Introduce a typedef for users of the SSL cert trust bits. This allows lots of callers wishing to refer to "a bitfield composed of these values" to use an explicit type instead of "int". I find the resulting code to be noticeably clearer, and a similar change for another type exposed a bug where not having an explicit type allowed a function argument ordering bug to creep in, so I claim this is safer too.

The constants are still defined using an enum, because due to how macros like EXPECT_EQ are implemented, converting to use the typedef requires either separating the constant declarations and definitions (reducing readability) or converting EXPECT_EQ(b, a) -> EXPECT_TRUE (a == b) in various places. BUG=92247 TEST=Compiles Review URL: http://codereview.chromium.org/7823006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@101989 0039d316-1c4b-4281-b951-d872f2087c98
author: pkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-09-20 18:44:54 +0000
committer: pkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-09-20 18:44:54 +0000
commit: c79b784d1fe54002f3ed259c9ffcaa2a71c9cf45 (patch)
tree: 3c634bd1944153837a88d4b209a7eb985c4c0add /net
parent: d5a0913eae47ba1dbf0c50429b02f65963dde5fd (diff)
download: chromium_src-c79b784d1fe54002f3ed259c9ffcaa2a71c9cf45.zip
chromium_src-c79b784d1fe54002f3ed259c9ffcaa2a71c9cf45.tar.gz
chromium_src-c79b784d1fe54002f3ed259c9ffcaa2a71c9cf45.tar.bz2
5 files changed, 22 insertions, 19 deletions
diff --git a/net/base/cert_database.h b/net/base/cert_database.h
index 0c94c93..7f8c31c 100644
--- a/net/base/cert_database.h
+++ b/net/base/cert_database.h
@@ -77,6 +77,9 @@ class NET_EXPORT CertDatabase {
   // trusted as a server.
   // For EMAIL_CERT, only TRUSTED_EMAIL makes sense, and specifies the cert is
   // trusted for email.
+  // NOTE: The actual constants are defined using an enum instead of static
+  // consts due to compilation/linkage constraints with template functions.
+  typedef uint32 TrustBits;
   enum {
     UNTRUSTED        =      0,
     TRUSTED_SSL      = 1 << 0,
@@ -142,7 +145,7 @@ class NET_EXPORT CertDatabase {
   // |not_imported| should be checked for any certificates that were not
   // imported.
   bool ImportCACerts(const CertificateList& certificates,
-                     unsigned int trust_bits,
+                     TrustBits trust_bits,
                      ImportCertFailureList* not_imported);
 
   // Import server certificate.  The first cert should be the server cert.  Any
@@ -157,13 +160,13 @@ class NET_EXPORT CertDatabase {
                         ImportCertFailureList* not_imported);
 
   // Get trust bits for certificate.
-  unsigned int GetCertTrust(const X509Certificate* cert, CertType type) const;
+  TrustBits GetCertTrust(const X509Certificate* cert, CertType type) const;
 
   // Set trust values for certificate.
   // Returns true on success or false on failure.
   bool SetCertTrust(const X509Certificate* cert,
                     CertType type,
-                    unsigned int trust_bits);
+                    TrustBits trust_bits);
 
   // Delete certificate and associated private key (if one exists).
   // Returns true on success or false on failure.
diff --git a/net/base/cert_database_nss.cc b/net/base/cert_database_nss.cc
index 8fb51e0..e198e35 100644
--- a/net/base/cert_database_nss.cc
+++ b/net/base/cert_database_nss.cc
@@ -197,7 +197,7 @@ X509Certificate* CertDatabase::FindRootInList(
 }
 
 bool CertDatabase::ImportCACerts(const CertificateList& certificates,
-                                 unsigned int trust_bits,
+                                 TrustBits trust_bits,
                                  ImportCertFailureList* not_imported) {
   X509Certificate* root = FindRootInList(certificates);
   bool success = psm::ImportCACerts(certificates, root, trust_bits,
@@ -213,8 +213,8 @@ bool CertDatabase::ImportServerCert(const CertificateList& certificates,
   return psm::ImportServerCert(certificates, not_imported);
 }
 
-unsigned int CertDatabase::GetCertTrust(
-    const X509Certificate* cert, CertType type) const {
+CertDatabase::TrustBits CertDatabase::GetCertTrust(const X509Certificate* cert,
+                                                   CertType type) const {
   CERTCertTrust nsstrust;
   SECStatus srv = CERT_GetCertTrust(cert->os_cert_handle(), &nsstrust);
   if (srv != SECSuccess) {
@@ -238,8 +238,8 @@ unsigned int CertDatabase::GetCertTrust(
 
 bool CertDatabase::SetCertTrust(const X509Certificate* cert,
                                 CertType type,
-                                unsigned int trusted) {
-  bool success = psm::SetCertTrust(cert, type, trusted);
+                                TrustBits trust_bits) {
+  bool success = psm::SetCertTrust(cert, type, trust_bits);
   if (success)
     CertDatabase::NotifyObserversOfCertTrustChanged(cert);
 
diff --git a/net/base/cert_database_openssl.cc b/net/base/cert_database_openssl.cc
index 333d04c..ca429c08 100644
--- a/net/base/cert_database_openssl.cc
+++ b/net/base/cert_database_openssl.cc
@@ -82,8 +82,8 @@ bool CertDatabase::DeleteCertAndKey(const X509Certificate* cert) {
   return false;
 }
 
