Reauthorize Keychain to Replace Developer ID Certificate

chrome/browser/mac/keychain_reauthorize.h

Index: chrome/browser/mac/keychain_reauthorize.h
diff --git a/chrome/browser/mac/keychain_reauthorize.h b/chrome/browser/mac/keychain_reauthorize.h
new file mode 100644
index 0000000000000000000000000000000000000000..3b2b45665701f2521e6b99d833a07a4486074a37
--- /dev/null
+++ b/chrome/browser/mac/keychain_reauthorize.h
@@ -0,0 +1,34 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_MAC_KEYCHAIN_REAUTHORIZE_H_
+#define CHROME_BROWSER_MAC_KEYCHAIN_REAUTHORIZE_H_
+
+#ifdef __OBJC__
+@class NSString;
+#else
+class NSString;
+#endif
+
+namespace chrome {
+
+// Reauthorizes the keychain entry, but only if it's determined that it's
+// necessary. pref_key is looked up in the system's standard user defaults
+// (preferences) and it is associated with both the number of previous attempts,
+// and whether a previous attempt succeeded. Only if a previous attempt did not
+// succeed, and the number of previous tries is less than max_tries, is
+// reauthorization attempted. Before the attempt, the preference is
+// incremented, allowing a finite number of incomplete attempts at performing
+// the operation.
+
+// The system's standard user defaults for the application are used
+// (~/Library/Preferences/com.google.Chrome.plist,
+// com.google.Chrome.canary.plist, etc.) instead of Chrome preferences because
+// Keychain access is tied more closely to the bundle identifier and signed
+// product than it is to any specific profile (--user-data-dir).
+void KeychainReauthorizeIfNeeded(NSString* pref_key, int max_tries);
+
+}  // namespace chrome
+
+#endif  // CHROME_BROWSER_MAC_KEYCHAIN_REAUTHORIZE_H_