Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / net / nss_context_linux.cc
blob8e617157251ffcfc415b4294a24ef8e12a8c3569
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/net/nss_context.h"
7 #include "content/public/browser/browser_thread.h"
8 #include "crypto/nss_util_internal.h"
9 #include "net/cert/nss_cert_database.h"
11 namespace {
12 net::NSSCertDatabase* g_nss_cert_database = NULL;
13 } // namespace
15 crypto::ScopedPK11Slot GetPublicNSSKeySlotForResourceContext(
16 content::ResourceContext* context) {
17 DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
18 return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot());
21 crypto::ScopedPK11Slot GetPrivateNSSKeySlotForResourceContext(
22 content::ResourceContext* context,
23 const base::Callback<void(crypto::ScopedPK11Slot)>& callback) {
24 DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
25 return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot());
28 net::NSSCertDatabase* GetNSSCertDatabaseForResourceContext(
29 content::ResourceContext* context,
30 const base::Callback<void(net::NSSCertDatabase*)>& callback) {
31 // This initialization is not thread safe. This CHECK ensures that this code
32 // is only run on a single thread.
33 CHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
34 if (!g_nss_cert_database) {
35 // Linux has only a single persistent slot compared to ChromeOS's separate
36 // public and private slot.
37 // Redirect any slot usage to this persistent slot on Linux.
38 g_nss_cert_database = new net::NSSCertDatabase(
39 crypto::ScopedPK11Slot(
40 crypto::GetPersistentNSSKeySlot()) /* public slot */,
41 crypto::ScopedPK11Slot(
42 crypto::GetPersistentNSSKeySlot()) /* private slot */);
44 return g_nss_cert_database;