unplugged-system/external/cronet/net/cert/nss_cert_database_chromeos.h

// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_
#define NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_

#include "base/functional/callback.h"
#include "base/memory/weak_ptr.h"
#include "crypto/scoped_nss_types.h"
#include "net/base/net_export.h"
#include "net/cert/nss_cert_database.h"
#include "net/cert/nss_profile_filter_chromeos.h"

namespace net {

class NET_EXPORT NSSCertDatabaseChromeOS : public NSSCertDatabase {
 public:
  NSSCertDatabaseChromeOS(crypto::ScopedPK11Slot public_slot,
                          crypto::ScopedPK11Slot private_slot);

  NSSCertDatabaseChromeOS(const NSSCertDatabaseChromeOS&) = delete;
  NSSCertDatabaseChromeOS& operator=(const NSSCertDatabaseChromeOS&) = delete;

  ~NSSCertDatabaseChromeOS() override;

  // |system_slot| is the system TPM slot, which is only enabled for certain
  // users.
  void SetSystemSlot(crypto::ScopedPK11Slot system_slot);

  // NSSCertDatabase implementation.
  void ListCerts(NSSCertDatabase::ListCertsCallback callback) override;

  // Uses NSSCertDatabase implementation and adds additional Chrome OS specific
  // certificate information.
  void ListCertsInfo(ListCertsInfoCallback callback,
                     NSSRootsHandling nss_roots_handling) override;

  crypto::ScopedPK11Slot GetSystemSlot() const override;

  void ListModules(std::vector<crypto::ScopedPK11Slot>* modules,
                   bool need_rw) const override;
  bool SetCertTrust(CERTCertificate* cert,
                    CertType type,
                    TrustBits trust_bits) override;

  // TODO(mattm): handle trust setting, deletion, etc correctly when certs exist
  // in multiple slots.
  // TODO(mattm): handle trust setting correctly for certs in read-only slots.

 private:
  // Certificate listing implementation used by |ListCerts|.
  // The certificate list normally returned by NSSCertDatabase::ListCertsImpl
  // is additionally filtered by |profile_filter|.
  // Static so it may safely be used on the worker thread.
  static ScopedCERTCertificateList ListCertsImpl(
      const NSSProfileFilterChromeOS& profile_filter);

  // Certificate information listing implementation used by |ListCertsInfo|.
  // The certificate list normally returned by
  // NSSCertDatabase::ListCertsInfoImpl is additionally filtered by
  // |profile_filter|. Also additional Chrome OS specific information is added.
  // Static so it may safely be used on the worker thread.
  static CertInfoList ListCertsInfoImpl(
      const NSSProfileFilterChromeOS& profile_filter,
      crypto::ScopedPK11Slot system_slot,
      bool add_certs_info,
      NSSRootsHandling nss_roots_handling);

  NSSProfileFilterChromeOS profile_filter_;
  crypto::ScopedPK11Slot system_slot_;
};

}  // namespace net

#endif  // NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_
Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00			`// Copyright 2013 The Chromium Authors`
			`// Use of this source code is governed by a BSD-style license that can be`
			`// found in the LICENSE file.`

			`#ifndef NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_`
			`#define NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_`

			`#include "base/functional/callback.h"`
			`#include "base/memory/weak_ptr.h"`
			`#include "crypto/scoped_nss_types.h"`
			`#include "net/base/net_export.h"`
			`#include "net/cert/nss_cert_database.h"`
			`#include "net/cert/nss_profile_filter_chromeos.h"`

			`namespace net {`

			`class NET_EXPORT NSSCertDatabaseChromeOS : public NSSCertDatabase {`
			`public:`
			`NSSCertDatabaseChromeOS(crypto::ScopedPK11Slot public_slot,`
			`crypto::ScopedPK11Slot private_slot);`

			`NSSCertDatabaseChromeOS(const NSSCertDatabaseChromeOS&) = delete;`
			`NSSCertDatabaseChromeOS& operator=(const NSSCertDatabaseChromeOS&) = delete;`

			`~NSSCertDatabaseChromeOS() override;`

			`// \|system_slot\| is the system TPM slot, which is only enabled for certain`
			`// users.`
			`void SetSystemSlot(crypto::ScopedPK11Slot system_slot);`

			`// NSSCertDatabase implementation.`
			`void ListCerts(NSSCertDatabase::ListCertsCallback callback) override;`

			`// Uses NSSCertDatabase implementation and adds additional Chrome OS specific`
			`// certificate information.`
			`void ListCertsInfo(ListCertsInfoCallback callback,`
			`NSSRootsHandling nss_roots_handling) override;`

			`crypto::ScopedPK11Slot GetSystemSlot() const override;`

			`void ListModules(std::vector<crypto::ScopedPK11Slot>* modules,`
			`bool need_rw) const override;`
			`bool SetCertTrust(CERTCertificate* cert,`
			`CertType type,`
			`TrustBits trust_bits) override;`

			`// TODO(mattm): handle trust setting, deletion, etc correctly when certs exist`
			`// in multiple slots.`
			`// TODO(mattm): handle trust setting correctly for certs in read-only slots.`

			`private:`
			`// Certificate listing implementation used by \|ListCerts\|.`
			`// The certificate list normally returned by NSSCertDatabase::ListCertsImpl`
			`// is additionally filtered by \|profile_filter\|.`
			`// Static so it may safely be used on the worker thread.`
			`static ScopedCERTCertificateList ListCertsImpl(`
			`const NSSProfileFilterChromeOS& profile_filter);`

			`// Certificate information listing implementation used by \|ListCertsInfo\|.`
			`// The certificate list normally returned by`
			`// NSSCertDatabase::ListCertsInfoImpl is additionally filtered by`
			`// \|profile_filter\|. Also additional Chrome OS specific information is added.`
			`// Static so it may safely be used on the worker thread.`
			`static CertInfoList ListCertsInfoImpl(`
			`const NSSProfileFilterChromeOS& profile_filter,`
			`crypto::ScopedPK11Slot system_slot,`
			`bool add_certs_info,`
			`NSSRootsHandling nss_roots_handling);`

			`NSSProfileFilterChromeOS profile_filter_;`
			`crypto::ScopedPK11Slot system_slot_;`
			`};`

			`} // namespace net`

			`#endif // NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_`