NSS: PKCS 11 password prompt.

chrome/browser/ui/pk11_password_dialog.h

Index: chrome/browser/ui/pk11_password_dialog.h
diff --git a/chrome/browser/ui/pk11_password_dialog.h b/chrome/browser/ui/pk11_password_dialog.h
new file mode 100644
index 0000000000000000000000000000000000000000..46f6cd11e86d4c91545add1f75ed9e87b921ac9a
--- /dev/null
+++ b/chrome/browser/ui/pk11_password_dialog.h
@@ -0,0 +1,69 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_UI_PK11_PASSWORD_DIALOG_H_
+#define CHROME_BROWSER_UI_PK11_PASSWORD_DIALOG_H_
+#pragma once
+
+#include <string>
+
+#include "base/callback.h"
+
+namespace base {
+class PK11BlockingPasswordDelegate;
+}
+
+namespace net {
+class X509Certificate;
+class PK11Slot;
+}
+
+namespace browser {
+
+// An enum to describe the reason for the password request.
+enum PK11PasswordReason {
+  kPK11PasswordKeygen,
+  kPK11PasswordCertEnrollment,
+  kPK11PasswordClientAuth,
+  kPK11PasswordCertImport,
+  kPK11PasswordCertExport,
+};
+
+typedef Callback1<const char*>::Type PK11PasswordCallback;
+
+// Display a dialog, prompting the user to authenticate to unlock
+// |slot|. |reason| describes the purpose of the authentication and
+// affects the message displayed in the dialog. |url| is the address
+// of the page which requested the access.
+void ShowPK11PasswordDialog(const std::string& slot_name,
+                            bool retry,
+                            PK11PasswordReason reason,
+                            const std::string& host,

[wtc, 2010/12/15 20:54:36]

You can avoid the issue of whether this string can contain
a port by naming this parameter |server| or |server_name|.

[mattm, 2011/01/12 01:22:07]

Done.

+                            PK11PasswordCallback* callback);
+
+// Returns a PK11BlockingPasswordDelegate to open a dialog and block
+// until returning. Should only be used on a worker thread.
+base::PK11BlockingPasswordDelegate* NewPK11BlockingDialogDelegate(
+    PK11PasswordReason reason,
+    const std::string& host);
+
+// Asynchronously unlock |slot|, if necessary.  |callback| is called when done
+// (regardless if slot was successfully unlocked or not).  Should only be called
+// on UI thread.
+void UnlockSlotIfNecessary(net::PK11Slot* slot,
+                           browser::PK11PasswordReason reason,
+                           const std::string& host,
+                           Callback0::Type* callback);
+
+// Asynchronously unlock the |cert|'s slot, if necessary.  |callback| is called
+// when done (regardless if slot was successfully unlocked or not).  Should only
+// be called on UI thread.
+void UnlockCertSlotIfNecessary(net::X509Certificate* cert,
+                               browser::PK11PasswordReason reason,
+                               const std::string& host,
+                               Callback0::Type* callback);
+
+}  // namespace browser
+
+#endif  // CHROME_BROWSER_UI_PK11_PASSWORD_DIALOG_H_