::Time PRTimeToBaseTime(PRTime prtime) { @@ -1163,8 +1081,10 @@ PRTime BaseTimeToPRTime(base::Time time) { return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); } +#if !defined(OS_CHROMEOS) PK11SlotInfo* GetPersistentNSSKeySlot() { return g_nss_singleton.Get().GetPersistentNSSKeySlot(); } +#endif } // namespace crypto diff --git a/crypto/nss_util.h b/crypto/nss_util.h index 0efdbc2b80d658..56fdfa6b659084 100644 --- a/crypto/nss_util.h +++ b/crypto/nss_util.h @@ -9,7 +9,6 @@ #include "base/basictypes.h" #include "base/callback.h" #include "base/compiler_specific.h" -#include "base/files/scoped_temp_dir.h" #include "crypto/crypto_export.h" namespace base { @@ -23,9 +22,6 @@ class Time; // initialization functions. namespace crypto { -// The TPMToken name used for the NSS slot opened by ScopedTestNSSDB. -CRYPTO_EXPORT extern const char kTestTPMTokenName[]; - #if defined(USE_NSS) // EarlySetupForNSSInit performs lightweight setup which must occur before the // process goes multithreaded. This does not initialise NSS. For test, see @@ -121,26 +117,6 @@ CRYPTO_EXPORT bool IsTPMTokenReady(const base::Closure& callback) CRYPTO_EXPORT void InitializeTPMTokenAndSystemSlot( int system_slot_id, const base::Callback& callback); - -// Exposed for unittests only. -class CRYPTO_EXPORT_PRIVATE ScopedTestNSSChromeOSUser { - public: - explicit ScopedTestNSSChromeOSUser(const std::string& username_hash); - ~ScopedTestNSSChromeOSUser(); - - std::string username_hash() const { return username_hash_; } - bool constructed_successfully() const { return constructed_successfully_; } - - // Completes initialization of user. Causes any waiting private slot callbacks - // to run. - void FinishInit(); - - private: - const std::string username_hash_; - base::ScopedTempDir temp_dir_; - bool constructed_successfully_; - DISALLOW_COPY_AND_ASSIGN(ScopedTestNSSChromeOSUser); -}; #endif // Convert a NSS PRTime value into a base::Time object. @@ -152,23 +128,6 @@ CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64 prtime); CRYPTO_EXPORT int64 BaseTimeToPRTime(base::Time time); #if defined(USE_NSS) -// Exposed for unittests only. -// TODO(mattm): When NSS 3.14 is the minimum version required, -// switch back to using a separate user DB for each test. -// Because of https://bugzilla.mozilla.org/show_bug.cgi?id=588269 , the -// opened user DB is not automatically closed. -class CRYPTO_EXPORT_PRIVATE ScopedTestNSSDB { - public: - ScopedTestNSSDB(); - ~ScopedTestNSSDB(); - - bool is_open() { return is_open_; } - - private: - bool is_open_; - DISALLOW_COPY_AND_ASSIGN(ScopedTestNSSDB); -}; - // NSS has a bug which can cause a deadlock or stall in some cases when writing // to the certDB and keyDB. It also has a bug which causes concurrent key pair // generations to scribble over each other. To work around this, we synchronize @@ -189,7 +148,6 @@ class CRYPTO_EXPORT AutoNSSWriteLock { base::Lock *lock_; DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); }; - #endif // defined(USE_NSS) } // namespace crypto diff --git a/crypto/nss_util_internal.h b/crypto/nss_util_internal.h index e9d4870daf6bb9..c40295f71da21e 100644 --- a/crypto/nss_util_internal.h +++ b/crypto/nss_util_internal.h @@ -21,11 +21,18 @@ class FilePath; namespace crypto { +// Opens an NSS software database in folder |path|, with the (potentially) +// user-visible description |description|. Returns the slot for the opened +// database, or NULL if the database could not be opened. +CRYPTO_EXPORT_PRIVATE ScopedPK11Slot + OpenSoftwareNSSDB(const base::FilePath& path, + const std::string& description); + +#if !defined(OS_CHROMEOS) // Returns a reference to the default NSS key slot for storing persistent data. // Caller must release returned reference with PK11_FreeSlot. -// TODO(mattm): this should be if !defined(OS_CHROMEOS), but some tests need to -// be fixed first. CRYPTO_EXPORT PK11SlotInfo* GetPersistentNSSKeySlot() WARN_UNUSED_RESULT; +#endif // A helper class that acquires the SECMOD list read lock while the // AutoSECMODListReadLock is in scope. @@ -40,10 +47,19 @@ class CRYPTO_EXPORT AutoSECMODListReadLock { }; #if defined(OS_CHROMEOS) -// Returns a reference to the system-wide TPM slot. Caller must release -// returned reference with PK11_FreeSlot. +// Returns a reference to the system-wide TPM slot. Caller must release returned +// reference with PK11_FreeSlot. CRYPTO_EXPORT PK11SlotInfo* GetSystemNSSKeySlot() WARN_UNUSED_RESULT; +// Sets the test system slot. If this was called before +// InitializeTPMTokenAndSystemSlot and no system token is provided by the Chaps +// module, then this test slot will be used and the initialization continues as +// if Chaps had provided this test slot. In particular, |slot| will be exposed +// by |GetSystemNSSKeySlot| and |IsTPMTokenReady| will return true. +// This must must not be called consecutively with a |slot| != NULL. If |slot| +// is NULL, the test system slot is unset. +CRYPTO_EXPORT_PRIVATE void SetSystemKeySlotForTesting(ScopedPK11Slot slot); + // Prepare per-user NSS slot mapping. It is safe to call this function multiple // times. Returns true if the user was added, or false if it already existed. CRYPTO_EXPORT bool InitializeNSSForChromeOSUser( @@ -85,6 +101,11 @@ CRYPTO_EXPORT ScopedPK11Slot GetPublicSlotForChromeOSUser( CRYPTO_EXPORT ScopedPK11Slot GetPrivateSlotForChromeOSUser( const std::string& username_hash, const base::Callback& callback) WARN_UNUSED_RESULT; + +// Closes the NSS DB for |username_hash| that was previously opened by the +// *Initialize*ForChromeOSUser functions. +CRYPTO_EXPORT_PRIVATE void CloseChromeOSUserForTesting( + const std::string& username_hash); #endif // defined(OS_CHROMEOS) } // namespace crypto diff --git a/crypto/rsa_private_key_nss_unittest.cc b/crypto/rsa_private_key_nss_unittest.cc index f376f1586befdb..4adb9db04992e6 100644 --- a/crypto/rsa_private_key_nss_unittest.cc +++ b/crypto/rsa_private_key_nss_unittest.cc @@ -8,7 +8,7 @@ #include #include "base/memory/scoped_ptr.h" -#include "crypto/nss_util.h" +#include "crypto/scoped_test_nss_db.h" #include "testing/gtest/include/gtest/gtest.h" namespace crypto { diff --git a/crypto/scoped_test_nss_chromeos_user.cc b/crypto/scoped_test_nss_chromeos_user.cc new file mode 100644 index 00000000000000..20eadf49db8644 --- /dev/null +++ b/crypto/scoped_test_nss_chromeos_user.cc @@ -0,0 +1,37 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "crypto/scoped_test_nss_chromeos_user.h" + +#include "base/logging.h" +#include "crypto/nss_util.h" +#include "crypto/nss_util_internal.h" + +namespace crypto { + +ScopedTestNSSChromeOSUser::ScopedTestNSSChromeOSUser( + const std::string& username_hash) + : username_hash_(username_hash), constructed_successfully_(false) { + if (!temp_dir_.CreateUniqueTempDir()) + return; + // This opens a software DB in the given folder. In production code that is in + // the home folder, but for testing the temp folder is used. + constructed_successfully_ = InitializeNSSForChromeOSUser( + username_hash, username_hash, temp_dir_.path()); +} + +ScopedTestNSSChromeOSUser::~ScopedTestNSSChromeOSUser() { + if (constructed_successfully_) + CloseChromeOSUserForTesting(username_hash_); +} + +void ScopedTestNSSChromeOSUser::FinishInit() { + DCHECK(constructed_successfully_); + if (!ShouldInitializeTPMForChromeOSUser(username_hash_)) + return; + WillInitializeTPMForChromeOSUser(username_hash_); + InitializePrivateSoftwareSlotForChromeOSUser(username_hash_); +} + +} // namespace crypto diff --git a/crypto/scoped_test_nss_chromeos_user.h b/crypto/scoped_test_nss_chromeos_user.h new file mode 100644 index 