From 8d9e4345207013c55a8719995ec4ad4e9be466f2 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Sat, 1 Jun 2019 16:01:09 +0100
Subject: [PATCH] truststore_nss: support multiple NSS databases

This adds support for Snap's Chromium, and and CentOS 7.

Fixes #116
Fixes #120
Closes #121
---
 truststore_nss.go | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/truststore_nss.go b/truststore_nss.go
index 5397afa9..8772e0e1 100644
--- a/truststore_nss.go
+++ b/truststore_nss.go
@@ -17,17 +17,26 @@ var (
 	hasNSS       bool
 	hasCertutil  bool
 	certutilPath string
-	nssDB        = filepath.Join(os.Getenv("HOME"), ".pki/nssdb")
-)
-
-func init() {
-	for _, path := range []string{
-		"/usr/bin/firefox", nssDB, "/Applications/Firefox.app",
+	nssDBs       = []string{
+		filepath.Join(os.Getenv("HOME"), ".pki/nssdb"),
+		filepath.Join(os.Getenv("HOME"), "snap/chromium/current/.pki/nssdb"), // Snapcraft
+		"/etc/pki/nssdb", // CentOS 7
+	}
+	firefoxPaths = []string{
+		"/usr/bin/firefox", "/Applications/Firefox.app",
 		"/Applications/Firefox Developer Edition.app",
 		"/Applications/Firefox Nightly.app",
 		"C:\\Program Files\\Mozilla Firefox",
-	} {
-		hasNSS = hasNSS || pathExists(path)
+	}
+)
+
+func init() {
+	allPaths := append(append([]string{}, nssDBs...), firefoxPaths...)
+	for _, path := range allPaths {
+		if pathExists(path) {
+			hasNSS = true
+			break
+		}
 	}
 
 	switch runtime.GOOS {
@@ -96,12 +105,7 @@ func (m *mkcert) uninstallNSS() {
 
 func (m *mkcert) forEachNSSProfile(f func(profile string)) (found int) {
 	profiles, _ := filepath.Glob(FirefoxProfile)
-	if pathExists(nssDB) {
-		profiles = append(profiles, nssDB)
-	}
-	if len(profiles) == 0 {
-		return
-	}
+	profiles = append(profiles, nssDBs...)
 	for _, profile := range profiles {
 		if stat, err := os.Stat(profile); err != nil || !stat.IsDir() {
 			continue