Darin Petkov | 3c5e4dc | 2012-04-02 14:44:27 +0200 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "shill/nss.h" |
| 6 | |
| 7 | #include <base/logging.h> |
| 8 | #include <base/string_number_conversions.h> |
| 9 | #include <base/string_util.h> |
| 10 | #include <base/stringprintf.h> |
| 11 | |
| 12 | #include "shill/glib.h" |
| 13 | |
| 14 | using base::HexEncode; |
| 15 | using base::StringPrintf; |
| 16 | using std::string; |
| 17 | using std::vector; |
| 18 | |
| 19 | namespace shill { |
| 20 | |
| 21 | namespace { |
| 22 | const char kCertfileBasename[] = "/tmp/nss-cert."; |
| 23 | const char kNSSGetCertScript[] = SCRIPTDIR "/nss-get-cert"; |
| 24 | } // namespace |
| 25 | |
| 26 | // TODO(ers): not using LAZY_INSTANCE_INITIALIZER |
| 27 | // because of http://crbug.com/114828 |
| 28 | static base::LazyInstance<NSS> g_nss = { 0, {{0}} }; |
| 29 | |
| 30 | NSS::NSS() |
| 31 | : glib_(NULL) { |
| 32 | VLOG(2) << __func__; |
| 33 | } |
| 34 | |
| 35 | NSS::~NSS() { |
| 36 | VLOG(2) << __func__; |
| 37 | } |
| 38 | |
| 39 | // static |
| 40 | NSS *NSS::GetInstance() { |
| 41 | return g_nss.Pointer(); |
| 42 | } |
| 43 | |
| 44 | void NSS::Init(GLib *glib) { |
| 45 | glib_ = glib; |
| 46 | } |
| 47 | |
| 48 | FilePath NSS::GetPEMCertfile(const string &nickname, const vector<char> &id) { |
| 49 | return GetCertfile(nickname, id, "pem"); |
| 50 | } |
| 51 | |
| 52 | FilePath NSS::GetDERCertfile(const string &nickname, const vector<char> &id) { |
| 53 | return GetCertfile(nickname, id, "der"); |
| 54 | } |
| 55 | |
| 56 | FilePath NSS::GetCertfile( |
| 57 | const string &nickname, const vector<char> &id, const string &type) { |
| 58 | CHECK(glib_); |
| 59 | string filename = |
| 60 | kCertfileBasename + StringToLowerASCII(HexEncode(&id[0], id.size())); |
| 61 | char *argv[] = { |
| 62 | const_cast<char *>(kNSSGetCertScript), |
| 63 | const_cast<char *>(nickname.c_str()), |
| 64 | const_cast<char *>(type.c_str()), |
| 65 | const_cast<char *>(filename.c_str()), |
| 66 | NULL |
| 67 | }; |
Darin Petkov | e2c3d11 | 2012-04-17 12:20:15 +0200 | [diff] [blame] | 68 | char *envp[1] = { NULL }; |
Darin Petkov | 3c5e4dc | 2012-04-02 14:44:27 +0200 | [diff] [blame] | 69 | int status = 0; |
| 70 | GError *error = NULL; |
| 71 | if (!glib_->SpawnSync(NULL, |
| 72 | argv, |
Darin Petkov | e2c3d11 | 2012-04-17 12:20:15 +0200 | [diff] [blame] | 73 | envp, |
Darin Petkov | 3c5e4dc | 2012-04-02 14:44:27 +0200 | [diff] [blame] | 74 | static_cast<GSpawnFlags>(0), |
| 75 | NULL, |
| 76 | NULL, |
| 77 | NULL, |
| 78 | NULL, |
| 79 | &status, |
| 80 | &error)) { |
| 81 | LOG(ERROR) << "nss-get-cert failed: " |
| 82 | << glib_->ConvertErrorToMessage(error); |
| 83 | return FilePath(); |
| 84 | } |
| 85 | if (!WIFEXITED(status) || WEXITSTATUS(status)) { |
| 86 | LOG(ERROR) << "nss-get-cert failed, status=" << status; |
| 87 | return FilePath(); |
| 88 | } |
| 89 | return FilePath(filename); |
| 90 | } |
| 91 | |
| 92 | } // namespace shill |