Add TrustStoreNSS and TrustStoreCollection

net/cert/internal/trust_store_collection.cc

Index: net/cert/internal/trust_store_collection.cc
diff --git a/net/cert/internal/trust_store_collection.cc b/net/cert/internal/trust_store_collection.cc
new file mode 100644
index 0000000000000000000000000000000000000000..dc023fba759a82f823f0054a9f6189386f845c6d
--- /dev/null
+++ b/net/cert/internal/trust_store_collection.cc
@@ -0,0 +1,38 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/internal/trust_store_collection.h"
+
+namespace net {
+
+TrustStoreCollection::TrustStoreCollection() = default;
+TrustStoreCollection::~TrustStoreCollection() = default;
+
+void TrustStoreCollection::SetPrimaryTrustStore(TrustStore* store) {
+  DCHECK(!primary_store_);

[eroman, 2016/08/23 18:48:54]

suggest also adding DCHECK(store) -- or do you want the API to permit nulling it
through this?

[mattm, 2016/08/27 00:37:01]

Done.

+  primary_store_ = store;
+}
+
+void TrustStoreCollection::AddTrustStoreSynchronousOnly(TrustStore* store) {
+  sync_only_stores_.push_back(store);
+}
+
+void TrustStoreCollection::FindTrustAnchorsForCert(
+    const ParsedCertificate* cert,
+    const TrustAnchorCallback& callback,
+    TrustAnchors* out_matches,
+    std::unique_ptr<Request>* out_req) const {
+  if (primary_store_)
+    primary_store_->FindTrustAnchorsForCert(cert, callback, out_matches,
+                                            out_req);
+
+  for (auto* store : sync_only_stores_) {
+    std::unique_ptr<Request> unused_req;

[eroman, 2016/08/23 18:48:54]

should nullptr be allowed in the case where null callback is passed?

[mattm, 2016/08/27 00:37:01]

Done.

+    store->FindTrustAnchorsForCert(cert, TrustAnchorCallback(), out_matches,
+                                   &unused_req);
+    DCHECK(!unused_req);
+  }
+}
+
+}  // namespace net