*WIP* Store NSS slots per profile. Move keygen to chrome.

net/ssl/client_cert_store_impl_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/ssl/client_cert_store_impl.h"
 
 #include <nss.h>
 #include <ssl.h>
 
+#include "base/callback.h"
 #include "base/logging.h"
 #include "net/cert/x509_util.h"
 
 namespace net {
 
 namespace {
 
 // Examines the certificates in |cert_list| to find all certificates that match
 // the client certificate request in |request|, storing the matching
 // certificates in |selected_certs|.
@@ skipping 21 matching lines @@
     const std::string& authority = request.cert_authorities[i];
     ca_names_items[i].type = siBuffer;
     ca_names_items[i].data =
         reinterpret_cast<unsigned char*>(const_cast<char*>(authority.data()));
     ca_names_items[i].len = static_cast<unsigned int>(authority.size());
   }
   ca_names.nnames = static_cast<int>(ca_names_items.size());
   if (!ca_names_items.empty())
     ca_names.names = &ca_names_items[0];
 
+  size_t num_raw = 0;
   for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
        !CERT_LIST_END(node, cert_list);
        node = CERT_LIST_NEXT(node)) {
+    ++num_raw;
     // Only offer unexpired certificates.
     if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) !=
         secCertTimeValid) {
+      LOG(WARNING) << " skipped an expired cert";
       continue;
     }
 
     scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle(
         node->cert, X509Certificate::OSCertHandles());
 
     // Check if the certificate issuer is allowed by the server.
     if (request.cert_authorities.empty() ||
         (!query_nssdb &&
          cert->IsIssuedByEncoded(request.cert_authorities)) ||
         (query_nssdb &&
          NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) {
+      LOG(WARNING) << " selected a cert";
       selected_certs->push_back(cert);
     }
+    else
+      LOG(WARNING) << " skipped a cert";
   }
+  LOG(WARNING) << "num_raw:" << num_raw << "  res:"<<selected_certs->size();
 
   std::sort(selected_certs->begin(), selected_certs->end(),
             x509_util::ClientCertSorter());
   return true;
 }
 
 }  // namespace
 
-bool ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request,
-                                         CertificateList* selected_certs) {
+void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request,
+                                         CertificateList* selected_certs,
+                                         const base::Closure& callback) {
   CERTCertList* client_certs = CERT_FindUserCertsByUsage(
       CERT_GetDefaultCertDB(), certUsageSSLClient,
       PR_FALSE, PR_FALSE, NULL);
   // It is ok for a user not to have any client certs.
-  if (!client_certs)
-    return true;
+  if (!client_certs) {
+    callback.Run();
+    return;
+  }
 
-  bool rv = GetClientCertsImpl(client_certs, request, true, selected_certs);
+  GetClientCertsImpl(client_certs, request, true, selected_certs);
   CERT_DestroyCertList(client_certs);
-  return rv;
+  callback.Run();
 }
 
 bool ClientCertStoreImpl::SelectClientCertsForTesting(
     const CertificateList& input_certs,
     const SSLCertRequestInfo& request,
     CertificateList* selected_certs) {
   CERTCertList* cert_list = CERT_NewCertList();
   if (!cert_list)
     return false;
   for (size_t i = 0; i < input_certs.size(); ++i) {
     CERT_AddCertToListTail(
         cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle()));
   }
 
   bool rv = GetClientCertsImpl(cert_list, request, false, selected_certs);
   CERT_DestroyCertList(cert_list);
   return rv;
 }
 
 }  // namespace net