*WIP* Store NSS slots per profile. Move keygen to chrome.

net/ssl/client_cert_store_impl_nss.cc

Index: net/ssl/client_cert_store_impl_nss.cc
diff --git a/net/ssl/client_cert_store_impl_nss.cc b/net/ssl/client_cert_store_impl_nss.cc
index b84ca495f04c27000b4c582f5c425654c9a622c6..c487f3234ce4a538319b63acd4cbfa35743415b1 100644
--- a/net/ssl/client_cert_store_impl_nss.cc
+++ b/net/ssl/client_cert_store_impl_nss.cc
@@ -53,12 +53,16 @@ void GetClientCertsImpl(CERTCertList* cert_list,
   if (!ca_names_items.empty())
     ca_names.names = &ca_names_items[0];
 
+  size_t num_raw = 0;
   for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
        !CERT_LIST_END(node, cert_list);
        node = CERT_LIST_NEXT(node)) {
+    ++num_raw;
     // Only offer unexpired certificates.
     if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) !=
         secCertTimeValid) {
+      DVLOG(2) << "skipped expired cert: "
+               << (node->cert->nickname ? node->cert->nickname : "");
       continue;
     }
 
@@ -71,9 +75,16 @@ void GetClientCertsImpl(CERTCertList* cert_list,
          cert->IsIssuedByEncoded(request.cert_authorities)) ||
         (query_nssdb &&
          NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) {
+      DVLOG(2) << "matched cert: "
+              << (node->cert->nickname ? node->cert->nickname : "");
       selected_certs->push_back(cert);
     }
+    else
+      DVLOG(2) << "skipped non-matching cert: "
+               << (node->cert->nickname ? node->cert->nickname : "");
   }
+  DVLOG(2) << "num_raw:" << num_raw
+           << " num_selected:" << selected_certs->size();
 
   std::sort(selected_certs->begin(), selected_certs->end(),
             x509_util::ClientCertSorter());