NSS: PKCS 11 password prompt.

base/crypto/pk11_blocking_password_delegate.h

Index: base/crypto/pk11_blocking_password_delegate.h
diff --git a/base/crypto/pk11_blocking_password_delegate.h b/base/crypto/pk11_blocking_password_delegate.h
new file mode 100644
index 0000000000000000000000000000000000000000..f4f3b75f44fe296ec65a81571ef54b23369506da
--- /dev/null
+++ b/base/crypto/pk11_blocking_password_delegate.h
@@ -0,0 +1,33 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_CRYPTO_PK11_BLOCKING_PASSWORD_DELEGATE_H_
+#define BASE_CRYPTO_PK11_BLOCKING_PASSWORD_DELEGATE_H_
+#pragma once
+
+#include <string>
+
+namespace base {
+
+// PK11_SetPasswordFunc is a global setting.  An implementation of
+// PK11BlockingPasswordDelegate should be passed as the user data argument
+// (|wincx|) to relevant NSS functions, which the global password handler will
+// call to do the actual work.
+class PK11BlockingPasswordDelegate {
+ public:
+  virtual ~PK11BlockingPasswordDelegate() {}
+
+  // Requests a password to unlock |slot|. The interface is

[wtc, 2010/12/15 20:54:36]

Typo: |slot| => |slot_name|
      |retry| is PR_TRUE => |retry| is true

[mattm, 2011/01/12 01:22:07]

Done.

+  // synchronous because NSS cannot issue an asynchronous
+  // request. |retry| is PR_TRUE if this is a request for the retry
+  // and we previously returned the wrong password.
+  // Caller should set |cancelled| to true if the user cancelled instead of

[wtc, 2010/12/15 20:54:36]

I think "Caller" should be changed to "An implementation of
this interface".

|cancelled| => |*cancelled|

[mattm, 2011/01/12 01:22:07]

Done.

+  // entering a password.
+  virtual std::string RequestPassword(const std::string& slot_name, bool retry,
+                                      bool* cancelled) = 0;
+};
+
+}
+
+#endif  // BASE_CRYPTO_PK11_BLOCKING_PASSWORD_DELEGATE_H_