Listen for new system certificates.

net/cert/cert_database.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_CERT_CERT_DATABASE_H_
 #define NET_CERT_CERT_DATABASE_H_
 
 #include "base/basictypes.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
@@ skipping 25 matching lines @@
 
     // Will be called when a new certificate is added.
     virtual void OnCertAdded(const X509Certificate* cert) {}
 
     // Will be called when a certificate is removed.
     virtual void OnCertRemoved(const X509Certificate* cert) {}
 
     // Will be called when a certificate's trust is changed.
     virtual void OnCertTrustChanged(const X509Certificate* cert) {}
 
+    // Will be called when the database changed in a unspecified manner. This is
+    // needed because some platforms (for example Android) delegate the
+    // certificate database to the system and do not get precise notifications
+    // of changes.
+    virtual void OnDatabaseChanged() {}

[Ryan Sleevi, 2013/10/16 17:40:52]

I would like to avoid adding a new method, especially to a base interface, when
it's a platform-specific interface.

For example, how could Windows implement this method, and what would it mean?

[qsr, 2013/10/17 09:17:54]

 Not sure to understand the comment, as the observer has nothing platform
specific. What is plaform specific is whether this is ever called, so user
should not care. Now, given that OnCertTrustChanged(NULL) is in fact doing the
same thing (but this behavior is not documented), I agree it is not useful.
Removed.

+
    protected:
     Observer() {}
 
    private:
     DISALLOW_COPY_AND_ASSIGN(Observer);
   };
 
   // Returns the CertDatabase singleton.
   static CertDatabase* GetInstance();
 
@@ skipping 15 matching lines @@
   // on the same thread on which AddObserver() was called.
   void RemoveObserver(Observer* observer);
 
 #if defined(OS_MACOSX) && !defined(OS_IOS)
   // Configures the current message loop to observe and forward events from
   // Keychain services. The MessageLoop must have an associated CFRunLoop,
   // which means that this must be called from a MessageLoop of TYPE_UI.
   void SetMessageLoopForKeychainEvents();
 #endif
 
+#if defined(OS_ANDROID)
+  // On android, the system database is used. When the system notifies the
+  // application that the certificates changed, the observers must be notified.
+  void NotifyObserversOfDatabaseChanged();
+#endif
+
  private:
   friend struct DefaultSingletonTraits<CertDatabase>;
 
   CertDatabase();
   ~CertDatabase();
 
   // Broadcasts notifications to all registered observers.
   void NotifyObserversOfCertAdded(const X509Certificate* cert);
   void NotifyObserversOfCertRemoved(const X509Certificate* cert);
   void NotifyObserversOfCertTrustChanged(const X509Certificate* cert);
 
   const scoped_refptr<ObserverListThreadSafe<Observer> > observer_list_;
 
 #if defined(USE_NSS) || (defined(OS_MACOSX) && !defined(OS_IOS))
   class Notifier;
   friend class Notifier;
   scoped_ptr<Notifier> notifier_;
 #endif
 
   DISALLOW_COPY_AND_ASSIGN(CertDatabase);
 };
 
 }  // namespace net
 
 #endif  // NET_CERT_CERT_DATABASE_H_