1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/net/nss_context.h"
7 #include "content/public/browser/browser_thread.h"
8 #include "crypto/nss_util_internal.h"
9 #include "net/cert/nss_cert_database.h"
12 net::NSSCertDatabase
* g_nss_cert_database
= NULL
;
15 crypto::ScopedPK11Slot
GetPublicNSSKeySlotForResourceContext(
16 content::ResourceContext
* context
) {
17 DCHECK_CURRENTLY_ON(content::BrowserThread::IO
);
18 return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot());
21 crypto::ScopedPK11Slot
GetPrivateNSSKeySlotForResourceContext(
22 content::ResourceContext
* context
,
23 const base::Callback
<void(crypto::ScopedPK11Slot
)>& callback
) {
24 DCHECK_CURRENTLY_ON(content::BrowserThread::IO
);
25 return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot());
28 net::NSSCertDatabase
* GetNSSCertDatabaseForResourceContext(
29 content::ResourceContext
* context
,
30 const base::Callback
<void(net::NSSCertDatabase
*)>& callback
) {
31 // This initialization is not thread safe. This CHECK ensures that this code
32 // is only run on a single thread.
33 CHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO
));
34 if (!g_nss_cert_database
) {
35 // Linux has only a single persistent slot compared to ChromeOS's separate
36 // public and private slot.
37 // Redirect any slot usage to this persistent slot on Linux.
38 g_nss_cert_database
= new net::NSSCertDatabase(
39 crypto::ScopedPK11Slot(
40 crypto::GetPersistentNSSKeySlot()) /* public slot */,
41 crypto::ScopedPK11Slot(
42 crypto::GetPersistentNSSKeySlot()) /* private slot */);
44 return g_nss_cert_database
;
