8 files changed, 37 insertions, 32 deletions
diff --git a/chrome/browser/certificate_manager_model.cc b/chrome/browser/certificate_manager_model.cc
index 63f89a4..1dbd985 100644
--- a/chrome/browser/certificate_manager_model.cc
+++ b/chrome/browser/certificate_manager_model.cc
@@ -123,7 +123,7 @@ int CertificateManagerModel::ImportFromPKCS12(net::CryptoModule* module,
 
 bool CertificateManagerModel::ImportCACerts(
     const net::CertificateList& certificates,
-    unsigned int trust_bits,
+    net::CertDatabase::TrustBits trust_bits,
     net::CertDatabase::ImportCertFailureList* not_imported) {
   bool result = cert_db_.ImportCACerts(certificates, trust_bits, not_imported);
   if (result && not_imported->size() != certificates.size())
@@ -140,9 +140,10 @@ bool CertificateManagerModel::ImportServerCert(
   return result;
 }
 
-bool CertificateManagerModel::SetCertTrust(const net::X509Certificate* cert,
-                                           net::CertType type,
-                                           unsigned int trust_bits) {
+bool CertificateManagerModel::SetCertTrust(
+    const net::X509Certificate* cert,
+    net::CertType type,
+    net::CertDatabase::TrustBits trust_bits) {
   return cert_db_.SetCertTrust(cert, type, trust_bits);
 }
 
diff --git a/chrome/browser/certificate_manager_model.h b/chrome/browser/certificate_manager_model.h
index 0852290..a824094 100644
--- a/chrome/browser/certificate_manager_model.h
+++ b/chrome/browser/certificate_manager_model.h
@@ -73,7 +73,7 @@ class CertificateManagerModel {
   // |not_imported| should be checked for any certificates that were not
   // imported.
   bool ImportCACerts(const net::CertificateList& certificates,
-                     unsigned int trust_bits,
+                     net::CertDatabase::TrustBits trust_bits,
                      net::CertDatabase::ImportCertFailureList* not_imported);
 
   // Import server certificate.  The first cert should be the server cert.  Any
@@ -94,7 +94,7 @@ class CertificateManagerModel {
   // Returns true on success or false on failure.
   bool SetCertTrust(const net::X509Certificate* cert,
                     net::CertType type,
-                    unsigned int trust_bits);
+                    net::CertDatabase::TrustBits trust_bits);
 
   // Delete the cert.  Returns true on success.  |cert| is still valid when this
   // function returns.
diff --git a/chrome/browser/ui/webui/options/certificate_manager_handler.cc b/chrome/browser/ui/webui/options/certificate_manager_handler.cc
index fe507b51..94af879 100644
--- a/chrome/browser/ui/webui/options/certificate_manager_handler.cc
+++ b/chrome/browser/ui/webui/options/certificate_manager_handler.cc
@@ -464,13 +464,14 @@ void CertificateManagerHandler::GetCATrust(const ListValue* args) {
     return;
   }
 
