// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "crypto/scoped_test_nss_db.h"
#include <cert.h>
#include "base/logging.h"
#include "base/threading/thread_restrictions.h"
#include "crypto/nss_util.h"
#include "crypto/nss_util_internal.h"
namespace crypto {
ScopedTestNSSDB::ScopedTestNSSDB() {
EnsureNSSInit();
// NSS is allowed to do IO on the current thread since dispatching
// to a dedicated thread would still have the affect of blocking
// the current thread, due to NSS's internal locking requirements
base::ScopedAllowBlockingForTesting allow_blocking;
if (!temp_dir_.CreateUniqueTempDir())
return;
const char kTestDescription[] = "Test DB";
slot_ = OpenSoftwareNSSDB(temp_dir_.GetPath(), kTestDescription);
}
ScopedTestNSSDB::~ScopedTestNSSDB() {
// Remove trust from any certs in the test DB before closing it. Otherwise NSS
// may cache verification results even after the test DB is gone.
if (slot_) {
CERTCertList* cert_list = PK11_ListCertsInSlot(slot_.get());
for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
!CERT_LIST_END(node, cert_list);
node = CERT_LIST_NEXT(node)) {
CERTCertTrust trust = {0};
if (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), node->cert, &trust) !=
SECSuccess) {
LOG(ERROR) << "CERT_ChangeCertTrust failed: " << PORT_GetError();
}
}
CERT_DestroyCertList(cert_list);
}
// NSS is allowed to do IO on the current thread since dispatching
// to a dedicated thread would still have the affect of blocking
// the current thread, due to NSS's internal locking requirements
base::ScopedAllowBlockingForTesting allow_blocking;
if (slot_) {
SECStatus status = SECMOD_CloseUserDB(slot_.get());
if (status != SECSuccess)
PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError();
}
if (!temp_dir_.Delete())
LOG(ERROR) << "Could not delete temporary directory.";
}
} // namespace crypto