Index: crypto/nss_util_internal.h |
diff --git a/crypto/nss_util_internal.h b/crypto/nss_util_internal.h |
index 056ec28c165d19b39a8c6a5643172216e587793e..fb76bd8fee51fe45ae7332bc33c2e8ac74b9a806 100644 |
--- a/crypto/nss_util_internal.h |
+++ b/crypto/nss_util_internal.h |
@@ -7,7 +7,14 @@ |
#include <secmodt.h> |
+#include "base/callback.h" |
+#include "base/compiler_specific.h" |
#include "crypto/crypto_export.h" |
+#include "crypto/scoped_nss_types.h" |
+ |
+namespace base { |
+class FilePath; |
+} |
// These functions return a type defined in an NSS header, and so cannot be |
// declared in nss_util.h. Hence, they are declared here. |
@@ -17,14 +24,14 @@ namespace crypto { |
// Returns a reference to the default NSS key slot for storing |
// public-key data only (e.g. server certs). Caller must release |
// returned reference with PK11_FreeSlot. |
-CRYPTO_EXPORT PK11SlotInfo* GetPublicNSSKeySlot(); |
+CRYPTO_EXPORT PK11SlotInfo* GetPublicNSSKeySlot() WARN_UNUSED_RESULT; |
// Returns a reference to the default slot for storing private-key and |
// mixed private-key/public-key data. Returns a hardware (TPM) NSS |
// key slot if on ChromeOS and EnableTPMForNSS() has been called |
// successfully. Caller must release returned reference with |
// PK11_FreeSlot. |
-CRYPTO_EXPORT PK11SlotInfo* GetPrivateNSSKeySlot(); |
+CRYPTO_EXPORT PK11SlotInfo* GetPrivateNSSKeySlot() WARN_UNUSED_RESULT; |
// A helper class that acquires the SECMOD list read lock while the |
// AutoSECMODListReadLock is in scope. |
@@ -38,6 +45,38 @@ class AutoSECMODListReadLock { |
DISALLOW_COPY_AND_ASSIGN(AutoSECMODListReadLock); |
}; |
+#if defined(OS_CHROMEOS) |
+// Prepare per-user NSS slot mapping. It is safe to call this function multiple |
+// times. Returns true if the user was added, or false if it already existed. |
+CRYPTO_EXPORT bool InitializeNSSForChromeOSUser( |
+ const std::string& email, |
+ const std::string& username_hash, |
+ bool is_primary_user, |
+ const base::FilePath& path) WARN_UNUSED_RESULT; |
+ |
+// Use TPM slot |slot_id| for user. InitializeNSSForChromeOSUser must have been |
+// called first. |
+CRYPTO_EXPORT void InitializeTPMForChromeOSUser( |
+ const std::string& username_hash, |
+ CK_SLOT_ID slot_id); |
+ |
+// Use the software slot as the private slot for user. |
+// InitializeNSSForChromeOSUser must have been called first. |
+CRYPTO_EXPORT void InitializePrivateSoftwareSlotForChromeOSUser( |
+ const std::string& username_hash); |
+ |
+// Returns a reference to the public slot for user. |
+CRYPTO_EXPORT ScopedPK11Slot GetPublicSlotForChromeOSUser( |
+ const std::string& username_hash) WARN_UNUSED_RESULT; |
+ |
+// Returns the private slot for |username_hash| if it is loaded. If it is not |
+// loaded and |callback| is non-null, the |callback| will be run once the slot |
+// is loaded. |
+CRYPTO_EXPORT ScopedPK11Slot GetPrivateSlotForChromeOSUser( |
+ const std::string& username_hash, |
+ const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT; |
+#endif // defined(OS_CHROMEOS) |
+ |
} // namespace crypto |
#endif // CRYPTO_NSS_UTIL_INTERNAL_H_ |