net/cert/nss_cert_database_chromeos.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_CERT_NSS_CERT_DATABASE_CHROMEOS_
   6 #define NET_CERT_NSS_CERT_DATABASE_CHROMEOS_
   7
   8 #include "base/callback.h"
   9 #include "base/memory/weak_ptr.h"
  10 #include "crypto/scoped_nss_types.h"
  11 #include "net/base/net_export.h"
  12 #include "net/cert/nss_cert_database.h"
  13 #include "net/cert/nss_profile_filter_chromeos.h"
  14
  15 namespace net {
  16
  17 class NET_EXPORT NSSCertDatabaseChromeOS : public NSSCertDatabase {
  18  public:
  19   NSSCertDatabaseChromeOS(crypto::ScopedPK11Slot public_slot,
  20                           crypto::ScopedPK11Slot private_slot);
  21   ~NSSCertDatabaseChromeOS() override;
  22
  23   // |system_slot| is the system TPM slot, which is only enabled for certain
  24   // users.
  25   void SetSystemSlot(crypto::ScopedPK11Slot system_slot);
  26
  27   // NSSCertDatabase implementation.
  28   void ListCertsSync(CertificateList* certs) override;
  29   void ListCerts(const NSSCertDatabase::ListCertsCallback& callback) override;
  30   void ListModules(CryptoModuleList* modules, bool need_rw) const override;
  31   crypto::ScopedPK11Slot GetSystemSlot() const override;
  32
  33   // TODO(mattm): handle trust setting, deletion, etc correctly when certs exist
  34   // in multiple slots.
  35   // TODO(mattm): handle trust setting correctly for certs in read-only slots.
  36
  37  private:
  38   // Certificate listing implementation used by |ListCerts| and |ListCertsSync|.
  39   // The certificate list normally returned by NSSCertDatabase::ListCertsImpl
  40   // is additionally filtered by |profile_filter|.
  41   // Static so it may safely be used on the worker thread.
  42   static void ListCertsImpl(const NSSProfileFilterChromeOS& profile_filter,
  43                             CertificateList* certs);
  44
  45   NSSProfileFilterChromeOS profile_filter_;
  46   crypto::ScopedPK11Slot system_slot_;
  47
  48   DISALLOW_COPY_AND_ASSIGN(NSSCertDatabaseChromeOS);
  49 };
  50
  51 }  // namespace net
  52
  53 #endif  // NET_CERT_NSS_CERT_DATABASE_CHROMEOS_