Home | History | Annotate | Download | only in cert 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_CERT_NSS_CERT_DATABASE_CHROMEOS_
      6 #define NET_CERT_NSS_CERT_DATABASE_CHROMEOS_
      7 
      8 #include "base/callback.h"
      9 #include "base/memory/weak_ptr.h"
     10 #include "crypto/scoped_nss_types.h"
     11 #include "net/base/net_export.h"
     12 #include "net/cert/nss_cert_database.h"
     13 #include "net/cert/nss_profile_filter_chromeos.h"
     14 
     15 namespace net {
     16 
     17 class NET_EXPORT NSSCertDatabaseChromeOS : public NSSCertDatabase {
     18  public:
     19   NSSCertDatabaseChromeOS(crypto::ScopedPK11Slot public_slot,
     20                           crypto::ScopedPK11Slot private_slot);
     21   virtual ~NSSCertDatabaseChromeOS();
     22 
     23   // |system_slot| is the system TPM slot, which is only enabled for certain
     24   // users.
     25   void SetSystemSlot(crypto::ScopedPK11Slot system_slot);
     26 
     27   // NSSCertDatabase implementation.
     28   virtual void ListCertsSync(CertificateList* certs) OVERRIDE;
     29   virtual void ListCerts(const NSSCertDatabase::ListCertsCallback& callback)
     30       OVERRIDE;
     31   virtual void ListModules(CryptoModuleList* modules, bool need_rw) const
     32       OVERRIDE;
     33   virtual crypto::ScopedPK11Slot GetSystemSlot() const OVERRIDE;
     34 
     35   // TODO(mattm): handle trust setting, deletion, etc correctly when certs exist
     36   // in multiple slots.
     37   // TODO(mattm): handle trust setting correctly for certs in read-only slots.
     38 
     39  private:
     40   // Certificate listing implementation used by |ListCerts| and |ListCertsSync|.
     41   // The certificate list normally returned by NSSCertDatabase::ListCertsImpl
     42   // is additionally filtered by |profile_filter|.
     43   // Static so it may safely be used on the worker thread.
     44   static void ListCertsImpl(const NSSProfileFilterChromeOS& profile_filter,
     45                             CertificateList* certs);
     46 
     47   NSSProfileFilterChromeOS profile_filter_;
     48   crypto::ScopedPK11Slot system_slot_;
     49 
     50   DISALLOW_COPY_AND_ASSIGN(NSSCertDatabaseChromeOS);
     51 };
     52 
     53 }  // namespace net
     54 
     55 #endif  // NET_CERT_NSS_CERT_DATABASE_CHROMEOS_
     56