*WIP* Store NSS slots per profile. Move keygen to chrome.

net/cert/nss_cert_database_chromeos.h

Index: net/cert/nss_cert_database_chromeos.h
diff --git a/net/cert/nss_cert_database_chromeos.h b/net/cert/nss_cert_database_chromeos.h
new file mode 100644
index 0000000000000000000000000000000000000000..bd2880138541c9f090cef99aadcc174f646e6389
--- /dev/null
+++ b/net/cert/nss_cert_database_chromeos.h
@@ -0,0 +1,75 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_CERT_NSS_CERT_DATABASE_CHROMEOS_
+#define NET_CERT_NSS_CERT_DATABASE_CHROMEOS_
+
+#include "base/callback.h"
+#include "crypto/scoped_nss_types.h"
+#include "net/cert/nss_cert_database.h"
+#include "net/cert/nss_profile_filter_chromeos.h"
+
+namespace net {
+class CryptoModule;
+typedef std::vector<scoped_refptr<CryptoModule> > CryptoModuleList;
+class X509Certificate;
+typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
+
+class NET_EXPORT NSSCertDatabaseChromeOS : public NSSCertDatabase {
+ public:
+  // Get a pointer to the NSSCertDatabase for the given user. Ownership is not
+  // transferred, but the caller may hold the pointer, which will remain valid
+  // for the lifetime of the process. If the database is already initialized it
+  // will be returned, otherwise if |callback| is non-null, the database will be
+  // passed to the callback when it is ready.
+  static NSSCertDatabase* GetForUser(
+      const std::string& username_hash,
+      const base::Callback<void(NSSCertDatabase*)>& callback);
+
+  virtual ~NSSCertDatabaseChromeOS();
+
+  // NSSCertDatabase implementation.
+  virtual void ListCerts(CertificateList* certs) OVERRIDE;
+  virtual crypto::ScopedPK11Slot GetPublicSlot() const OVERRIDE;
+  virtual crypto::ScopedPK11Slot GetPrivateSlot() const OVERRIDE;
+  virtual void ListModules(CryptoModuleList* modules, bool need_rw) const
+      OVERRIDE;
+  virtual TrustBits GetCertTrust(const X509Certificate* cert,
+                                 CertType type) const OVERRIDE;
+  virtual bool IsUntrusted(const X509Certificate* cert) const OVERRIDE;
+  //virtual bool SetCertTrust(const X509Certificate* cert,
+  //                          CertType type,
+  //                          TrustBits trust_bits) OVERRIDE;
+
+  // TODO(mattm): handle trust setting, deletion, etc correctly when certs exist
+  // in multiple slots.
+  // TODO(mattm): handle trust setting correctly for certs in read-only slots.
+
+  class Manager;
+  friend class Manager;
+ private:
+
+  // This class should not be constructed directly. Use GetForUser.
+  explicit NSSCertDatabaseChromeOS(crypto::ScopedPK11Slot public_slot);
+  void SetPrivateSlot(crypto::ScopedPK11Slot private_slot);
+  void OnReady(const base::Callback<void(NSSCertDatabase*)>& callback);
+
+  scoped_refptr<const X509Certificate> ResolveCert(const X509Certificate* cert,
+                                                   bool need_rw) const;
+
+  bool ready_;
+  crypto::ScopedPK11Slot public_slot_;
+  crypto::ScopedPK11Slot private_slot_;
+  NSSProfileFilterChromeOS profile_filter_;
+
+  typedef std::vector<base::Callback<void(NSSCertDatabase*)> >
+      ReadyCallbackList;
+  ReadyCallbackList ready_callback_list_;
+
+  DISALLOW_COPY_AND_ASSIGN(NSSCertDatabaseChromeOS);
+};
+
+}  // namespace net
+
+#endif  // NET_CERT_NSS_CERT_DATABASE_CHROMEOS_