Move the NSS functions out of CertDatabase into a new NSSCertDatabase class.

net/base/nss_cert_database.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef NET_BASE_CERT_DATABASE_H_
-#define NET_BASE_CERT_DATABASE_H_
+#ifndef NET_BASE_NSS_CERT_DATABASE_H_
+#define NET_BASE_NSS_CERT_DATABASE_H_
 
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "base/memory/ref_counted.h"
 #include "base/string16.h"
 #include "net/base/cert_type.h"
 #include "net/base/net_export.h"
 #include "net/base/x509_certificate.h"
 
 namespace net {
 
 class CryptoModule;
 typedef std::vector<scoped_refptr<CryptoModule> > CryptoModuleList;
 
-// This class provides functions to manipulate the local
-// certificate store.
-
-// TODO(gauravsh): This class could be augmented with methods
-// for all operations that manipulate the underlying system
-// certificate store.
-
-class NET_EXPORT CertDatabase {
+// Provides functions to manipulate the NSS certificate stores.
+class NET_EXPORT NSSCertDatabase {
  public:
 
-  // A CertDatabase::Observer will be notified on certificate database changes.
-  // The change could be either a new user certificate is added or trust on
-  // a certificate is changed.  Observers can register themselves
-  // via CertDatabase::AddObserver, and can un-register with
-  // CertDatabase::RemoveObserver.
   class NET_EXPORT Observer {
    public:
     virtual ~Observer() {}
 
-    // Will be called when a new user certificate is added.
+    // Will be called when a new certificate is added.
     // Called with |cert| == NULL after importing a list of certificates
     // in ImportFromPKCS12().
-    virtual void OnUserCertAdded(const X509Certificate* cert) {}
+    virtual void OnCertAdded(const X509Certificate* cert) {}
 
-    // Will be called when a user certificate is removed.
-    virtual void OnUserCertRemoved(const X509Certificate* cert) {}
+    // Will be called when a certificate is removed.
+    virtual void OnCertRemoved(const X509Certificate* cert) {}
 
     // Will be called when a certificate's trust is changed.
     // Called with |cert| == NULL after importing a list of certificates
     // in ImportCACerts().
     virtual void OnCertTrustChanged(const X509Certificate* cert) {}
 
    protected:
     Observer() {}
 
    private:
@@ skipping 30 matching lines @@
   enum {
     TRUST_DEFAULT         =      0,
     TRUSTED_SSL           = 1 << 0,
     TRUSTED_EMAIL         = 1 << 1,
     TRUSTED_OBJ_SIGN      = 1 << 2,
     DISTRUSTED_SSL        = 1 << 3,
     DISTRUSTED_EMAIL      = 1 << 4,
     DISTRUSTED_OBJ_SIGN   = 1 << 5,
   };
 
-  CertDatabase();
+  NSSCertDatabase();
 
-  // Check whether this is a valid user cert that we have the private key for.
-  // Returns OK or a network error code such as ERR_CERT_CONTAINS_ERRORS.
-  int CheckUserCert(X509Certificate* cert);
+  // Initializes NSS, if it isn't initialized yet.
+  static void EnsureInit();

[Ryan Sleevi, 2012/09/05 21:44:17]

nit: In case it wasn't clear, I think EnsureInit can/should be implicit on
Singleton use. AFAICT, this shouldn't break anyone - should it?

[Joao da Silva, 2012/09/06 15:11:41]

This was the case before (the CertDatabase ctor from the _nss version calls
this), so it shouldn't break anyone. This is now called from the ctor of
NSSCertDatabase, which in turn is called from the ctor of CertDatabase too.

 
-  // Store user (client) certificate. Assumes CheckUserCert has already passed.
-  // Returns OK, or ERR_ADD_USER_CERT_FAILED if there was a problem saving to
-  // the platform cert database, or possibly other network error codes.
-  int AddUserCert(X509Certificate* cert);
-
-#if defined(USE_NSS)
   // Get a list of unique certificates in the certificate database (one
   // instance of all certificates).
   void ListCerts(CertificateList* certs);
 
   // Get the default module for public key data.
   // The returned pointer must be stored in a scoped_refptr<CryptoModule>.
   CryptoModule* GetPublicModule() const;
 
   // Get the default module for private key or mixed private/public key data.
   // The returned pointer must be stored in a scoped_refptr<CryptoModule>.
@@ skipping 66 matching lines @@
                     CertType type,
                     TrustBits trust_bits);
 
   // Delete certificate and associated private key (if one exists).
   // |cert| is still valid when this function returns. Returns true on
   // success.
   bool DeleteCertAndKey(const X509Certificate* cert);
 
   // Check whether cert is stored in a readonly slot.
   bool IsReadOnly(const X509Certificate* cert) const;
-#endif
 
   // Registers |observer| to receive notifications of certificate changes.  The
   // thread on which this is called is the thread on which |observer| will be
   // called back with notifications.
-  static void AddObserver(Observer* observer);
+  void AddObserver(Observer* observer);
 
   // Unregisters |observer| from receiving notifications.  This must be called
   // on the same thread on which AddObserver() was called.
-  static void RemoveObserver(Observer* observer);
+  void RemoveObserver(Observer* observer);
 
  private:
   // Broadcasts notifications to all registered observers.
-  static void NotifyObserversOfUserCertAdded(const X509Certificate* cert);
-  static void NotifyObserversOfUserCertRemoved(const X509Certificate* cert);
-  static void NotifyObserversOfCertTrustChanged(const X509Certificate* cert);
+  void NotifyObserversOfCertAdded(const X509Certificate* cert);
+  void NotifyObserversOfCertRemoved(const X509Certificate* cert);
+  void NotifyObserversOfCertTrustChanged(const X509Certificate* cert);
 
-  DISALLOW_COPY_AND_ASSIGN(CertDatabase);
+  DISALLOW_COPY_AND_ASSIGN(NSSCertDatabase);
 };
 
 }  // namespace net
 
-#endif  // NET_BASE_CERT_DATABASE_H_
+#endif  // NET_BASE_NSS_CERT_DATABASE_H_