00000000000000..1638517704deeb --- /dev/null +++ b/crypto/scoped_test_nss_chromeos_user.h @@ -0,0 +1,43 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CRYPTO_SCOPED_TEST_NSS_CHROMEOS_USER_H_ +#define CRYPTO_SCOPED_TEST_NSS_CHROMEOS_USER_H_ + +#include + +#include "base/files/scoped_temp_dir.h" +#include "base/macros.h" +#include "crypto/crypto_export.h" + +namespace crypto { + +// Opens a persistent NSS software database in a temporary directory for the +// user with |username_hash|. This database will be used for both the user's +// public and private slot. +class CRYPTO_EXPORT_PRIVATE ScopedTestNSSChromeOSUser { + public: + // Opens the software database and sets the public slot for the user. The + // private slot will not be initialized until FinishInit() is called. + explicit ScopedTestNSSChromeOSUser(const std::string& username_hash); + ~ScopedTestNSSChromeOSUser(); + + std::string username_hash() const { return username_hash_; } + bool constructed_successfully() const { return constructed_successfully_; } + + // Completes initialization of user. Causes any waiting private slot callbacks + // to run, see GetPrivateSlotForChromeOSUser(). + void FinishInit(); + + private: + const std::string username_hash_; + base::ScopedTempDir temp_dir_; + bool constructed_successfully_; + + DISALLOW_COPY_AND_ASSIGN(ScopedTestNSSChromeOSUser); +}; + +} // namespace crypto + +#endif // CRYPTO_SCOPED_TEST_NSS_CHROMEOS_USER_H_ diff --git a/crypto/scoped_test_nss_db.cc b/crypto/scoped_test_nss_db.cc new file mode 100644 index 00000000000000..a3ff68b8b16dd2 --- /dev/null +++ b/crypto/scoped_test_nss_db.cc @@ -0,0 +1,48 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "crypto/scoped_test_nss_db.h" + +#include "base/logging.h" +#include "base/threading/thread_restrictions.h" +#include "crypto/nss_util.h" +#include "crypto/nss_util_internal.h" + +namespace crypto { + +ScopedTestNSSDB::ScopedTestNSSDB() { + EnsureNSSInit(); + // NSS is allowed to do IO on the current thread since dispatching + // to a dedicated thread would still have the affect of blocking + // the current thread, due to NSS's internal locking requirements + base::ThreadRestrictions::ScopedAllowIO allow_io; + + if (!temp_dir_.CreateUniqueTempDir()) + return; + + const char kTestDescription[] = "Test DB"; + slot_ = OpenSoftwareNSSDB(temp_dir_.path(), kTestDescription); +} + +ScopedTestNSSDB::~ScopedTestNSSDB() { + // Don't close when NSS is < 3.15.1, because it would require an additional + // sleep for 1 second after closing the database, due to + // http://bugzil.la/875601. + if (!NSS_VersionCheck("3.15.1") || !slot_) + return; + + // NSS is allowed to do IO on the current thread since dispatching + // to a dedicated thread would still have the affect of blocking + // the current thread, due to NSS's internal locking requirements + base::ThreadRestrictions::ScopedAllowIO allow_io; + + SECStatus status = SECMOD_CloseUserDB(slot_.get()); + if (status != SECSuccess) + PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError(); + + if (!temp_dir_.Delete()) + LOG(ERROR) << "Could not delete temporary directory."; +} + +} // namespace crypto diff --git a/crypto/scoped_test_nss_db.h b/crypto/scoped_test_nss_db.h new file mode 100644 index 00000000000000..cc6996d684f0e1 --- /dev/null +++ b/crypto/scoped_test_nss_db.h @@ -0,0 +1,35 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CRYPTO_SCOPED_TEST_NSS_DB_H_ +#define CRYPTO_SCOPED_TEST_NSS_DB_H_ + +#include "base/files/scoped_temp_dir.h" +#include "base/macros.h" +#include "crypto/crypto_export.h" +#include "crypto/scoped_nss_types.h" + +namespace crypto { + +// Opens a persistent NSS database in a temporary directory. +// Prior NSS version 3.15.1, because of http://bugzil.la/875601 , the opened DB +// will not be closed automatically. +class