Make NSSCertDatabase::ListCerts work async on a worker thread.

net/cert/nss_cert_database.h

Index: net/cert/nss_cert_database.h
diff --git a/net/cert/nss_cert_database.h b/net/cert/nss_cert_database.h
index 0707b8d8c619c3bc3ba088414341cee3a39acc42..7e7f47a5fdfbdad2efe6516429efe137d8c84038 100644
--- a/net/cert/nss_cert_database.h
+++ b/net/cert/nss_cert_database.h
@@ -9,15 +9,18 @@
 #include <vector>
 
 #include "base/basictypes.h"
+#include "base/callback_forward.h"
 #include "base/memory/ref_counted.h"
 #include "base/strings/string16.h"
 #include "crypto/scoped_nss_types.h"
 #include "net/base/net_export.h"
 #include "net/cert/cert_type.h"
+#include "net/cert/nss_database_filter.h"
 #include "net/cert/x509_certificate.h"
 
 namespace base {
 template <typename T> struct DefaultLazyInstanceTraits;
+class TaskRunner;
 }
 template <class ObserverType> class ObserverListThreadSafe;
 
@@ -96,7 +99,14 @@ class NET_EXPORT NSSCertDatabase {
 
   // Get a list of unique certificates in the certificate database (one
   // instance of all certificates).
-  virtual void ListCerts(CertificateList* certs);
+  // DEPRECATED: Use ListCerts instead.
+  void ListCertsSync(CertificateList* certs);
+
+  // Asynchronously get a list of unique certificates in the certificate
+  // database (one instance of all certificates).
+  typedef base::Callback<void(scoped_ptr<CertificateList> certs)>
+      ListCertsCallback;
+  void ListCerts(const ListCertsCallback& callback);
 
   // Get the default slot for public key data.
   virtual crypto::ScopedPK11Slot GetPublicSlot() const;
@@ -119,7 +129,7 @@ class NET_EXPORT NSSCertDatabase {
   // Get all modules.
   // If |need_rw| is true, only writable modules will be returned.
   // TODO(mattm): come up with better alternative to CryptoModuleList.
-  virtual void ListModules(CryptoModuleList* modules, bool need_rw) const;
+  virtual void ListModulesSync(CryptoModuleList* modules, bool need_rw) const;
 
   // Import certificates and private keys from PKCS #12 blob into the module.
   // If |is_extractable| is false, mark the private key as being unextractable
@@ -209,18 +219,42 @@ class NET_EXPORT NSSCertDatabase {
   // on the same thread on which AddObserver() was called.
   void RemoveObserver(Observer* observer);
 
+  // Overrides task runner that's used for running slow tasks.
+  void SetSlowTaskRunnerForTest(
+      const scoped_refptr<base::TaskRunner>& task_runner);

[Ryan Sleevi, 2014/01/28 02:11:22]

Why is this not private w/ friend?

+
  protected:
   NSSCertDatabase();
   virtual ~NSSCertDatabase();
 
+  // Returns the NSSDatabaseFilter that should be used to filter out
+  // certificated and modules during their listing. Default value is NULL,
+  // but subclasses may override it.
+  virtual scoped_refptr<NSSDatabaseFilter> GetDatabaseFilter() const;
+
  private:
   friend struct base::DefaultLazyInstanceTraits<NSSCertDatabase>;
 
+  // Static method that lists all the certificates and filters out the ones
+  // that satisfy |predicate|. If |predicate| is not set, no filtering is done.
+  // The result is returned using |certs|.
+  static void ListAndFilterCerts(
+      scoped_ptr<NSSDatabaseFilter::CertNotAllowedPredicate> predicate,
+      CertificateList* certs);
+
   // Broadcasts notifications to all registered observers.
   void NotifyObserversOfCertAdded(const X509Certificate* cert);
   void NotifyObserversOfCertRemoved(const X509Certificate* cert);
   void NotifyObserversOfCACertChanged(const X509Certificate* cert);
 
+  // Gets task runner that should be use for slow tasks like certificate
+  // listing. Defaults to a base::WorkerPool runner, but may be overriden
+  // in tests (see SetSlowTaskRunnerForTest).
+  scoped_refptr<base::TaskRunner> GetSlowTaskRunner() const;
+
+  // Task runner that should be used in tests if set.
+  scoped_refptr<base::TaskRunner> slow_task_runner_for_test_;
+
   const scoped_refptr<ObserverListThreadSafe<Observer> > observer_list_;
 
   DISALLOW_COPY_AND_ASSIGN(NSSCertDatabase);