-  int trust = certificate_manager_model_->cert_db().GetCertTrust(
-      cert, net::CA_CERT);
-  using base::FundamentalValue;
-  FundamentalValue ssl_value(bool(trust & net::CertDatabase::TRUSTED_SSL));
-  FundamentalValue email_value(bool(trust & net::CertDatabase::TRUSTED_EMAIL));
-  FundamentalValue obj_sign_value(
-      bool(trust & net::CertDatabase::TRUSTED_OBJ_SIGN));
+  net::CertDatabase::TrustBits trust_bits =
+      certificate_manager_model_->cert_db().GetCertTrust(cert, net::CA_CERT);
+  base::FundamentalValue ssl_value(
+      static_cast<bool>(trust_bits & net::CertDatabase::TRUSTED_SSL));
+  base::FundamentalValue email_value(
+      static_cast<bool>(trust_bits & net::CertDatabase::TRUSTED_EMAIL));
+  base::FundamentalValue obj_sign_value(
+      static_cast<bool>(trust_bits & net::CertDatabase::TRUSTED_OBJ_SIGN));
   web_ui_->CallJavascriptFunction(
       "CertificateEditCaTrustOverlay.populateTrust",
       ssl_value, email_value, obj_sign_value);
diff --git a/net/base/cert_database.h b/net/base/cert_database.h
index 0c94c93..7f8c31c 100644
--- a/net/base/cert_database.h
+++ b/net/base/cert_database.h
@@ -77,6 +77,9 @@ class NET_EXPORT CertDatabase {
   // trusted as a server.
   // For EMAIL_CERT, only TRUSTED_EMAIL makes sense, and specifies the cert is
   // trusted for email.
+  // NOTE: The actual constants are defined using an enum instead of static
+  // consts due to compilation/linkage constraints with template functions.
+  typedef uint32 TrustBits;
   enum {
     UNTRUSTED        =      0,
     TRUSTED_SSL      = 1 << 0,
@@ -142,7 +145,7 @@ class NET_EXPORT CertDatabase {
   // |not_imported| should be checked for any certificates that were not
   // imported.
   bool ImportCACerts(const CertificateList& certificates,
-                     unsigned int trust_bits,
+                     TrustBits trust_bits,
                      ImportCertFailureList* not_imported);
 
   // Import server certificate.  The first cert should be the server cert.  Any
@@ -157,13 +160,13 @@ class NET_EXPORT CertDatabase {
                         ImportCertFailureList* not_imported);
 
   // Get trust bits for certificate.
-  unsigned int GetCertTrust(const X509Certificate* cert, CertType type) const;
+  TrustBits GetCertTrust(const X509Certificate* cert, CertType type) const;
 
   // Set trust values for certificate.
   // Returns true on success or false on failure.
   bool SetCertTrust(const X509Certificate* cert,
                     CertType type,
-                    unsigned int trust_bits);
+                    TrustBits trust_bits);
 
   // Delete certificate and associated private key (if one exists).
   // Returns true on success or false on failure.
diff --git a/net/base/cert_database_nss.cc b/net/base/cert_database_nss.cc
index 8fb51e0..e198e35 100644
--- a/net/base/cert_database_nss.cc
+++ b/net/base/cert_database_nss.cc
@@ -197,7 +197,7 @@ X509Certificate* CertDatabase::FindRootInList(
 }
 
 bool CertDatabase::ImportCACerts(const CertificateList& certificates,
-                                 unsigned int trust_bits,
+                                 TrustBits trust_bits,
                                  ImportCertFailureList* not_imported) {
   X509Certificate* root = FindRootInList(certificates);
   bool success = psm::ImportCACerts(certificates, root, trust_bits,
@@ -213,8 +213,8 @@ bool CertDatabase::ImportServerCert(const CertificateList& certificates,
   return psm::ImportServerCert(certificates, not_imported);
 }
 
-unsigned int CertDatabase::GetCertTrust(
-    const X509Certificate* cert, CertType type) const {
+CertDatabase::TrustBits CertDatabase::GetCertTrust(const X509Certificate* cert,
+                                                   CertType type) const {
   CERTCertTrust nsstrust;
   SECStatus srv = CERT_GetCertTrust(cert->os_cert_handle(), &nsstrust);
   if (srv != SECSuccess) {
@@ -238,8 +238,8 @@ unsigned int CertDatabase::GetCertTrust(
 
 bool CertDatabase::SetCertTrust(const X509Certificate* cert,
                                 CertType type,
-                                unsigned int trusted) {
-  bool success = psm::SetCertTrust(cert, type, trusted);
+                                TrustBits trust_bits) {
+  bool success = psm::SetCertTrust(cert, type, trust_bits);
   if (success)
     CertDatabase::NotifyObserversOfCertTrustChanged(cert);
 
diff --git a/net/base/cert_database_openssl.cc b/net/base/cert_database_openssl.cc
index 333d04c..ca429c08 100644
--- a/net/base/cert_database_openssl.cc
+++ b/net/base/cert_database_openssl.cc
@@ -82,8 +82,8 @@ bool CertDatabase::DeleteCertAndKey(const X509Certificate* cert) {
   return false;
 }
 
