Move the NSS functions out of CertDatabase into a new NSSCertDatabase class.

net/base/nss_cert_database.h

Index: net/base/nss_cert_database.h
diff --git a/net/base/cert_database.h b/net/base/nss_cert_database.h
similarity index 79%
copy from net/base/cert_database.h
copy to net/base/nss_cert_database.h
index 67853165614b5530061eeac76fd56ceb530c107b..0d91712322fb312e68539a79829dfcc66368c04c 100644
--- a/net/base/cert_database.h
+++ b/net/base/nss_cert_database.h
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef NET_BASE_CERT_DATABASE_H_
-#define NET_BASE_CERT_DATABASE_H_
+#ifndef NET_BASE_NSS_CERT_DATABASE_H_
+#define NET_BASE_NSS_CERT_DATABASE_H_
 
 #include <string>
 #include <vector>
@@ -20,32 +20,21 @@ namespace net {
 class CryptoModule;
 typedef std::vector<scoped_refptr<CryptoModule> > CryptoModuleList;
 
-// This class provides functions to manipulate the local
-// certificate store.
-
-// TODO(gauravsh): This class could be augmented with methods
-// for all operations that manipulate the underlying system
-// certificate store.
-
-class NET_EXPORT CertDatabase {
+// Provides functions to manipulate the NSS certificate stores.
+class NET_EXPORT NSSCertDatabase {
  public:
 
-  // A CertDatabase::Observer will be notified on certificate database changes.
-  // The change could be either a new user certificate is added or trust on
-  // a certificate is changed.  Observers can register themselves
-  // via CertDatabase::AddObserver, and can un-register with
-  // CertDatabase::RemoveObserver.
   class NET_EXPORT Observer {
    public:
     virtual ~Observer() {}
 
-    // Will be called when a new user certificate is added.
+    // Will be called when a new certificate is added.
     // Called with |cert| == NULL after importing a list of certificates
     // in ImportFromPKCS12().
-    virtual void OnUserCertAdded(const X509Certificate* cert) {}
+    virtual void OnCertAdded(const X509Certificate* cert) {}
 
-    // Will be called when a user certificate is removed.
-    virtual void OnUserCertRemoved(const X509Certificate* cert) {}
+    // Will be called when a certificate is removed.
+    virtual void OnCertRemoved(const X509Certificate* cert) {}
 
     // Will be called when a certificate's trust is changed.
     // Called with |cert| == NULL after importing a list of certificates
@@ -96,18 +85,11 @@ class NET_EXPORT CertDatabase {
     DISTRUSTED_OBJ_SIGN   = 1 << 5,
   };
 
-  CertDatabase();
-
-  // Check whether this is a valid user cert that we have the private key for.
-  // Returns OK or a network error code such as ERR_CERT_CONTAINS_ERRORS.
-  int CheckUserCert(X509Certificate* cert);
+  NSSCertDatabase();
 
-  // Store user (client) certificate. Assumes CheckUserCert has already passed.
-  // Returns OK, or ERR_ADD_USER_CERT_FAILED if there was a problem saving to
-  // the platform cert database, or possibly other network error codes.
-  int AddUserCert(X509Certificate* cert);
+  // Initializes NSS, if it isn't initialized yet.
+  static void EnsureInit();

[Ryan Sleevi, 2012/09/05 21:44:17]

nit: In case it wasn't clear, I think EnsureInit can/should be implicit on
Singleton use. AFAICT, this shouldn't break anyone - should it?

[Joao da Silva, 2012/09/06 15:11:41]

This was the case before (the CertDatabase ctor from the _nss version calls
this), so it shouldn't break anyone. This is now called from the ctor of
NSSCertDatabase, which in turn is called from the ctor of CertDatabase too.

 
-#if defined(USE_NSS)
   // Get a list of unique certificates in the certificate database (one
   // instance of all certificates).
   void ListCerts(CertificateList* certs);
@@ -194,26 +176,25 @@ class NET_EXPORT CertDatabase {
 
   // Check whether cert is stored in a readonly slot.
   bool IsReadOnly(const X509Certificate* cert) const;
-#endif
 
   // Registers |observer| to receive notifications of certificate changes.  The
   // thread on which this is called is the thread on which |observer| will be
   // called back with notifications.
-  static void AddObserver(Observer* observer);
+  void AddObserver(Observer* observer);
 
   // Unregisters |observer| from receiving notifications.  This must be called
   // on the same thread on which AddObserver() was called.
-  static void RemoveObserver(Observer* observer);
+  void RemoveObserver(Observer* observer);
 
  private:
   // Broadcasts notifications to all registered observers.
-  static void NotifyObserversOfUserCertAdded(const X509Certificate* cert);
-  static void NotifyObserversOfUserCertRemoved(const X509Certificate* cert);
-  static void NotifyObserversOfCertTrustChanged(const X509Certificate* cert);
+  void NotifyObserversOfCertAdded(const X509Certificate* cert);
+  void NotifyObserversOfCertRemoved(const X509Certificate* cert);
+  void NotifyObserversOfCertTrustChanged(const X509Certificate* cert);
 
-  DISALLOW_COPY_AND_ASSIGN(CertDatabase);
+  DISALLOW_COPY_AND_ASSIGN(NSSCertDatabase);
 };
 
 }  // namespace net
 
-#endif  // NET_BASE_CERT_DATABASE_H_
+#endif  // NET_BASE_NSS_CERT_DATABASE_H_