Call crypto::InitializeTPMToken on the IO thread

chromeos/network/cert_loader.h

Index: chromeos/network/cert_loader.h
diff --git a/chromeos/network/cert_loader.h b/chromeos/network/cert_loader.h
index a57d29a362069c05badc8527e98e6cd0816b5e9c..38019ef70fc2c282a729b482fb7ffdb7cfc22efd 100644
--- a/chromeos/network/cert_loader.h
+++ b/chromeos/network/cert_loader.h
@@ -19,6 +19,10 @@
 #include "net/cert/cert_database.h"
 #include "net/cert/x509_certificate.h"
 
+namespace base {
+class SequencedTaskRunner;
+}
+
 namespace crypto {
 class SymmetricKey;
 }
@@ -74,14 +78,24 @@ class CHROMEOS_EXPORT CertLoader : public net::CertDatabase::Observer,
   // This will be empty until certificates_loaded() is true.
   const net::CertificateList& cert_list() const { return cert_list_; }
 
+  // TEST, DO NOT CHECK IN
+  void InvalidateInitializeTokenFactory();
+  void InvalidateUpdateCertificatesFactory();
+  void InvalidateCryptoFactory();
+
  private:
   friend class NetworkHandler;
   CertLoader();
+  // |crypto_task_runner| is the task runner that any synchronous crypto calls
+  // should be made from. e.g. in Chrome this is the IO thread.
+  void Init(const scoped_refptr<base::SequencedTaskRunner>& crypto_task_runner);
 
   void RequestCertificates();
 
   // This is the cyclic chain of callbacks to initialize the TPM token and to
   // kick off the update of the certificate list.
+  void CallOpenPersistentNSSDB();
+  void OnPersistentNSSDBOpened();
   void InitializeTokenAndLoadCertificates();
   void RetryTokenInitializationLater();
   void OnTpmIsEnabled(DBusMethodCallStatus call_status,
@@ -91,7 +105,7 @@ class CHROMEOS_EXPORT CertLoader : public net::CertDatabase::Observer,
   void OnPkcs11GetTpmTokenInfo(DBusMethodCallStatus call_status,
                                const std::string& token_name,
                                const std::string& user_pin);
-  void InitializeNSSForTPMToken();
+  void OnTPMTokenInitialized(bool success);
 
   // These calls handle the updating of the certificate list after the TPM token
   // was initialized.
@@ -119,11 +133,12 @@ class CHROMEOS_EXPORT CertLoader : public net::CertDatabase::Observer,
   // be left.
   enum TPMTokenState {
     TPM_STATE_UNKNOWN,
+    TPM_DB_OPENED,
     TPM_DISABLED,
     TPM_ENABLED,
     TPM_TOKEN_READY,
     TPM_TOKEN_INFO_RECEIVED,
-    TPM_TOKEN_NSS_INITIALIZED,
+    TPM_TOKEN_INITIALIZED,
   };
   TPMTokenState tpm_token_state_;
 
@@ -141,6 +156,9 @@ class CHROMEOS_EXPORT CertLoader : public net::CertDatabase::Observer,
 
   base::ThreadChecker thread_checker_;
 
+  // TaskRunner for crypto calls.
+  scoped_refptr<base::SequencedTaskRunner> crypto_task_runner_;
+
   // This factory should be used only for callbacks during TPMToken
   // initialization.
   base::WeakPtrFactory<CertLoader> initialize_token_factory_;
@@ -149,6 +167,9 @@ class CHROMEOS_EXPORT CertLoader : public net::CertDatabase::Observer,
   // certificate list.
   base::WeakPtrFactory<CertLoader> update_certificates_factory_;
 
+  // This factory should be used only for callbacks on the crypto task runner.
+  base::WeakPtrFactory<CertLoader> crypto_factory_;
+
   DISALLOW_COPY_AND_ASSIGN(CertLoader);
 };