Remove the deprecated NSSCertDatabase::GetInstance() .

net/cert/nss_cert_database.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_CERT_NSS_CERT_DATABASE_H_
 #define NET_CERT_NSS_CERT_DATABASE_H_
 
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "base/callback_forward.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/weak_ptr.h"
 #include "base/strings/string16.h"
 #include "crypto/scoped_nss_types.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_export.h"
 #include "net/cert/cert_type.h"
 #include "net/cert/x509_certificate.h"
 
 namespace base {
-template <typename T> struct DefaultLazyInstanceTraits;
 class TaskRunner;
 }
 template <class ObserverType> class ObserverListThreadSafe;
 
 namespace net {
 
 class CryptoModule;
 typedef std::vector<scoped_refptr<CryptoModule> > CryptoModuleList;
 
 // Provides functions to manipulate the NSS certificate stores.
 // Forwards notifications about certificate changes to the global CertDatabase
 // singleton.
 class NET_EXPORT NSSCertDatabase {
  public:
-
   class NET_EXPORT Observer {
    public:
     virtual ~Observer() {}
 
     // Will be called when a new certificate is added.
     // Called with |cert| == NULL after importing a list of certificates
     // in ImportFromPKCS12().
     virtual void OnCertAdded(const X509Certificate* cert) {}
 
     // Will be called when a certificate is removed.
@@ skipping 46 matching lines @@
     DISTRUSTED_SSL        = 1 << 3,
     DISTRUSTED_EMAIL      = 1 << 4,
     DISTRUSTED_OBJ_SIGN   = 1 << 5,
   };
 
   typedef base::Callback<void(scoped_ptr<CertificateList> certs)>
       ListCertsCallback;
 
   typedef base::Callback<void(bool)> DeleteCertCallback;
 
-  // DEPRECATED: See http://crbug.com/329735.
-  static NSSCertDatabase* GetInstance();
+  // Only use this outside of unit test if you really know what you're doing.
+  // Both slots must not be NULL but can be identical.

[Ryan Sleevi, 2014/07/24 23:19:10]

Well that's not very helpful of a comment. How do I know whether I know what I'm
doing?

// Creates a NSSCertDatabase that will store public information (such as
// certificates and trust records) in |public_slot|, and private information
(such as keys)
// in |private_slot|.
// In general, code should avoid creating an NSSCertDatabase directly,
// as doing so requires making opinionated decisions about where to store
// data, and instead prefer to be passed an existing NSSCertDatabase
// instance.

[pneubeck (no reviews), 2014/07/25 08:15:21]

Done.

+  NSSCertDatabase(crypto::ScopedPK11Slot public_slot,
+                  crypto::ScopedPK11Slot private_slot);
+  virtual ~NSSCertDatabase();
 
   // Get a list of unique certificates in the certificate database (one
   // instance of all certificates).
   // DEPRECATED by |ListCerts|. See http://crbug.com/340460.
   virtual void ListCertsSync(CertificateList* certs);
 
   // Asynchronously get a list of unique certificates in the certificate
   // database (one instance of all certificates). Note that the callback may be
   // run even after the database is deleted.
   virtual void ListCerts(const ListCertsCallback& callback);
 
   // Get a list of certificates in the certificate database of the given slot.
   // Note that the callback may be run even after the database is deleted.
   // Must be called on the IO thread and it calls |callback| on the IO thread.
   // This does not block by retrieving the certs asynchronously on a worker
   // thread. Never calls |callback| synchronously.
   virtual void ListCertsInSlot(const ListCertsCallback& callback,
                                PK11SlotInfo* slot);
 
   // Get the default slot for public key data.
-  virtual crypto::ScopedPK11Slot GetPublicSlot() const;
+  crypto::ScopedPK11Slot GetPublicSlot() const;
 
   // Get the default slot for private key or mixed private/public key data.
-  virtual crypto::ScopedPK11Slot GetPrivateSlot() const;
+  crypto::ScopedPK11Slot GetPrivateSlot() const;
 
   // Get the default module for public key data.
   // The returned pointer must be stored in a scoped_refptr<CryptoModule>.
   // DEPRECATED: use GetPublicSlot instead.
   // TODO(mattm): remove usage of this method and remove it.
   CryptoModule* GetPublicModule() const;
 
   // Get the default module for private key or mixed private/public key data.
   // The returned pointer must be stored in a scoped_refptr<CryptoModule>.
   // DEPRECATED: use GetPrivateSlot instead.
@@ skipping 84 matching lines @@
   bool IsReadOnly(const X509Certificate* cert) const;
 
   // Check whether cert is stored in a hardware slot.
   bool IsHardwareBacked(const X509Certificate* cert) const;
 
   // Overrides task runner that's used for running slow tasks.
   void SetSlowTaskRunnerForTest(
       const scoped_refptr<base::TaskRunner>& task_runner);
 
  protected:
-  NSSCertDatabase();
-  virtual ~NSSCertDatabase();
-
   // Certificate listing implementation used by |ListCerts*| and
   // |ListCertsSync|. Static so it may safely be used on the worker thread.
   // If |slot| is NULL, obtains the certs of all slots, otherwise only of
   // |slot|.
   static void ListCertsImpl(crypto::ScopedPK11Slot slot,
                             CertificateList* certs);
 
   // Gets task runner that should be used for slow tasks like certificate
   // listing. Defaults to a base::WorkerPool runner, but may be overriden
   // in tests (see SetSlowTaskRunnerForTest).
   scoped_refptr<base::TaskRunner> GetSlowTaskRunner() const;
 
  private:
-  friend struct base::DefaultLazyInstanceTraits<NSSCertDatabase>;
-
   // Registers |observer| to receive notifications of certificate changes.  The
   // thread on which this is called is the thread on which |observer| will be
   // called back with notifications.
   // NOTE: Observers registered here will only receive notifications generated
   // directly through the NSSCertDatabase, but not those from the CertDatabase.
   // CertDatabase observers will receive all certificate notifications.
   void AddObserver(Observer* observer);
 
   // Unregisters |observer| from receiving notifications.  This must be called
   // on the same thread on which AddObserver() was called.
   void RemoveObserver(Observer* observer);
 
   // Notifies observers of the removal of |cert| and calls |callback| with
   // |success| as argument.
   void NotifyCertRemovalAndCallBack(scoped_refptr<X509Certificate> cert,
                                     const DeleteCertCallback& callback,
                                     bool success);
 
   // Broadcasts notifications to all registered observers.
   void NotifyObserversOfCertAdded(const X509Certificate* cert);
   void NotifyObserversOfCertRemoved(const X509Certificate* cert);
   void NotifyObserversOfCACertChanged(const X509Certificate* cert);
 
   // Certificate removal implementation used by |DeleteCertAndKey*|. Static so
   // it may safely be used on the worker thread.
   static bool DeleteCertAndKeyImpl(scoped_refptr<X509Certificate> cert);
 
+  crypto::ScopedPK11Slot public_slot_;
+  crypto::ScopedPK11Slot private_slot_;
+
   // A helper observer that forwards events from this database to CertDatabase.
   scoped_ptr<Observer> cert_notification_forwarder_;
 
   // Task runner that should be used in tests if set.
   scoped_refptr<base::TaskRunner> slow_task_runner_for_test_;
 
   const scoped_refptr<ObserverListThreadSafe<Observer> > observer_list_;
 
   base::WeakPtrFactory<NSSCertDatabase> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(NSSCertDatabase);
 };
 
 }  // namespace net
 
 #endif  // NET_CERT_NSS_CERT_DATABASE_H_