Move the NSS functions out of CertDatabase into a new NSSCertDatabase class.

net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp

Index: net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
diff --git a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
index 234c06590b363efb911d7d25147a5f0fbcee7a31..89d019187a5a259ab177670d4552517b8d20da2a 100644
--- a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
+++ b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
@@ -62,8 +62,8 @@ namespace mozilla_security_manager {
 // Based on nsNSSCertificateDB::handleCACertDownload, minus the UI bits.
 bool ImportCACerts(const net::CertificateList& certificates,
                    net::X509Certificate* root,
-                   net::CertDatabase::TrustBits trustBits,
-                   net::CertDatabase::ImportCertFailureList* not_imported) {
+                   net::NSSCertDatabase::TrustBits trustBits,
+                   net::NSSCertDatabase::ImportCertFailureList* not_imported) {
   if (certificates.empty() || !root)
     return false;
 
@@ -78,14 +78,14 @@ bool ImportCACerts(const net::CertificateList& certificates,
   // itself, so we skip it here.
 
   if (!CERT_IsCACert(root->os_cert_handle(), NULL)) {
-    not_imported->push_back(net::CertDatabase::ImportCertFailure(
+    not_imported->push_back(net::NSSCertDatabase::ImportCertFailure(
         root, net::ERR_IMPORT_CA_CERT_NOT_CA));
   } else if (root->os_cert_handle()->isperm) {
     // Mozilla just returns here, but we continue in case there are other certs
     // in the list which aren't already imported.
     // TODO(mattm): should we set/add trust if it differs from the present
     // settings?
-    not_imported->push_back(net::CertDatabase::ImportCertFailure(
+    not_imported->push_back(net::NSSCertDatabase::ImportCertFailure(
         root, net::ERR_IMPORT_CERT_ALREADY_EXISTS));
   } else {
     // Mozilla uses CERT_AddTempCertToPerm, however it is privately exported,
@@ -122,14 +122,14 @@ bool ImportCACerts(const net::CertificateList& certificates,
     // Mozilla uses CERT_FilterCertListByUsage(certList, certUsageAnyCA,
     // PR_TRUE).  Afaict, checking !CERT_IsCACert on each cert is equivalent.
     if (!CERT_IsCACert(cert->os_cert_handle(), NULL)) {
-      not_imported->push_back(net::CertDatabase::ImportCertFailure(
+      not_imported->push_back(net::NSSCertDatabase::ImportCertFailure(
           cert, net::ERR_IMPORT_CA_CERT_NOT_CA));
       VLOG(1) << "skipping cert (non-ca)";
       continue;
     }
 
     if (cert->os_cert_handle()->isperm) {
-      not_imported->push_back(net::CertDatabase::ImportCertFailure(
+      not_imported->push_back(net::NSSCertDatabase::ImportCertFailure(
           cert, net::ERR_IMPORT_CERT_ALREADY_EXISTS));
       VLOG(1) << "skipping cert (perm)";
       continue;
@@ -140,7 +140,7 @@ bool ImportCACerts(const net::CertificateList& certificates,
       // TODO(mattm): use better error code (map PORT_GetError to an appropriate
       // error value).  (maybe make MapSecurityError or MapCertErrorToCertStatus
       // public.)
-      not_imported->push_back(net::CertDatabase::ImportCertFailure(
+      not_imported->push_back(net::NSSCertDatabase::ImportCertFailure(
           cert, net::ERR_FAILED));
       VLOG(1) << "skipping cert (verify) " << PORT_GetError();
       continue;
@@ -158,7 +158,7 @@ bool ImportCACerts(const net::CertificateList& certificates,
       LOG(ERROR) << "PK11_ImportCert failed with error " << PORT_GetError();
       // TODO(mattm): Should we bail or continue on error here?  Mozilla doesn't
       // check error code at all.
-      not_imported->push_back(net::CertDatabase::ImportCertFailure(
+      not_imported->push_back(net::NSSCertDatabase::ImportCertFailure(
           cert, net::ERR_IMPORT_CA_CERT_FAILED));
     }
   }
@@ -168,9 +168,10 @@ bool ImportCACerts(const net::CertificateList& certificates,
 }
 
 // Based on nsNSSCertificateDB::ImportServerCertificate.
-bool ImportServerCert(const net::CertificateList& certificates,
-                      net::CertDatabase::TrustBits trustBits,
-                      net::CertDatabase::ImportCertFailureList* not_imported) {
+bool ImportServerCert(
+    const net::CertificateList& certificates,
+    net::NSSCertDatabase::TrustBits trustBits,
+    net::NSSCertDatabase::ImportCertFailureList* not_imported) {
   if (certificates.empty())
     return false;
 
