Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / connectivity / shill / 2e38263961190298d7198058ed91649dee106257 / . / nss.cc
blob: 9b3783b63e47c106717ab9c2cfe6adaf6bf6b5d1 [file] [log] [blame]
Darin Petkov3c5e4dc2012-04-02 14:44:27 +0200[diff] [blame]1// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "shill/nss.h"
6
Darin Petkov3c5e4dc2012-04-02 14:44:27 +0200[diff] [blame]7#include <base/string_number_conversions.h>
8#include <base/string_util.h>
9#include <base/stringprintf.h>
10
Christopher Wileyb691efd2012-08-09 13:51:51 -0700[diff] [blame]11#include "shill/logging.h"
Jorge Lucangeli Obesccd5c852012-12-19 18:08:40 -0800[diff] [blame]12#include "shill/minijail.h"
Darin Petkov3c5e4dc2012-04-02 14:44:27 +0200[diff] [blame]13
Albert Chaulk0e1cdea2013-02-27 15:32:55 -0800[diff] [blame]14using base::FilePath;
Darin Petkov3c5e4dc2012-04-02 14:44:27 +0200[diff] [blame]15using base::HexEncode;
16using base::StringPrintf;
17using std::string;
18using std::vector;
19
20namespace shill {
21
22namespace {
Jorge Lucangeli Obesccd5c852012-12-19 18:08:40 -0800[diff] [blame]23
Ben Chanbbdef5f2012-04-23 13:58:15 -0700[diff] [blame]24base::LazyInstance<NSS> g_nss = LAZY_INSTANCE_INITIALIZER;
Darin Petkov3c5e4dc2012-04-02 14:44:27 +0200[diff] [blame]25const char kCertfileBasename[] = "/tmp/nss-cert.";
Jorge Lucangeli Obesccd5c852012-12-19 18:08:40 -0800[diff] [blame]26const char kNSSGetCert[] = SHIMDIR "/nss-get-cert";
27const char kNSSGetCertUser[] = "chronos";
28
Darin Petkov3c5e4dc2012-04-02 14:44:27 +0200[diff] [blame]29} // namespace
30
Darin Petkov3c5e4dc2012-04-02 14:44:27 +0200[diff] [blame]31NSS::NSS()
Jorge Lucangeli Obesccd5c852012-12-19 18:08:40 -0800[diff] [blame]32 : minijail_(Minijail::GetInstance()) {
Ben Chanfad4a0b2012-04-18 15:49:59 -0700[diff] [blame]33 SLOG(Crypto, 2) << __func__;
Darin Petkov3c5e4dc2012-04-02 14:44:27 +0200[diff] [blame]34}
35
36NSS::~NSS() {
Ben Chanfad4a0b2012-04-18 15:49:59 -0700[diff] [blame]37 SLOG(Crypto, 2) << __func__;
Darin Petkov3c5e4dc2012-04-02 14:44:27 +0200[diff] [blame]38}
39
40// static
41NSS *NSS::GetInstance() {
42 return g_nss.Pointer();
43}
44
Darin Petkov3c5e4dc2012-04-02 14:44:27 +0200[diff] [blame]45FilePath NSS::GetPEMCertfile(const string &nickname, const vector<char> &id) {
46 return GetCertfile(nickname, id, "pem");
47}
48
49FilePath NSS::GetDERCertfile(const string &nickname, const vector<char> &id) {
50 return GetCertfile(nickname, id, "der");
51}
52
53FilePath NSS::GetCertfile(
54 const string &nickname, const vector<char> &id, const string &type) {
Darin Petkov3c5e4dc2012-04-02 14:44:27 +0200[diff] [blame]55 string filename =
56 kCertfileBasename + StringToLowerASCII(HexEncode(&id[0], id.size()));
Jorge Lucangeli Obesccd5c852012-12-19 18:08:40 -0800[diff] [blame]57 vector<char *> args;
58 args.push_back(const_cast<char *>(kNSSGetCert));
59 args.push_back(const_cast<char *>(nickname.c_str()));
60 args.push_back(const_cast<char *>(type.c_str()));
61 args.push_back(const_cast<char *>(filename.c_str()));
62 args.push_back(NULL);
63
64 struct minijail *jail = minijail_->New();
65 minijail_->DropRoot(jail, kNSSGetCertUser);
66
67 int status;
68 if (!minijail_->RunSyncAndDestroy(jail, args, &status)) {
69 LOG(ERROR) << "Unable to spawn " << kNSSGetCert << " in a jail.";
Darin Petkov3c5e4dc2012-04-02 14:44:27 +0200[diff] [blame]70 return FilePath();
71 }
Jorge Lucangeli Obesccd5c852012-12-19 18:08:40 -0800[diff] [blame]72
Darin Petkov3c5e4dc2012-04-02 14:44:27 +0200[diff] [blame]73 if (!WIFEXITED(status) || WEXITSTATUS(status)) {
Jorge Lucangeli Obesccd5c852012-12-19 18:08:40 -0800[diff] [blame]74 LOG(ERROR) << kNSSGetCert << " failed with status " << status;
Darin Petkov3c5e4dc2012-04-02 14:44:27 +0200[diff] [blame]75 return FilePath();
76 }
Jorge Lucangeli Obesccd5c852012-12-19 18:08:40 -0800[diff] [blame]77
Darin Petkov3c5e4dc2012-04-02 14:44:27 +0200[diff] [blame]78 return FilePath(filename);
79}
80
81} // namespace shill