CRYPTO_EXPORT_PRIVATE ScopedTestNSSDB { + public: + ScopedTestNSSDB(); + ~ScopedTestNSSDB(); + + bool is_open() { return slot_; } + PK11SlotInfo* slot() { return slot_.get(); } + + private: + base::ScopedTempDir temp_dir_; + ScopedPK11Slot slot_; + + DISALLOW_COPY_AND_ASSIGN(ScopedTestNSSDB); +}; + +} // namespace crypto + +#endif // CRYPTO_SCOPED_TEST_NSS_DB_H_ diff --git a/crypto/scoped_test_system_nss_key_slot.cc b/crypto/scoped_test_system_nss_key_slot.cc new file mode 100644 index 00000000000000..ee5e1dfaa274d0 --- /dev/null +++ b/crypto/scoped_test_system_nss_key_slot.cc @@ -0,0 +1,28 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "crypto/scoped_test_system_nss_key_slot.h" + +#include "crypto/nss_util_internal.h" +#include "crypto/scoped_test_nss_db.h" + +namespace crypto { + +ScopedTestSystemNSSKeySlot::ScopedTestSystemNSSKeySlot() + : test_db_(new ScopedTestNSSDB) { + if (!test_db_->is_open()) + return; + SetSystemKeySlotForTesting( + ScopedPK11Slot(PK11_ReferenceSlot(test_db_->slot()))); +} + +ScopedTestSystemNSSKeySlot::~ScopedTestSystemNSSKeySlot() { + SetSystemKeySlotForTesting(ScopedPK11Slot()); +} + +bool ScopedTestSystemNSSKeySlot::ConstructedSuccessfully() const { + return test_db_->is_open(); +} + +} // namespace crypto diff --git a/crypto/scoped_test_system_nss_key_slot.h b/crypto/scoped_test_system_nss_key_slot.h new file mode 100644 index 00000000000000..156504787f21df --- /dev/null +++ b/crypto/scoped_test_system_nss_key_slot.h @@ -0,0 +1,39 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CRYPTO_SCOPED_TEST_SYSTEM_NSS_KEY_SLOT_H_ +#define CRYPTO_SCOPED_TEST_SYSTEM_NSS_KEY_SLOT_H_ + +#include "base/macros.h" +#include "base/memory/scoped_ptr.h" +#include "crypto/crypto_export.h" + +namespace crypto { + +class ScopedTestNSSDB; + +// Opens a persistent NSS software database in a temporary directory and sets +// the test system slot to the opened database. This helper should be created in +// tests where no system token is provided by the Chaps module and before +// InitializeTPMTokenAndSystemSlot is called. Then the opened test database will +// be used and the initialization continues as if Chaps had provided this test +// database. In particular, the DB will be exposed by |GetSystemNSSKeySlot| and +// |IsTPMTokenReady| will return true. +// At most one instance of this helper must be used at a time. +class CRYPTO_EXPORT_PRIVATE ScopedTestSystemNSSKeySlot { + public: + explicit ScopedTestSystemNSSKeySlot(); + ~ScopedTestSystemNSSKeySlot(); + + bool ConstructedSuccessfully() const; + + private: + scoped_ptr test_db_; + + DISALLOW_COPY_AND_ASSIGN(ScopedTestSystemNSSKeySlot); +}; + +} // namespace crypto + +#endif // CRYPTO_SCOPED_TEST_SYSTEM_NSS_KEY_SLOT_H_ diff --git a/net/BUILD.gn b/net/BUILD.gn index 0956bfb948154a..9d36de8429ea22 100644 --- a/net/BUILD.gn +++ b/net/BUILD.gn @@ -1085,6 +1085,7 @@ test("net_unittests") { "//base/third_party/dynamic_annotations", "//crypto", "//crypto:platform", + "//crypto:test_support", "//net/base/registry_controlled_domains", "//testing/gmock", "//testing/gtest", diff --git a/net/base/keygen_handler_unittest.cc b/net/base/keygen_handler_unittest.cc index 2cb64743c8b4a7..29623302d22df0 100644 --- a/net/base/keygen_handler_unittest.cc +++ b/net/base/keygen_handler_unittest.cc @@ -19,8 +19,7 @@ #if defined(USE_NSS) #include // PR_DetachThread #include "crypto/nss_crypto_module_delegate.h" -#include "crypto/nss_util.h" -#include "crypto/nss_util_internal.h" +#include "crypto/scoped_test_nss_db.h" #endif namespace net { @@ -59,8 +58,8 @@ class KeygenHandlerTest : public ::testing::Test { #if defined(USE_NSS) handler->set_crypto_module_delegate( scoped_ptr( - new StubCryptoModuleDelegate( - crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot())))); + new