Bug 891066, Part 7: Give CertVerifier its own NSPR logging module, r=cviecco

--HG-- extra : rebase_source : a6b38c4026fe70c9789cbe4830df57c943382f5b extra : source : 591daff856840016c979ed9b4fdbed4ed68f22a6
2013-07-10 23:47:09 -07:00 · 2013-07-10 23:47:09 -07:00 · 12a2ffda37
--- a/security/certverifier/CertVerifier.cpp
+++ b/security/certverifier/CertVerifier.cpp
@ -21,8 +21,8 @@
 using namespace insanity::pkix;
 using namespace mozilla::psm;

-#ifdef PR_LOGGING
-extern PRLogModuleInfo* gPIPNSSLog;
+#ifdef MOZ_LOGGING
+static PRLogModuleInfo* gCertVerifierLog = nullptr;
 #endif

 namespace mozilla { namespace psm {
@ -49,6 +49,16 @@ CertVerifier::~CertVerifier()
 {
 }

+void
+InitCertVerifierLog()
+{
+#ifdef MOZ_LOGGING
+  if (!gCertVerifierLog) {
+    gCertVerifierLog = PR_NewLogModule("certverifier");
+  }
+#endif
+}
+
 static SECStatus
 ClassicVerifyCert(CERTCertificate* cert,
                  const SECCertificateUsage usage,
@ -113,7 +123,7 @@ ClassicVerifyCert(CERTCertificate* cert,
                                usage, time, pinArg, verifyLog, nullptr);
  }
  if (rv == SECSuccess && validationChain) {
-    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("VerifyCert: getting chain in 'classic' \n"));
+    PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert: getting chain in 'classic' \n"));
    *validationChain = CERT_GetCertChainFromCert(cert, time, enumUsage);
    if (!*validationChain) {
      rv = SECFailure;
@ -215,7 +225,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert,
     ++i;
  }
  if (validationChain) {
-    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("VerifyCert: setting up validation chain outparam.\n"));
+    PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert: setting up validation chain outparam.\n"));
    validationChainLocation = i;
    cvout[i].type = cert_po_certList;
    cvout[i].value.pointer.chain = nullptr;
@ -304,11 +314,11 @@ CertVerifier::VerifyCert(CERTCertificate* cert,
      if (evOidPolicy) {
        *evOidPolicy = evPolicy;
      }
-      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
+      PR_LOG(gCertVerifierLog, PR_LOG_DEBUG,
             ("VerifyCert: successful CERT_PKIXVerifyCert(ev) \n"));
      goto pkix_done;
    }
-    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
+    PR_LOG(gCertVerifierLog, PR_LOG_DEBUG,
           ("VerifyCert: failed CERT_PKIXVerifyCert(ev)\n"));

    if (validationChain) {
@ -414,12 +424,12 @@ CertVerifier::VerifyCert(CERTCertificate* cert,
  // Skip EV parameters
  cvin[evParamLocation].type = cert_pi_end;

-  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("VerifyCert: calling CERT_PKIXVerifyCert(dv) \n"));
+  PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert: calling CERT_PKIXVerifyCert(dv) \n"));
  rv = CERT_PKIXVerifyCert(cert, usage, cvin, cvout, pinArg);

 pkix_done:
  if (validationChain) {
-    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("VerifyCert: validation chain requested\n"));
+    PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert: validation chain requested\n"));
    ScopedCERTCertificate trustAnchor(cvout[validationTrustAnchorLocation].value.pointer.cert);

    if (rv == SECSuccess) {
@ -427,14 +437,14 @@ pkix_done:
        PR_SetError(PR_UNKNOWN_ERROR, 0);
        return SECFailure;
      }
-      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("VerifyCert: I have a chain\n"));
+      PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert: I have a chain\n"));
      *validationChain = cvout[validationChainLocation].value.pointer.chain;
      if (trustAnchor) {
        // we should only add the issuer to the chain if it is not already
        // present. On CA cert checking, the issuer is the same cert, so in
        // that case we do not add the cert to the chain.
        if (!CERT_CompareCerts(trustAnchor.get(), cert)) {
-          PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("VerifyCert:  adding issuer to tail for display\n"));
+          PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert:  adding issuer to tail for display\n"));
          // note: rv is reused to catch errors on cert creation!
          ScopedCERTCertificate tempCert(CERT_DupCertificate(trustAnchor.get()));
          rv = CERT_AddCertToListTail(validationChain->get(), tempCert.get());
--- a/security/certverifier/CertVerifier.h
+++ b/security/certverifier/CertVerifier.h
@ -71,6 +71,7 @@ public:
  const bool mOCSPGETEnabled;
 };

+void InitCertVerifierLog();
 } } // namespace mozilla::psm

 #endif // mozilla_psm__CertVerifier_h
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@ -1128,6 +1128,8 @@ nsNSSComponent::InitializeNSS()

    ConfigureInternalPKCS11Token();

+    InitCertVerifierLog();
+
    SECStatus init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false);
    if (init_rv != SECSuccess) {
      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));