Add migration from CaCert NSS nicknames to PEM.

chromeos/cert_loader.h

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROMEOS_CERT_LOADER_H_
 #define CHROMEOS_CERT_LOADER_H_
 
 #include <string>
 
 #include "base/memory/ref_counted.h"
@@ skipping 36 matching lines @@
                                       bool initial_load) = 0;
 
    protected:
     Observer() {}
 
    private:
     DISALLOW_COPY_AND_ASSIGN(Observer);
   };
 
   // Sets the global instance. Must be called before any calls to Get().
-  static void Initialize();
+  // |task_runner| is the task runner that any slow calls will be made from,
+  // e.g. calls to the NSS database.
+  static void Initialize(const scoped_refptr<base::TaskRunner>& task_runner);
 
   // Destroys the global instance.
   static void Shutdown();
 
   // Gets the global instance. Initialize() must be called first.
   static CertLoader* Get();
 
   // Returns true if the global instance has been initialized.
   static bool IsInitialized();
 
   // |crypto_task_runner| is the task runner that any synchronous crypto calls
-  // should be made from. e.g. in Chrome this is the IO thread. Must be called
+  // should be made from, e.g. in Chrome this is the IO thread. Must be called
   // after the thread is started. Certificate loading will not happen unless
   // this is set.
   void SetCryptoTaskRunner(
       const scoped_refptr<base::SequencedTaskRunner>& crypto_task_runner);
 
   void AddObserver(CertLoader::Observer* observer);
   void RemoveObserver(CertLoader::Observer* observer);
 
   // Returns true when the certificate list has been requested but not loaded.
   bool CertificatesLoading() const;
 
   // Returns true if the TPM is available for hardware-backed certificates.
   bool IsHardwareBacked() const;
 
   std::string GetPkcs11IdForCert(const net::X509Certificate& cert) const;
 
   bool certificates_loaded() const { return certificates_loaded_; }
 
   // TPM info is only valid once the TPM is available (IsHardwareBacked is
   // true). Otherwise empty strings will be returned.
   const std::string& tpm_token_name() const { return tpm_token_name_; }
   const std::string& tpm_token_slot() const { return tpm_token_slot_; }
   const std::string& tpm_user_pin() const { return tpm_user_pin_; }
 
   // This will be empty until certificates_loaded() is true.
   const net::CertificateList& cert_list() const { return cert_list_; }
 
  private:
-  CertLoader();
+  explicit CertLoader(const scoped_refptr<base::TaskRunner>& task_runner);
   virtual ~CertLoader();
 
   void Init();
   void MaybeRequestCertificates();
 
   // This is the cyclic chain of callbacks to initialize the TPM token and to
   // kick off the update of the certificate list.
   void InitializeTokenAndLoadCertificates();
   void RetryTokenInitializationLater();
   void OnPersistentNSSDBOpened();
@@ skipping 51 matching lines @@
   std::string tpm_user_pin_;
 
   // Cached Certificates.
   net::CertificateList cert_list_;
 
   base::ThreadChecker thread_checker_;
 
   // TaskRunner for crypto calls.
   scoped_refptr<base::SequencedTaskRunner> crypto_task_runner_;
 
+  // TaskRunner for slow tasks.
+  scoped_refptr<base::TaskRunner> worker_pool_task_runner_;
+
   // This factory should be used only for callbacks during TPMToken
   // initialization.
   base::WeakPtrFactory<CertLoader> initialize_token_factory_;
 
   // This factory should be used only for callbacks during updating the
   // certificate list.
   base::WeakPtrFactory<CertLoader> update_certificates_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(CertLoader);
 };
 
 }  // namespace chromeos
 
 #endif  // CHROMEOS_CERT_LOADER_H_