*WIP* Store NSS slots per profile. Move keygen to chrome.

net/cert/nss_cert_database.h

Index: net/cert/nss_cert_database.h
diff --git a/net/cert/nss_cert_database.h b/net/cert/nss_cert_database.h
index 4986e5176fea156dd19cfafd792be590d57293c8..b791a10439e1c7201b486280cae7588768cf3166 100644
--- a/net/cert/nss_cert_database.h
+++ b/net/cert/nss_cert_database.h
@@ -11,11 +11,15 @@
 #include "base/basictypes.h"
 #include "base/memory/ref_counted.h"
 #include "base/strings/string16.h"
+#include "crypto/scoped_nss_types.h"
 #include "net/base/net_export.h"
+#include "net/cert/cert_database.h"
 #include "net/cert/cert_type.h"
 #include "net/cert/x509_certificate.h"
 
-template <typename T> struct DefaultSingletonTraits;
+namespace base {
+template <typename T> struct DefaultLazyInstanceTraits;
+}
 template <class ObserverType> class ObserverListThreadSafe;
 
 namespace net {
@@ -24,33 +28,8 @@ class CryptoModule;
 typedef std::vector<scoped_refptr<CryptoModule> > CryptoModuleList;
 
 // Provides functions to manipulate the NSS certificate stores.
-class NET_EXPORT NSSCertDatabase {
+class NET_EXPORT NSSCertDatabase : public CertDatabaseSource {
  public:
-
-  class NET_EXPORT Observer {
-   public:
-    virtual ~Observer() {}
-
-    // Will be called when a new certificate is added.
-    // Called with |cert| == NULL after importing a list of certificates
-    // in ImportFromPKCS12().
-    virtual void OnCertAdded(const X509Certificate* cert) {}
-
-    // Will be called when a certificate is removed.
-    virtual void OnCertRemoved(const X509Certificate* cert) {}
-
-    // Will be called when a CA certificate is changed.
-    // Called with |cert| == NULL after importing a list of certificates
-    // in ImportCACerts().
-    virtual void OnCACertChanged(const X509Certificate* cert) {}
-
-   protected:
-    Observer() {}
-
-   private:
-    DISALLOW_COPY_AND_ASSIGN(Observer);
-  };
-
   // Stores per-certificate error codes for import failures.
   struct NET_EXPORT ImportCertFailure {
    public:
@@ -92,19 +71,27 @@ class NET_EXPORT NSSCertDatabase {
 
   // Get a list of unique certificates in the certificate database (one
   // instance of all certificates).
-  void ListCerts(CertificateList* certs);
+  virtual void ListCerts(CertificateList* certs);
+
+  // Get the default slot for public key data.
+  virtual crypto::ScopedPK11Slot GetPublicSlot() const;
+
+  // Get the default slot for private key or mixed private/public key data.
+  virtual crypto::ScopedPK11Slot GetPrivateSlot() const;
 
   // Get the default module for public key data.
   // The returned pointer must be stored in a scoped_refptr<CryptoModule>.
+  // DEPRECATED: use GetPublicSlot instead.
   CryptoModule* GetPublicModule() const;
 
   // Get the default module for private key or mixed private/public key data.
   // The returned pointer must be stored in a scoped_refptr<CryptoModule>.
+  // DEPRECATED: use GetPrivateSlot instead.
   CryptoModule* GetPrivateModule() const;
 
   // Get all modules.
   // If |need_rw| is true, only writable modules will be returned.
-  void ListModules(CryptoModuleList* modules, bool need_rw) const;
+  virtual void ListModules(CryptoModuleList* modules, bool need_rw) const;
 
   // Import certificates and private keys from PKCS #12 blob into the module.
   // If |is_extractable| is false, mark the private key as being unextractable
@@ -157,18 +144,19 @@ class NET_EXPORT NSSCertDatabase {
                         ImportCertFailureList* not_imported);
 
   // Get trust bits for certificate.
-  TrustBits GetCertTrust(const X509Certificate* cert, CertType type) const;
+  virtual TrustBits GetCertTrust(const X509Certificate* cert,
+                                 CertType type) const;
 
   // IsUntrusted returns true if |cert| is specifically untrusted. These
   // certificates are stored in the database for the specific purpose of
   // rejecting them.
-  bool IsUntrusted(const X509Certificate* cert) const;
+  virtual bool IsUntrusted(const X509Certificate* cert) const;
 
   // Set trust values for certificate.
   // Returns true on success or false on failure.
-  bool SetCertTrust(const X509Certificate* cert,
-                    CertType type,
-                    TrustBits trust_bits);
+  virtual bool SetCertTrust(const X509Certificate* cert,
+                            CertType type,
+                            TrustBits trust_bits);
 
   // Delete certificate and associated private key (if one exists).
   // |cert| is still valid when this function returns. Returns true on
@@ -184,17 +172,26 @@ class NET_EXPORT NSSCertDatabase {
   // Registers |observer| to receive notifications of certificate changes.  The
   // thread on which this is called is the thread on which |observer| will be
   // called back with notifications.
-  void AddObserver(Observer* observer);
+  virtual void AddObserver(Observer* observer) OVERRIDE;
 
   // Unregisters |observer| from receiving notifications.  This must be called
   // on the same thread on which AddObserver() was called.
-  void RemoveObserver(Observer* observer);
+  virtual void RemoveObserver(Observer* observer) OVERRIDE;
 
- private:
-  friend struct DefaultSingletonTraits<NSSCertDatabase>;
+  // Observe events and forward them to observers of this NSSCertDatabase. It is
+  // assumed that the NSSCertDatabase will outlive the source, so we don't need
+  // to bother with unregistering. //XXX
+  void AddSource(CertDatabaseSource* source);
 
+ protected:
   NSSCertDatabase();
-  ~NSSCertDatabase();
+  virtual ~NSSCertDatabase();
+
+  // XXX document, name this better
+  static NSSCertDatabase* GetInstanceNoWarn();
+
+ private:
+  friend struct base::DefaultLazyInstanceTraits<NSSCertDatabase>;
 
   // Broadcasts notifications to all registered observers.
   void NotifyObserversOfCertAdded(const X509Certificate* cert);
@@ -203,6 +200,10 @@ class NET_EXPORT NSSCertDatabase {
 
   const scoped_refptr<ObserverListThreadSafe<Observer> > observer_list_;
 
+  class Notifier;
+  friend class Notifier;
+  scoped_ptr<Notifier> notifier_;
+
   DISALLOW_COPY_AND_ASSIGN(NSSCertDatabase);
 };