Listen for new system certificates.

net/cert/cert_database.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_CERT_CERT_DATABASE_H_
 #define NET_CERT_CERT_DATABASE_H_
 
 #include "base/basictypes.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
@@ skipping 25 matching lines @@
 
     // Will be called when a new certificate is added.
     virtual void OnCertAdded(const X509Certificate* cert) {}
 
     // Will be called when a certificate is removed.
     virtual void OnCertRemoved(const X509Certificate* cert) {}
 
     // Will be called when a certificate's trust is changed.
     virtual void OnCertTrustChanged(const X509Certificate* cert) {}
 
+    // Will be called when the database changed in a non specific manner.
+    virtual void OnDatabaseUpdated() {}

[wtc, 2013/10/16 15:37:34]

Nit: a non specific manner => an unspecified manner?

I suggest naming this method "OnDatabaseChanged" and the notification method
"NotifyObserversOfDatabaseChanged".

[wtc, 2013/10/16 15:39:31]

Please mention why this broad notification is necessary on some platforms, and
you can name Android as an example. Thanks.

[qsr, 2013/10/16 16:02:09]

Done.

+
    protected:
     Observer() {}
 
    private:
     DISALLOW_COPY_AND_ASSIGN(Observer);
   };
 
   // Returns the CertDatabase singleton.
   static CertDatabase* GetInstance();
 
@@ skipping 15 matching lines @@
   // on the same thread on which AddObserver() was called.
   void RemoveObserver(Observer* observer);
 
 #if defined(OS_MACOSX) && !defined(OS_IOS)
   // Configures the current message loop to observe and forward events from
   // Keychain services. The MessageLoop must have an associated CFRunLoop,
   // which means that this must be called from a MessageLoop of TYPE_UI.
   void SetMessageLoopForKeychainEvents();
 #endif
 
+#if defined(OS_ANDROID)
+  // On android, the system database is used. When the system notifies the
+  // application that the certificates changed, the observers must be notified.
+  void NotifyObserversOfDatabaseUpdated();

[wtc, 2013/10/16 15:37:34]

Can this method be declared private, along with the other NotifyObserversOfXXX
methods on lines 96-99?

[qsr, 2013/10/16 16:02:09]

 Not really. It needs to be called externally by the java class that gets
notified when the system database change. Do you prefer a level of indirection?
That would still mean a public method that would just call the private one.

[wtc, 2013/10/16 18:33:24]

Not when I asked you that question. As a code reviewer, I was puzzled why the
existing NotifyObserversOfXXX methods can be private, but
NotifyObserversOfDatabaseUpdated can't.

Perhaps you can name the public method something like
"OnAndroidKeyChainChanged", and have it call
NotifyObserversOfCertTrustChanged(NULL).

+#endif
+
  private:
   friend struct DefaultSingletonTraits<CertDatabase>;
 
   CertDatabase();
   ~CertDatabase();
 
   // Broadcasts notifications to all registered observers.
   void NotifyObserversOfCertAdded(const X509Certificate* cert);
   void NotifyObserversOfCertRemoved(const X509Certificate* cert);
   void NotifyObserversOfCertTrustChanged(const X509Certificate* cert);
 
   const scoped_refptr<ObserverListThreadSafe<Observer> > observer_list_;
 
 #if defined(USE_NSS) || (defined(OS_MACOSX) && !defined(OS_IOS))
   class Notifier;
   friend class Notifier;
   scoped_ptr<Notifier> notifier_;
 #endif
 
   DISALLOW_COPY_AND_ASSIGN(CertDatabase);
 };
 
 }  // namespace net
 
 #endif  // NET_CERT_CERT_DATABASE_H_