@@ -193,7 +194,7 @@ bool ImportServerCert(const net::CertificateList& certificates,
         PR_FALSE /* includeTrust (unused) */);
     if (srv != SECSuccess) {
       LOG(ERROR) << "PK11_ImportCert failed with error " << PORT_GetError();
-      not_imported->push_back(net::CertDatabase::ImportCertFailure(
+      not_imported->push_back(net::NSSCertDatabase::ImportCertFailure(
           cert, net::ERR_IMPORT_SERVER_CERT_FAILED));
       continue;
     }
@@ -211,14 +212,14 @@ bool ImportServerCert(const net::CertificateList& certificates,
 bool
 SetCertTrust(const net::X509Certificate* cert,
              net::CertType type,
-             net::CertDatabase::TrustBits trustBits)
+             net::NSSCertDatabase::TrustBits trustBits)
 {
-  const unsigned kSSLTrustBits = net::CertDatabase::TRUSTED_SSL |
-      net::CertDatabase::DISTRUSTED_SSL;
-  const unsigned kEmailTrustBits = net::CertDatabase::TRUSTED_EMAIL |
-      net::CertDatabase::DISTRUSTED_EMAIL;
-  const unsigned kObjSignTrustBits = net::CertDatabase::TRUSTED_OBJ_SIGN |
-      net::CertDatabase::DISTRUSTED_OBJ_SIGN;
+  const unsigned kSSLTrustBits = net::NSSCertDatabase::TRUSTED_SSL |
+      net::NSSCertDatabase::DISTRUSTED_SSL;
+  const unsigned kEmailTrustBits = net::NSSCertDatabase::TRUSTED_EMAIL |
+      net::NSSCertDatabase::DISTRUSTED_EMAIL;
+  const unsigned kObjSignTrustBits = net::NSSCertDatabase::TRUSTED_OBJ_SIGN |
+      net::NSSCertDatabase::DISTRUSTED_OBJ_SIGN;
   if ((trustBits & kSSLTrustBits) == kSSLTrustBits ||
       (trustBits & kEmailTrustBits) == kEmailTrustBits ||
       (trustBits & kObjSignTrustBits) == kObjSignTrustBits) {
@@ -236,19 +237,19 @@ SetCertTrust(const net::X509Certificate* cert,
     // CERTDB_TERMINAL_RECORD only.
     CERTCertTrust trust = {CERTDB_VALID_CA, CERTDB_VALID_CA, CERTDB_VALID_CA};
 
-    if (trustBits & net::CertDatabase::DISTRUSTED_SSL)
+    if (trustBits & net::NSSCertDatabase::DISTRUSTED_SSL)
       trust.sslFlags = CERTDB_TERMINAL_RECORD;
-    else if (trustBits & net::CertDatabase::TRUSTED_SSL)
+    else if (trustBits & net::NSSCertDatabase::TRUSTED_SSL)
       trust.sslFlags |= CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA;
 
-    if (trustBits & net::CertDatabase::DISTRUSTED_EMAIL)
+    if (trustBits & net::NSSCertDatabase::DISTRUSTED_EMAIL)
       trust.emailFlags = CERTDB_TERMINAL_RECORD;
-    else if (trustBits & net::CertDatabase::TRUSTED_EMAIL)
+    else if (trustBits & net::NSSCertDatabase::TRUSTED_EMAIL)
       trust.emailFlags |= CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA;
 
-    if (trustBits & net::CertDatabase::DISTRUSTED_OBJ_SIGN)
+    if (trustBits & net::NSSCertDatabase::DISTRUSTED_OBJ_SIGN)
       trust.objectSigningFlags = CERTDB_TERMINAL_RECORD;
-    else if (trustBits & net::CertDatabase::TRUSTED_OBJ_SIGN)
+    else if (trustBits & net::NSSCertDatabase::TRUSTED_OBJ_SIGN)
       trust.objectSigningFlags |= CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA;
 
     srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), nsscert, &trust);
@@ -258,9 +259,9 @@ SetCertTrust(const net::X509Certificate* cert,
     CERT_GetCertTrust(nsscert, &trust);
     trust.sslFlags = 0;
 
-    if (trustBits & net::CertDatabase::DISTRUSTED_SSL)
+    if (trustBits & net::NSSCertDatabase::DISTRUSTED_SSL)
       trust.sslFlags |= CERTDB_TERMINAL_RECORD;
-    else if (trustBits & net::CertDatabase::TRUSTED_SSL)
+    else if (trustBits & net::NSSCertDatabase::TRUSTED_SSL)
       trust.sslFlags |= CERTDB_TRUSTED | CERTDB_TERMINAL_RECORD;
 
     srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), nsscert, &trust);