net/cert/nss_cert_database_chromeos.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_CERT_NSS_CERT_DATABASE_CHROMEOS_
   6 #define NET_CERT_NSS_CERT_DATABASE_CHROMEOS_
   7
   8 #include "base/callback.h"
   9 #include "base/memory/weak_ptr.h"
  10 #include "crypto/scoped_nss_types.h"
  11 #include "net/base/net_export.h"
  12 #include "net/cert/nss_cert_database.h"
  13 #include "net/cert/nss_profile_filter_chromeos.h"
  14
  15 namespace net {
  16
  17 class NET_EXPORT NSSCertDatabaseChromeOS : public NSSCertDatabase {
  18  public:
  19   NSSCertDatabaseChromeOS(crypto::ScopedPK11Slot public_slot,
  20                           crypto::ScopedPK11Slot private_slot);
  21   virtual ~NSSCertDatabaseChromeOS();
  22
  23   // |system_slot| is the system TPM slot, which is only enabled for certain
  24   // users.
  25   void SetSystemSlot(crypto::ScopedPK11Slot system_slot);
  26
  27   // NSSCertDatabase implementation.
  28   virtual void ListCertsSync(CertificateList* certs) override;
  29   virtual void ListCerts(const NSSCertDatabase::ListCertsCallback& callback)
  30       override;
  31   virtual void ListModules(CryptoModuleList* modules, bool need_rw) const
  32       override;
  33   virtual crypto::ScopedPK11Slot GetSystemSlot() const override;
  34
  35   // TODO(mattm): handle trust setting, deletion, etc correctly when certs exist
  36   // in multiple slots.
  37   // TODO(mattm): handle trust setting correctly for certs in read-only slots.
  38
  39  private:
  40   // Certificate listing implementation used by |ListCerts| and |ListCertsSync|.
  41   // The certificate list normally returned by NSSCertDatabase::ListCertsImpl
  42   // is additionally filtered by |profile_filter|.
  43   // Static so it may safely be used on the worker thread.
  44   static void ListCertsImpl(const NSSProfileFilterChromeOS& profile_filter,
  45                             CertificateList* certs);
  46
  47   NSSProfileFilterChromeOS profile_filter_;
  48   crypto::ScopedPK11Slot system_slot_;
  49
  50   DISALLOW_COPY_AND_ASSIGN(NSSCertDatabaseChromeOS);
  51 };
  52
  53 }  // namespace net
  54
  55 #endif  // NET_CERT_NSS_CERT_DATABASE_CHROMEOS_