Finish trimming unnecessary state from non-CrOS NSSInitSingleton

The EnsureNSSInit portions of NSSInitSingleton are now completely stateless and thus have no intersection with the CrOS-specific profile bits. (Except that the CrOS-specific profile bits require NSS to be initialized, but they can just call EnsureNSSInit() like anyone else.) We can split them up entirely now. Bug: 125848 Change-Id: I6c3b32503da763272263ee84bbdb076b7826c81d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1857045 Reviewed-by: Matt Mueller <mattm@chromium.org> Commit-Queue: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#705430}
marcosholgado · Oct 13, 2019 · e838004 · e838004
1 parent c42e3f7
commit e838004
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 45 deletions.
diff --git a/chrome/browser/net/nss_context_linux.cc b/chrome/browser/net/nss_context_linux.cc
@@ -5,7 +5,7 @@
 #include "chrome/browser/net/nss_context.h"
 
 #include "content/public/browser/browser_thread.h"
-#include "crypto/nss_util_internal.h"
+#include "crypto/nss_util.h"
 #include "net/cert/nss_cert_database.h"
 
 namespace {
@@ -22,11 +22,10 @@ net::NSSCertDatabase* GetNSSCertDatabaseForResourceContext(
     // Linux has only a single persistent slot compared to ChromeOS's separate
     // public and private slot.
     // Redirect any slot usage to this persistent slot on Linux.
+    crypto::EnsureNSSInit();
     g_nss_cert_database = new net::NSSCertDatabase(
-        crypto::ScopedPK11Slot(
-            crypto::GetPersistentNSSKeySlot()) /* public slot */,
-        crypto::ScopedPK11Slot(
-            crypto::GetPersistentNSSKeySlot()) /* private slot */);
+        crypto::ScopedPK11Slot(PK11_GetInternalKeySlot()) /* public slot */,
+        crypto::ScopedPK11Slot(PK11_GetInternalKeySlot()) /* private slot */);
   }
   return g_nss_cert_database;
 }
diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc
@@ -601,21 +601,7 @@ class NSSInitSingleton {
     DCHECK(!slot || !prepared_test_private_slot_);
     prepared_test_private_slot_ = std::move(slot);
   }
-#endif  // defined(OS_CHROMEOS)
-
-#if !defined(OS_CHROMEOS)
-  PK11SlotInfo* GetPersistentNSSKeySlot() {
-    // TODO(mattm): Change to DCHECK when callers have been fixed.
-    if (!thread_checker_.CalledOnValidThread()) {
-      DVLOG(1) << "Called on wrong thread.\n"
-               << base::debug::StackTrace().ToString();
-    }
-
-    return PK11_GetInternalKeySlot();
-  }
-#endif
 
-#if defined(OS_CHROMEOS)
   void GetSystemNSSKeySlotCallback(
       base::OnceCallback<void(ScopedPK11Slot)> callback) {
     std::move(callback).Run(
@@ -710,7 +696,11 @@ class NSSInitSingleton {
       PK11_FreeSlot(slot);
     }
 
-    root_ = InitDefaultRootCerts();
+    // Load nss's built-in root certs.
+    //
+    // TODO(mattm): DCHECK this succeeded when crbug.com/310972 is fixed.
+    // Failing to load root certs will it hard to talk to anybody via https.
+    LoadModule("Root Certs", "libnssckbi.so", nullptr);
 
     // Disable MD5 certificate signatures. (They are disabled by default in
     // NSS 3.14.)
@@ -724,18 +714,6 @@ class NSSInitSingleton {
   // shut down.
   ~NSSInitSingleton() = delete;
 
-  // Load nss's built-in root certs.
-  SECMODModule* InitDefaultRootCerts() {
-    SECMODModule* root = LoadModule("Root Certs", "libnssckbi.so", nullptr);
-    if (root)
-      return root;
-
-    // Aw, snap.  Can't find/load root cert shared library.
-    // This will make it hard to talk to anybody via https.
-    // TODO(mattm): Re-add the NOTREACHED here when crbug.com/310972 is fixed.
-    return nullptr;
-  }
-
   // Load the given module for this NSS session.
   static SECMODModule* LoadModule(const char* name,
                                   const char* library_path,
@@ -764,7 +742,6 @@ class NSSInitSingleton {
     return module;
   }
 
-  SECMODModule* root_ = nullptr;
 #if defined(OS_CHROMEOS)
   bool tpm_token_enabled_for_nss_ = false;
   bool initializing_tpm_token_ = false;
@@ -912,10 +889,4 @@ PRTime BaseTimeToPRTime(base::Time time) {
   return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue();
 }
 
-#if !defined(OS_CHROMEOS)
-PK11SlotInfo* GetPersistentNSSKeySlot() {
-  return g_nss_singleton.Get().GetPersistentNSSKeySlot();
-}
-#endif
-
 }  // namespace crypto
diff --git a/crypto/nss_util_internal.h b/crypto/nss_util_internal.h
@@ -30,12 +30,6 @@ namespace crypto {
 CRYPTO_EXPORT ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path,
                                                const std::string& description);
 
-#if !defined(OS_CHROMEOS)
-// Returns a reference to the default NSS key slot for storing persistent data.
-// Caller must release returned reference with PK11_FreeSlot.
-CRYPTO_EXPORT PK11SlotInfo* GetPersistentNSSKeySlot() WARN_UNUSED_RESULT;
-#endif
-
 // A helper class that acquires the SECMOD list read lock while the
 // AutoSECMODListReadLock is in scope.
 class CRYPTO_EXPORT AutoSECMODListReadLock {