-unsigned int CertDatabase::GetCertTrust(const X509Certificate* cert,
-                                        CertType type) const {
+CertDatabase::TrustBits CertDatabase::GetCertTrust(const X509Certificate* cert,
+                                                   CertType type) const {
   // TODO(bulach): implement me.
   NOTIMPLEMENTED();
   return 0;
@@ -91,7 +91,7 @@ unsigned int CertDatabase::GetCertTrust(const X509Certificate* cert,
 
 bool CertDatabase::SetCertTrust(const X509Certificate* cert,
                                 CertType type,
-                                unsigned int trust_bits) {
+                                TrustBits trust_bits) {
   // TODO(bulach): implement me.
   NOTIMPLEMENTED();
   return false;
diff --git a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
index a430889..3e50cd1 100644
--- a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
+++ b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
@@ -54,7 +54,7 @@ namespace mozilla_security_manager {
 // Based on nsNSSCertificateDB::handleCACertDownload, minus the UI bits.
 bool ImportCACerts(const net::CertificateList& certificates,
                    net::X509Certificate* root,
-                   unsigned int trustBits,
+                   net::CertDatabase::TrustBits trustBits,
                    net::CertDatabase::ImportCertFailureList* not_imported) {
   crypto::ScopedPK11Slot slot(crypto::GetPublicNSSKeySlot());
   if (!slot.get()) {
@@ -200,7 +200,7 @@ bool ImportServerCert(const net::CertificateList& certificates,
 bool
 SetCertTrust(const net::X509Certificate* cert,
              net::CertType type,
-             unsigned int trusted)
+             net::CertDatabase::TrustBits trustBits)
 {
   SECStatus srv;
   nsNSSCertTrust trust;
@@ -208,16 +208,16 @@ SetCertTrust(const net::X509Certificate* cert,
   if (type == net::CA_CERT) {
     // always start with untrusted and move up
     trust.SetValidCA();
-    trust.AddCATrust(trusted & net::CertDatabase::TRUSTED_SSL,
-                     trusted & net::CertDatabase::TRUSTED_EMAIL,
-                     trusted & net::CertDatabase::TRUSTED_OBJ_SIGN);
+    trust.AddCATrust(trustBits & net::CertDatabase::TRUSTED_SSL,
+                     trustBits & net::CertDatabase::TRUSTED_EMAIL,
+                     trustBits & net::CertDatabase::TRUSTED_OBJ_SIGN);
     srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(),
                                nsscert,
                                trust.GetTrust());
   } else if (type == net::SERVER_CERT) {
     // always start with untrusted and move up
     trust.SetValidPeer();
-    trust.AddPeerTrust(trusted & net::CertDatabase::TRUSTED_SSL, 0, 0);
+    trust.AddPeerTrust(trustBits & net::CertDatabase::TRUSTED_SSL, 0, 0);
     srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(),
                                nsscert,
                                trust.GetTrust());
diff --git a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.h b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.h
index f41c60e..29acaf9 100644
--- a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.h
+++ b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.h
@@ -54,7 +54,7 @@ namespace mozilla_security_manager {
 
 bool ImportCACerts(const net::CertificateList& certificates,
                    net::X509Certificate* root,
-                   unsigned int trustBits,
+                   net::CertDatabase::TrustBits trustBits,
                    net::CertDatabase::ImportCertFailureList* not_imported);
 
 bool ImportServerCert(const net::CertificateList& certificates,
@@ -62,7 +62,7 @@ bool ImportServerCert(const net::CertificateList& certificates,
 
 bool SetCertTrust(const net::X509Certificate* cert,
                   net::CertType type,
-                  unsigned int trusted);
+                  net::CertDatabase::TrustBits trustBits);
 
 }  // namespace mozilla_security_manager
author	pkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-09-20 18:44:54 +0000
committer	pkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-09-20 18:44:54 +0000
commit	c79b784d1fe54002f3ed259c9ffcaa2a71c9cf45 (patch)
tree	3c634bd1944153837a88d4b209a7eb985c4c0add /net
parent	d5a0913eae47ba1dbf0c50429b02f65963dde5fd (diff)
download	chromium_src-c79b784d1fe54002f3ed259c9ffcaa2a71c9cf45.zip chromium_src-c79b784d1fe54002f3ed259c9ffcaa2a71c9cf45.tar.gz chromium_src-c79b784d1fe54002f3ed259c9ffcaa2a71c9cf45.tar.bz2