NSS: Unlock crypto devices when populating cert manager.

net/base/cert_database_nss.cc

Index: net/base/cert_database_nss.cc
diff --git a/net/base/cert_database_nss.cc b/net/base/cert_database_nss.cc
index db2c47ad0451e63080c7558a6b87771a99a64ff0..eca5e8fec4b6a1e3c96cbfaea44f9155b2cf2d7e 100644
--- a/net/base/cert_database_nss.cc
+++ b/net/base/cert_database_nss.cc
@@ -118,6 +118,29 @@ CryptoModule* CertDatabase::GetDefaultModule() const {
   return module;
 }
 
+void CertDatabase::ListModules(CryptoModuleList* modules, bool need_rw) const {
+  modules->clear();
+
+  PK11SlotList* slot_list = NULL;
+  slot_list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,
+                                need_rw ? PR_TRUE : PR_FALSE,  // needRW
+                                PR_TRUE,  // loadCerts (unused)
+                                NULL);  // wincx

[wtc, 2011/03/02 03:33:28]

Please make sure it's OK to pass NULL as the wincx argument.  If not, we
should add a TODO comment.

[mattm, 2011/03/05 02:16:32]

Just double-checked.  It's only used if PK11_SetIsLoggedInFunc is used.  Added
comment.

+  if (!slot_list) {
+    LOG(ERROR) << "PK11_GetAllTokens failed: " << PORT_GetError();
+    return;
+  }
+
+  PK11SlotListElement* slot_element = PK11_GetFirstSafe(slot_list);
+  while (slot_element) {
+    modules->push_back(CryptoModule::CreateFromHandle(slot_element->slot));
+    slot_element = PK11_GetNextSafe(slot_list, slot_element,
+                                    PR_FALSE);  // restart
+  }
+
+  PK11_FreeSlotList(slot_list);
+}
+
 int CertDatabase::ImportFromPKCS12(
     net::CryptoModule* module,
     const std::string& data,