net/cert/nss_cert_database_chromeos.h - cobalt - Git at Google

 // Copyright 2013 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_
 #define NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_

 #include "base/functional/callback.h"
 #include "base/memory/weak_ptr.h"
 #include "crypto/scoped_nss_types.h"
 #include "net/base/net_export.h"
 #include "net/cert/nss_cert_database.h"
 #include "net/cert/nss_profile_filter_chromeos.h"

 namespace net {

 class NET_EXPORT NSSCertDatabaseChromeOS : public NSSCertDatabase {
  public:
   NSSCertDatabaseChromeOS(crypto::ScopedPK11Slot public_slot,
                           crypto::ScopedPK11Slot private_slot);

   NSSCertDatabaseChromeOS(const NSSCertDatabaseChromeOS&) = delete;
   NSSCertDatabaseChromeOS& operator=(const NSSCertDatabaseChromeOS&) = delete;

   ~NSSCertDatabaseChromeOS() override;

   // |system_slot| is the system TPM slot, which is only enabled for certain
   // users.
   void SetSystemSlot(crypto::ScopedPK11Slot system_slot);

   // NSSCertDatabase implementation.
   void ListCerts(NSSCertDatabase::ListCertsCallback callback) override;

   // Uses NSSCertDatabase implementation and adds additional Chrome OS specific
   // certificate information.
   void ListCertsInfo(ListCertsInfoCallback callback,
                      NSSRootsHandling nss_roots_handling) override;

   crypto::ScopedPK11Slot GetSystemSlot() const override;

   void ListModules(std::vector<crypto::ScopedPK11Slot>* modules,
                    bool need_rw) const override;
   bool SetCertTrust(CERTCertificate* cert,
                     CertType type,
                     TrustBits trust_bits) override;

   // TODO(mattm): handle trust setting, deletion, etc correctly when certs exist
   // in multiple slots.
   // TODO(mattm): handle trust setting correctly for certs in read-only slots.

  private:
   // Certificate listing implementation used by |ListCerts|.
   // The certificate list normally returned by NSSCertDatabase::ListCertsImpl
   // is additionally filtered by |profile_filter|.
   // Static so it may safely be used on the worker thread.
   static ScopedCERTCertificateList ListCertsImpl(
       const NSSProfileFilterChromeOS& profile_filter);

   // Certificate information listing implementation used by |ListCertsInfo|.
   // The certificate list normally returned by
   // NSSCertDatabase::ListCertsInfoImpl is additionally filtered by
   // |profile_filter|. Also additional Chrome OS specific information is added.
   // Static so it may safely be used on the worker thread.
   static CertInfoList ListCertsInfoImpl(
       const NSSProfileFilterChromeOS& profile_filter,
       crypto::ScopedPK11Slot system_slot,
       bool add_certs_info,
       NSSRootsHandling nss_roots_handling);

   NSSProfileFilterChromeOS profile_filter_;
   crypto::ScopedPK11Slot system_slot_;
 };

 }  // namespace net

 #endif  // NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_
	// Copyright 2013 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_
	#define NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_

	#include "base/functional/callback.h"
	#include "base/memory/weak_ptr.h"
	#include "crypto/scoped_nss_types.h"
	#include "net/base/net_export.h"
	#include "net/cert/nss_cert_database.h"
	#include "net/cert/nss_profile_filter_chromeos.h"

	namespace net {

	class NET_EXPORT NSSCertDatabaseChromeOS : public NSSCertDatabase {
	public:
	NSSCertDatabaseChromeOS(crypto::ScopedPK11Slot public_slot,
	crypto::ScopedPK11Slot private_slot);

	NSSCertDatabaseChromeOS(const NSSCertDatabaseChromeOS&) = delete;
	NSSCertDatabaseChromeOS& operator=(const NSSCertDatabaseChromeOS&) = delete;

	~NSSCertDatabaseChromeOS() override;

	// \|system_slot\| is the system TPM slot, which is only enabled for certain
	// users.
	void SetSystemSlot(crypto::ScopedPK11Slot system_slot);

	// NSSCertDatabase implementation.
	void ListCerts(NSSCertDatabase::ListCertsCallback callback) override;

	// Uses NSSCertDatabase implementation and adds additional Chrome OS specific
	// certificate information.
	void ListCertsInfo(ListCertsInfoCallback callback,
	NSSRootsHandling nss_roots_handling) override;

	crypto::ScopedPK11Slot GetSystemSlot() const override;

	void ListModules(std::vector<crypto::ScopedPK11Slot>* modules,
	bool need_rw) const override;
	bool SetCertTrust(CERTCertificate* cert,
	CertType type,
	TrustBits trust_bits) override;

	// TODO(mattm): handle trust setting, deletion, etc correctly when certs exist
	// in multiple slots.
	// TODO(mattm): handle trust setting correctly for certs in read-only slots.

	private:
	// Certificate listing implementation used by \|ListCerts\|.
	// The certificate list normally returned by NSSCertDatabase::ListCertsImpl
	// is additionally filtered by \|profile_filter\|.
	// Static so it may safely be used on the worker thread.
	static ScopedCERTCertificateList ListCertsImpl(
	const NSSProfileFilterChromeOS& profile_filter);

	// Certificate information listing implementation used by \|ListCertsInfo\|.
	// The certificate list normally returned by
	// NSSCertDatabase::ListCertsInfoImpl is additionally filtered by
	// \|profile_filter\|. Also additional Chrome OS specific information is added.
	// Static so it may safely be used on the worker thread.
	static CertInfoList ListCertsInfoImpl(
	const NSSProfileFilterChromeOS& profile_filter,
	crypto::ScopedPK11Slot system_slot,
	bool add_certs_info,
	NSSRootsHandling nss_roots_handling);

	NSSProfileFilterChromeOS profile_filter_;
	crypto::ScopedPK11Slot system_slot_;
	};

	} // namespace net

	#endif // NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_