Use user specific NSSDatabase in CertLoader.

chromeos/network/client_cert_resolver.cc

Index: chromeos/network/client_cert_resolver.cc
diff --git a/chromeos/network/client_cert_resolver.cc b/chromeos/network/client_cert_resolver.cc
index 018609f93898995c925d1d56d3d6637b904acf19..2c15fbfcec4558ac7ccf470ad683821df7443b1d 100644
--- a/chromeos/network/client_cert_resolver.cc
+++ b/chromeos/network/client_cert_resolver.cc
@@ -27,6 +27,7 @@
 #include "chromeos/network/managed_network_configuration_handler.h"
 #include "chromeos/network/network_state_handler.h"
 #include "chromeos/network/network_ui_data.h"
+#include "chromeos/tpm_token_loader.h"
 #include "components/onc/onc_constants.h"
 #include "dbus/object_path.h"
 #include "net/cert/x509_certificate.h"
@@ -254,7 +255,7 @@ bool ClientCertificatesLoaded() {
     VLOG(1) << "Certificates not loaded yet.";
     return false;
   }
-  if (!CertLoader::Get()->IsHardwareBacked()) {
+  if (!CertLoader::Get()->is_hardware_backed()) {
     VLOG(1) << "TPM is not available.";
     return false;
   }
@@ -433,11 +434,15 @@ void ClientCertResolver::ConfigureCertificates(NetworkCertMatches* matches) {
        it != matches->end(); ++it) {
     VLOG(1) << "Configuring certificate of network " << it->service_path;
     CertLoader* cert_loader = CertLoader::Get();
+    std::string tpm_user_pin;
+    if (TPMTokenLoader::IsInitialized())

[stevenjb, 2014/01/23 18:17:42]

This should always be true, shouldn't it?
CertLoader::Get()->is_hardware_backed() would be false otherwise, right? So
ClientCertificatesLoaded() should always be false and we shouldn't get here?

[tbarzic, 2014/01/23 19:18:37]

It could have happened in tests (but started using dummy version)

+      tpm_user_pin = TPMTokenLoader::Get()->tpm_user_pin();
+
     base::DictionaryValue shill_properties;
     client_cert::SetShillProperties(
         it->cert_config_type,
         base::IntToString(cert_loader->tpm_token_slot_id()),
-        cert_loader->tpm_user_pin(),
+        tpm_user_pin,
         &it->pkcs11_id,
         &shill_properties);
     DBusThreadManager::Get()->GetShillServiceClient()->