Extension API enterprise.platformKeys.

net/cert/nss_cert_database.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_CERT_NSS_CERT_DATABASE_H_
 #define NET_CERT_NSS_CERT_DATABASE_H_
 
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "base/callback_forward.h"
 #include "base/memory/ref_counted.h"
+#include "base/memory/weak_ptr.h"
 #include "base/strings/string16.h"
 #include "crypto/scoped_nss_types.h"
+#include "net/base/net_errors.h"
 #include "net/base/net_export.h"
 #include "net/cert/cert_type.h"
 #include "net/cert/x509_certificate.h"
 
 namespace base {
 template <typename T> struct DefaultLazyInstanceTraits;
 class TaskRunner;
 }
 template <class ObserverType> class ObserverListThreadSafe;
 
@@ skipping 63 matching lines @@
     TRUSTED_EMAIL         = 1 << 1,
     TRUSTED_OBJ_SIGN      = 1 << 2,
     DISTRUSTED_SSL        = 1 << 3,
     DISTRUSTED_EMAIL      = 1 << 4,
     DISTRUSTED_OBJ_SIGN   = 1 << 5,
   };
 
   typedef base::Callback<void(scoped_ptr<CertificateList> certs)>
       ListCertsCallback;
 
+  typedef base::Callback<void(bool)> DeleteCertCallback;
+
   // DEPRECATED: See http://crbug.com/329735.
   static NSSCertDatabase* GetInstance();
 
   // Get a list of unique certificates in the certificate database (one
   // instance of all certificates).
   // DEPRECATED by |ListCerts|. See http://crbug.com/340460.
   virtual void ListCertsSync(CertificateList* certs);
 
   // Asynchronously get a list of unique certificates in the certificate
   // database (one instance of all certificates). Note that the callback may be
   // run even after the database is deleted.
   virtual void ListCerts(const ListCertsCallback& callback);
 
+  // Get a list of certificates in the certificate database of the given slot.
+  // Note that the callback may be run even after the database is deleted.
+  // Must be called on the IO thread and it calls |callback| on the IO thread.
+  // This does not block by retrieving the certs asynchronously on a worker
+  // thread. Never calls |callback| synchronously.
+  virtual void ListCertsInSlot(const ListCertsCallback& callback,
+                               PK11SlotInfo* slot);
+
   // Get the default slot for public key data.
   virtual crypto::ScopedPK11Slot GetPublicSlot() const;
 
   // Get the default slot for private key or mixed private/public key data.
   virtual crypto::ScopedPK11Slot GetPrivateSlot() const;
 
   // Get the default module for public key data.
   // The returned pointer must be stored in a scoped_refptr<CryptoModule>.
   // DEPRECATED: use GetPublicSlot instead.
   // TODO(mattm): remove usage of this method and remove it.
@@ skipping 70 matching lines @@
 
   // Set trust values for certificate.
   // Returns true on success or false on failure.
   bool SetCertTrust(const X509Certificate* cert,
                     CertType type,
                     TrustBits trust_bits);
 
   // Delete certificate and associated private key (if one exists).
   // |cert| is still valid when this function returns. Returns true on
   // success.
-  bool DeleteCertAndKey(const X509Certificate* cert);
+  bool DeleteCertAndKey(X509Certificate* cert);
+
+  // Like DeleteCertAndKey but does not block by running the removal on a worker
+  // thread. This must be called on IO thread and it will run |callback| on IO
+  // thread. Never calls |callback| synchronously.
+  void DeleteCertAndKeyAsync(const scoped_refptr<X509Certificate>& cert,
+                             const DeleteCertCallback& callback);
 
   // Check whether cert is stored in a readonly slot.
   bool IsReadOnly(const X509Certificate* cert) const;
 
   // Check whether cert is stored in a hardware slot.
   bool IsHardwareBacked(const X509Certificate* cert) const;
 
   // Registers |observer| to receive notifications of certificate changes.  The
   // thread on which this is called is the thread on which |observer| will be
   // called back with notifications.
   // NOTE: CertDatabase::AddObserver should be preferred. Observers registered
   // here will only receive notifications generated directly through the
   // NSSCertDatabase, but not those from the CertDatabase. The CertDatabase
   // observers will receive both.
   void AddObserver(Observer* observer);
 
   // Unregisters |observer| from receiving notifications.  This must be called
   // on the same thread on which AddObserver() was called.
   void RemoveObserver(Observer* observer);
 
   // Overrides task runner that's used for running slow tasks.
   void SetSlowTaskRunnerForTest(
       const scoped_refptr<base::TaskRunner>& task_runner);
 
  protected:
   NSSCertDatabase();
   virtual ~NSSCertDatabase();
 
-  // Certificate listing implementation used by |ListCerts| and |ListCertsSync|.
-  // Static so it may safely be used on the worker thread.
-  static void ListCertsImpl(CertificateList* certs);
+  // Certificate listing implementation used by |ListCerts*| and
+  // |ListCertsSync|. Static so it may safely be used on the worker thread.
+  // If |slot| is NULL, obtains the certs of all slots, otherwise only of
+  // |slot|.
+  static void ListCertsImpl(crypto::ScopedPK11Slot slot,
+                            CertificateList* certs);
 
   // Gets task runner that should be used for slow tasks like certificate
   // listing. Defaults to a base::WorkerPool runner, but may be overriden
   // in tests (see SetSlowTaskRunnerForTest).
   scoped_refptr<base::TaskRunner> GetSlowTaskRunner() const;
 
  private:
   friend struct base::DefaultLazyInstanceTraits<NSSCertDatabase>;
 
+  // Notifies observers of the removal of |cert| and calls |callback| with
+  // |success| as argument.
+  void NotifyCertRemovalAndCallBack(scoped_refptr<X509Certificate> cert,
+                                    const DeleteCertCallback& callback,
+                                    bool success);
+
   // Broadcasts notifications to all registered observers.
   void NotifyObserversOfCertAdded(const X509Certificate* cert);
   void NotifyObserversOfCertRemoved(const X509Certificate* cert);
   void NotifyObserversOfCACertChanged(const X509Certificate* cert);
 
+  // Certificate removal implementation used by |DeleteCertAndKey*|. Static so
+  // it may safely be used on the worker thread.
+  static bool DeleteCertAndKeyImpl(scoped_refptr<X509Certificate> cert);
+
   // Task runner that should be used in tests if set.
   scoped_refptr<base::TaskRunner> slow_task_runner_for_test_;
 
   const scoped_refptr<ObserverListThreadSafe<Observer> > observer_list_;
 
+  base::WeakPtrFactory<NSSCertDatabase> weak_factory_;
+
   DISALLOW_COPY_AND_ASSIGN(NSSCertDatabase);
 };
 
 }  // namespace net
 
 #endif  // NET_CERT_NSS_CERT_DATABASE_H_