StubCryptoModuleDelegate(crypto::ScopedPK11Slot( + PK11_ReferenceSlot(test_nss_db_.slot()))))); #endif return handler.Pass(); } diff --git a/net/cert/nss_cert_database_chromeos_unittest.cc b/net/cert/nss_cert_database_chromeos_unittest.cc index 324575d0b1e8d5..900edadd1f0a56 100644 --- a/net/cert/nss_cert_database_chromeos_unittest.cc +++ b/net/cert/nss_cert_database_chromeos_unittest.cc @@ -8,8 +8,8 @@ #include "base/callback.h" #include "base/message_loop/message_loop_proxy.h" #include "base/run_loop.h" -#include "crypto/nss_util.h" #include "crypto/nss_util_internal.h" +#include "crypto/scoped_test_nss_chromeos_user.h" #include "net/base/test_data_directory.h" #include "net/cert/cert_database.h" #include "net/test/cert_test_util.h" diff --git a/net/cert/nss_cert_database_unittest.cc b/net/cert/nss_cert_database_unittest.cc index 71e12646693f97..ffa61744f5c841 100644 --- a/net/cert/nss_cert_database_unittest.cc +++ b/net/cert/nss_cert_database_unittest.cc @@ -19,9 +19,8 @@ #include "base/strings/string16.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" -#include "crypto/nss_util.h" -#include "crypto/nss_util_internal.h" #include "crypto/scoped_nss_types.h" +#include "crypto/scoped_test_nss_db.h" #include "net/base/crypto_module.h" #include "net/base/net_errors.h" #include "net/base/test_data_directory.h" @@ -59,8 +58,10 @@ class CertDatabaseNSSTest : public testing::Test { virtual void SetUp() { ASSERT_TRUE(test_nssdb_.is_open()); cert_db_.reset(new NSSCertDatabase( - crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot()), - crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot()))); + crypto::ScopedPK11Slot( + PK11_ReferenceSlot(test_nssdb_.slot())) /* public slot */, + crypto::ScopedPK11Slot( + PK11_ReferenceSlot(test_nssdb_.slot())) /* private slot */)); public_module_ = cert_db_->GetPublicModule(); // Test db should be empty at start of test. @@ -99,9 +100,7 @@ class CertDatabaseNSSTest : public testing::Test { CertificateList ListCerts() { CertificateList result; - - CERTCertList* cert_list = - PK11_ListCertsInSlot(cert_db_->GetPublicSlot().get()); + CERTCertList* cert_list = PK11_ListCertsInSlot(test_nssdb_.slot()); for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); node = CERT_LIST_NEXT(node)) { diff --git a/net/cert/nss_profile_filter_chromeos_unittest.cc b/net/cert/nss_profile_filter_chromeos_unittest.cc index 60ceeb1d24f9ec..b133c33e0657ee 100644 --- a/net/cert/nss_profile_filter_chromeos_unittest.cc +++ b/net/cert/nss_profile_filter_chromeos_unittest.cc @@ -8,9 +8,9 @@ #include #include -#include "crypto/nss_util.h" #include "crypto/nss_util_internal.h" #include "crypto/scoped_nss_types.h" +#include "crypto/scoped_test_nss_chromeos_user.h" #include "net/base/test_data_directory.h" #include "net/test/cert_test_util.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/net/net.gyp b/net/net.gyp index c88ad52d282fe1..f9f55cf8ceb3d7 100644 --- a/net/net.gyp +++ b/net/net.gyp @@ -537,6 +537,7 @@ '../base/base.gyp:base_prefs_test_support', '../base/third_party/dynamic_annotations/dynamic_annotations.gyp:dynamic_annotations', '../crypto/crypto.gyp:crypto', + '../crypto/crypto.gyp:crypto_test_support', '../testing/gmock.gyp:gmock', '../testing/gtest.gyp:gtest', '../third_party/zlib/zlib.gyp:zlib', diff --git a/net/ssl/client_cert_store_chromeos_unittest.cc b/net/ssl/client_cert_store_chromeos_unittest.cc index 4a6a6c35eca3bc..3bd6d60718a736 100644 --- a/net/ssl/client_cert_store_chromeos_unittest.cc +++ b/net/ssl/client_cert_store_chromeos_unittest.cc @@ -13,6 +13,7 @@ #include "crypto/nss_util.h" #include "crypto/nss_util_internal.h" #include "crypto/rsa_private_key.h" +#include "crypto/scoped_test_nss_chromeos_user.h" #include "net/base/test_data_directory.h" #include "net/cert/cert_type.h" #include "net/cert/x509_certificate.h"