Move the NSS functions out of CertDatabase into a new NSSCertDatabase class.

chrome/browser/chromeos/cros/onc_network_parser.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/cros/onc_network_parser.h"
 
 #include <keyhi.h>
 #include <pk11pub.h>
 
 #include "base/base64.h"
@@ skipping 10 matching lines @@
 #include "chrome/browser/chromeos/cros/onc_constants.h"
 #include "chrome/browser/chromeos/proxy_config_service_impl.h"
 #include "chrome/browser/prefs/proxy_config_dictionary.h"
 #include "chrome/common/net/x509_certificate_model.h"
 #include "content/public/browser/browser_thread.h"
 #include "crypto/encryptor.h"
 #include "crypto/hmac.h"
 #include "crypto/scoped_nss_types.h"
 #include "crypto/symmetric_key.h"
 #include "grit/generated_resources.h"
-#include "net/base/cert_database.h"
 #include "net/base/crypto_module.h"
 #include "net/base/net_errors.h"
+#include "net/base/nss_cert_database.h"
 #include "net/base/pem_tokenizer.h"
 #include "net/base/x509_certificate.h"
 #include "net/proxy/proxy_bypass_rules.h"
 #include "third_party/cros_system_api/dbus/service_constants.h"
 #include "ui/base/l10n/l10n_util.h"
 
 namespace chromeos {
 
 // Local constants.
 namespace {
@@ skipping 474 matching lines @@
     LOG(WARNING) << "ONC File: certificate missing identifier at index"
                  << cert_index;
     parse_error_ = l10n_util::GetStringUTF8(
         IDS_NETWORK_CONFIG_ERROR_CERT_GUID_MISSING);
     return NULL;
   }
 
   if (!certificate->GetBoolean("Remove", &remove))
     remove = false;
 
-  net::CertDatabase cert_database;
+  net::NSSCertDatabase cert_database;
   if (remove) {
     if (!DeleteCertAndKeyByNickname(guid)) {
       parse_error_ = l10n_util::GetStringUTF8(
           IDS_NETWORK_CONFIG_ERROR_CERT_DELETE);
     }
     return NULL;
   }
 
   // Not removing, so let's get the data we need to add this certificate.
   std::string cert_type;
@@ skipping 276 matching lines @@
   }
   return true;
 }
 
 scoped_refptr<net::X509Certificate>
 OncNetworkParser::ParseServerOrCaCertificate(
     int cert_index,
     const std::string& cert_type,
     const std::string& guid,
     base::DictionaryValue* certificate) {
-  net::CertDatabase cert_database;
+  net::NSSCertDatabase cert_database;
   bool web_trust = false;
   base::ListValue* trust_list = NULL;
   if (certificate->GetList("Trust", &trust_list)) {
     for (size_t i = 0; i < trust_list->GetSize(); ++i) {
       std::string trust_type;
       if (!trust_list->GetString(i, &trust_type)) {
         LOG(WARNING) << "ONC File: certificate trust is invalid at index "
                      << cert_index;
         parse_error_ = l10n_util::GetStringUTF8(
             IDS_NETWORK_CONFIG_ERROR_CERT_TRUST_INVALID);
@@ skipping 108 matching lines @@
   ListCertsWithNickname(guid, &certs);
   if (!certs.empty()) {
     LOG(WARNING) << "Cert GUID is already in use: " << guid;
     parse_error_ = l10n_util::GetStringUTF8(
         IDS_NETWORK_CONFIG_ERROR_CERT_GUID_COLLISION);
     return NULL;
   }
 
