*WIP* Store NSS slots per profile. Move keygen to chrome.

chrome/browser/net/keygen_handler_nss.cc

+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/net/keygen_handler.h"
+
+#include "base/bind.h"
+#include "base/location.h"
+#include "base/logging.h"
+#include "base/threading/worker_pool.h"
+#include "chrome/browser/net/nss_slot_factory.h"
+#include "chrome/browser/ui/crypto_module_password_dialog.h"
+#include "crypto/crypto_module_blocking_password_delegate.h"
+#include "crypto/scoped_nss_types.h"
+#include "net/base/keygen_handler.h"
+
+namespace {
+
+void KeygenOnWorkerThread(
+    int key_size_in_bits,
+    const std::string& challenge,
+    const GURL& url,
+    bool stores_key,
+    crypto::ScopedPK11Slot slot,
+    std::string* result) {
+  scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
+      crypto_module_password_delegate(
+          chrome::NewCryptoModuleBlockingDialogDelegate(
+              chrome::kCryptoModulePasswordKeygen, url.host()));
+  // Authenticate to the token.
+  if (SECSuccess != PK11_Authenticate(slot.get(), PR_TRUE,
+                                      crypto_module_password_delegate.get())) {
+    LOG(ERROR) << "Couldn't authenticate to private key slot!";
+  }
+
+  net::KeygenHandler handler(key_size_in_bits, challenge, url);
+  handler.set_stores_key(stores_key);
+  handler.set_key_slot(slot.Pass());
+  *result = handler.GenKeyAndSignChallenge();
+}
+
+void GenerateKeyInSlot(int key_size_in_bits,
+                       const std::string& challenge,
+                       const GURL& url,
+                       bool stores_key,
+                       const base::Callback<void(const std::string*)>& callback,
+                       crypto::ScopedPK11Slot slot) {
+  if (!slot.get()) {
+    LOG(ERROR) << "Couldn't get private key slot from NSS!";
+    callback.Run(NULL);
+    return;
+  }
+  LOG(WARNING) << "keygen private slot name: " << PK11_GetSlotName(slot.get())
+               << " token name: " << PK11_GetTokenName(slot.get())
+               << " slot id: " << PK11_GetSlotID(slot.get());
+
+  VLOG(1) << "Dispatching keygen task to worker pool.";
+  std::string* result(new std::string());
+  // Dispatch to worker pool, so we do not block the IO thread.
+  if (!base::WorkerPool::PostTaskAndReply(
+          FROM_HERE,
+          base::Bind(&KeygenOnWorkerThread,
+                     key_size_in_bits,
+                     challenge,
+                     url,
+                     stores_key,
+                     base::Passed(&slot),
+                     result),
+          base::Bind(callback, base::Owned(result)),
+          true)) {
+    NOTREACHED() << "Failed to dispatch keygen task to worker pool";
+    callback.Run(NULL);
+    return;
+  }
+}
+
+}  // namespace
+
+namespace chrome_browser_net {
+
+void GenerateKey(content::ResourceContext* context,
+                 int key_size_in_bits,
+                 const std::string& challenge,
+                 const GURL& url,
+                 bool stores_key,
+                 const base::Callback<void(const std::string*)>& callback) {
+  // TODO(mattm): allow choosing which slot to generate and store the key.
+  OnPrivateNSSKeySlotForResourceContextReady(context,
+                                             base::Bind(&GenerateKeyInSlot,
+                                                        key_size_in_bits,
+                                                        challenge,
+                                                        url,
+                                                        stores_key,
+                                                        callback));
+}
+
+}  // namespace chrome_browser_net