Plumbing SSLPrivateKey

net/ssl/ssl_platform_key_mac.cc

Index: net/ssl/ssl_platform_key_mac.cc
diff --git a/net/ssl/ssl_platform_key_mac.cc b/net/ssl/ssl_platform_key_mac.cc
index 2f2974c47582208b96caf0e4c1554165268dc19b..7da9a7749f2df67f5083f5b5359841bc39000510 100644
--- a/net/ssl/ssl_platform_key_mac.cc
+++ b/net/ssl/ssl_platform_key_mac.cc
@@ -36,6 +36,9 @@ namespace net {
 
 namespace {
 
+base::LazyInstance<SSLPlatformKeyTaskRunner>::Leaky g_platform_key_task_runner =
+    LAZY_INSTANCE_INITIALIZER;
+
 class ScopedCSSM_CC_HANDLE {
  public:
   ScopedCSSM_CC_HANDLE() : handle_(0) {}
@@ -212,9 +215,12 @@ class SSLPlatformKeyMac : public ThreadedSSLPrivateKey::Delegate {
 
 }  // namespace
 
-scoped_ptr<SSLPrivateKey> FetchClientCertPrivateKey(
-    X509Certificate* certificate,
-    scoped_refptr<base::SequencedTaskRunner> task_runner) {
+scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey(
+    X509Certificate* certificate) {
+  if (!certificate) {

[davidben, 2015/09/25 20:10:12]

Any reason not to have the caller handle null? This seems the sort of function
that doesn't really have a reason to allow null when you ask it to do something
with a certificate.

[svaldez, 2015/09/28 16:54:53]

Then we'd have to check both at the caller that the argument isn't null and also
check that the private key returned isn't null. A null cert and a null private
key should continue down the same code path, since they both mean we can't use
this cert.

[davidben, 2015/10/13 20:32:15]

In general, APIs shouldn't silently try to handle null unless what the function
does inherently wants a nullable type. I'm not sure this does. There also aren't
that many callers of FetchClientCertPrivateKey which actually can have a null
input it seems. Just the SSLClientAuthObserver thing as far as I can tell.

There's even more implementations of this function, actually. :-)

[svaldez, 2015/10/14 15:06:18]

Done.

+    return nullptr;
+  }
+
   // Look up the private key.
   base::ScopedCFTypeRef<SecKeyRef> private_key(
       FetchSecKeyRefForCertificate(certificate));
@@ -231,9 +237,9 @@ scoped_ptr<SSLPrivateKey> FetchClientCertPrivateKey(
     LOG(ERROR) << "Unknown key type: " << cssm_key->KeyHeader.AlgorithmId;
     return nullptr;
   }
-  return make_scoped_ptr(new ThreadedSSLPrivateKey(
+  return make_scoped_refptr(new ThreadedSSLPrivateKey(
       make_scoped_ptr(new SSLPlatformKeyMac(private_key.get(), cssm_key)),
-      task_runner.Pass()));
+      g_platform_key_task_runner.Get().task_runner().Pass()));
 }
 
 }  // namespace net