Enable system NSS key slot.
This only affects users of domains that the device is registered to for policy.
All other users are unaffected (EnableNSSSystemKeySlotForResourceContext is only called for USER_AFFILIATION_MANAGED)
For the affected users, this enables and uses the slot for
- client authentication for TSL (see ClientCertStoreChromeOS)
- client authentication for 802.1x networks
- listing/removing certificates on the settings page (see CertificateManager)
In a follow up, also the enterprise.platformKeys API will be updated.
Depends on:
https://codereview.chromium.org/426983002/
https://codereview.chromium.org/428933002/
BUG=210525
[email protected], [email protected], [email protected], [email protected]
Review URL: https://codereview.chromium.org/424523002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@287175 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/chrome/browser/net/nss_context.h b/chrome/browser/net/nss_context.h
index 33023c00..8212ee14 100644
--- a/chrome/browser/net/nss_context.h
+++ b/chrome/browser/net/nss_context.h
@@ -46,6 +46,14 @@
const base::Callback<void(net::NSSCertDatabase*)>& callback)
WARN_UNUSED_RESULT;
+#if defined(OS_CHROMEOS)
+// Enables the system key slot in the NSSCertDatabase for the user associated
+// with |context|.
+// Must be called only on the IO thread.
+void EnableNSSSystemKeySlotForResourceContext(
+ content::ResourceContext* context);
+#endif
+
// Gets a pointer to the NSSCertDatabase for the user associated with |context|.
// It's a wrapper around |GetNSSCertDatabaseForResourceContext| which makes
// sure it's called on IO thread (with |profile|'s resource context). The