-unsigned int CertDatabase::GetCertTrust(const X509Certificate* cert,
-                                        CertType type) const {
+CertDatabase::TrustBits CertDatabase::GetCertTrust(const X509Certificate* cert,
+                                                   CertType type) const {
   // TODO(bulach): implement me.
   NOTIMPLEMENTED();
   return 0;
@@ -91,7 +91,7 @@ unsigned int CertDatabase::GetCertTrust(const X509Certificate* cert,
 
 bool CertDatabase::SetCertTrust(const X509Certificate* cert,
                                 CertType type,
-                                unsigned int trust_bits) {
+                                TrustBits trust_bits) {
   // TODO(bulach): implement me.
   NOTIMPLEMENTED();
   return false;
diff --git a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
index a430889..3e50cd1 100644
--- a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
+++ b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
@@ -54,7 +54,7 @@ namespace mozilla_security_manager {
 // Based on nsNSSCertificateDB::handleCACertDownload, minus the UI bits.
 bool ImportCACerts(const net::CertificateList& certificates,
                    net::X509Certificate* root,
-                   unsigned int trustBits,
+                   net::CertDatabase::TrustBits trustBits,
                    net::CertDatabase::ImportCertFailureList* not_imported) {
   crypto::ScopedPK11Slot slot(crypto::GetPublicNSSKeySlot());
   if (!slot.get()) {
@@ -200,7 +200,7 @@ bool ImportServerCert(const net::CertificateList& certificates,
 bool
 SetCertTrust(const net::X509Certificate* cert,
              net::CertType type,
-             unsigned int trusted)
+             net::CertDatabase::TrustBits trustBits)
 {
   SECStatus srv;
   nsNSSCertTrust trust;
@@ -208,16 +208,16 @@ SetCertTrust(const net::X509Certificate* cert,
   if (type == net::CA_CERT) {
     // always start with untrusted and move up
     trust.SetValidCA();
-    trust.AddCATrust(trusted & net::CertDatabase::TRUSTED_SSL,
-                     trusted & net::CertDatabase::TRUSTED_EMAIL,
-                     trusted & net::CertDatabase::TRUSTED_OBJ_SIGN);
+    trust.AddCATrust(trustBits & net::CertDatabase::TRUSTED_SSL,
+                     trustBits & net::CertDatabase::TRUSTED_EMAIL,
+                     trustBits & net::CertDatabase::TRUSTED_OBJ_SIGN);
     srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(),
                                nsscert,
                                trust.GetTrust());
   } else if (type == net::SERVER_CERT) {
     // always start with untrusted and move up
     trust.SetValidPeer();
-    trust.AddPeerTrust(trusted & net::CertDatabase::TRUSTED_SSL, 0, 0);
+    trust.AddPeerTrust(trustBits & net::CertDatabase::TRUSTED_SSL, 0, 0);
     srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(),
                                nsscert,
                                trust.GetTrust());
diff --git a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.h b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.h
index f41c60e..29acaf9 100644
--- a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.h
+++ b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.h
@@ -54,7 +54,7 @@ namespace mozilla_security_manager {
 
 bool ImportCACerts(const net::CertificateList& certificates,
                    net::X509Certificate* root,
-                   unsigned int trustBits,
+                   net::CertDatabase::TrustBits trustBits,
                    net::CertDatabase::ImportCertFailureList* not_imported);
 
 bool ImportServerCert(const net::CertificateList& certificates,
@@ -62,7 +62,7 @@ bool ImportServerCert(const net::CertificateList& certificates,
 
 bool SetCertTrust(const net::X509Certificate* cert,
                   net::CertType type,
-                  unsigned int trusted);
+                  net::CertDatabase::TrustBits trustBits);
 
 }  // namespace mozilla_security_manager