   net::CertificateList cert_list;
   cert_list.push_back(x509_cert);
-  net::CertDatabase::ImportCertFailureList failures;
+  net::NSSCertDatabase::ImportCertFailureList failures;
   bool success = false;
-  net::CertDatabase::TrustBits trust = web_trust ?
-                                       net::CertDatabase::TRUSTED_SSL :
-                                       net::CertDatabase::TRUST_DEFAULT;
+  net::NSSCertDatabase::TrustBits trust = web_trust ?
+                                          net::NSSCertDatabase::TRUSTED_SSL :
+                                          net::NSSCertDatabase::TRUST_DEFAULT;
   if (cert_type == "Server") {
     success = cert_database.ImportServerCert(cert_list, trust, &failures);
   } else {  // Authority cert
     success = cert_database.ImportCACerts(cert_list, trust, &failures);
   }
   if (!failures.empty()) {
     LOG(WARNING) << "ONC File: Error ("
                  << net::ErrorToString(failures[0].net_error)
                  << ") importing " << cert_type << " certificate at index "
                  << cert_index;
@@ skipping 11 matching lines @@
   VLOG(2) << "Successfully imported server/ca certificate at index "
           << cert_index;
 
   return x509_cert;
 }
 
 scoped_refptr<net::X509Certificate> OncNetworkParser::ParseClientCertificate(
     int cert_index,
     const std::string& guid,
     base::DictionaryValue* certificate) {
-  net::CertDatabase cert_database;
+  net::NSSCertDatabase cert_database;
   std::string pkcs12_data;
   if (!certificate->GetString("PKCS12", &pkcs12_data) ||
       pkcs12_data.empty()) {
     LOG(WARNING) << "ONC File: PKCS12 data is missing for Client "
                  << "certificate at index " << cert_index;
     parse_error_ = l10n_util::GetStringUTF8(
         IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MISSING);
     return NULL;
   }
 
@@ skipping 64 matching lines @@
   };
   CR_DEFINE_STATIC_LOCAL(EnumMapper<ClientCertType>, parser,
       (table, arraysize(table), CLIENT_CERT_TYPE_NONE));
   return parser.Get(type);
 }
 
 // static
 void OncNetworkParser::ListCertsWithNickname(const std::string& label,
                                              net::CertificateList* result) {
   net::CertificateList all_certs;
-  net::CertDatabase cert_db;
+  net::NSSCertDatabase cert_db;
   cert_db.ListCerts(&all_certs);
   result->clear();
   for (net::CertificateList::iterator iter = all_certs.begin();
        iter != all_certs.end(); ++iter) {
     if (iter->get()->os_cert_handle()->nickname) {
       // Separate the nickname stored in the certificate at the colon, since
       // NSS likes to store it as token:nickname.
       const char* delimiter =
           ::strchr(iter->get()->os_cert_handle()->nickname, ':');
       if (delimiter) {
@@ skipping 18 matching lines @@
       PORT_Free(private_key_nickname);
       SECKEY_DestroyPrivateKey(private_key);
     }
   }
 }
 
 // static
 bool OncNetworkParser::DeleteCertAndKeyByNickname(const std::string& label) {
   net::CertificateList cert_list;
   ListCertsWithNickname(label, &cert_list);
-  net::CertDatabase cert_db;
+  net::NSSCertDatabase cert_db;
   bool result = true;
   for (net::CertificateList::iterator iter = cert_list.begin();
        iter != cert_list.end(); ++iter) {
     // If we fail, we try and delete the rest still.
     // TODO(gspencer): this isn't very "transactional".  If we fail on some, but
     // not all, then it's possible to leave things in a weird state.
     // Luckily there should only be one cert with a particular
     // label, and the cert not being found is one of the few reasons the
     // delete could fail, but still...  The other choice is to return
     // failure immediately, but that doesn't seem to do what is intended.
@@ skipping 886 matching lines @@
     // on the value of AuthenticationType.
     { "L2TP-IPsec", PROVIDER_TYPE_L2TP_IPSEC_PSK },
     { "OpenVPN", PROVIDER_TYPE_OPEN_VPN },
   };
   CR_DEFINE_STATIC_LOCAL(EnumMapper<ProviderType>, parser,
       (table, arraysize(table), PROVIDER_TYPE_MAX));
   return parser.Get(type);
 }
 
 }  // namespace chromeos