Convert //chrome/browser/chromeos from scoped_ptr to std::unique_ptr

chrome/browser/chromeos/platform_keys/platform_keys_nss.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "chrome/browser/chromeos/platform_keys/platform_keys.h"
-
 #include <cert.h>
 #include <cryptohi.h>
 #include <keyhi.h>
 #include <secder.h>
 #include <stddef.h>
 #include <stdint.h>
+
 #include <utility>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/compiler_specific.h"
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/single_thread_task_runner.h"
 #include "base/thread_task_runner_handle.h"
 #include "base/threading/worker_pool.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/browser_process_platform_part_chromeos.h"
 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h"
 #include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h"
 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h"
+#include "chrome/browser/chromeos/platform_keys/platform_keys.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.h"
 #include "chrome/browser/net/nss_context.h"
 #include "chrome/browser/profiles/profile.h"
 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/browser_thread.h"
 #include "crypto/nss_key_util.h"
 #include "crypto/scoped_nss_types.h"
 #include "net/base/crypto_module.h"
@@ skipping 180 matching lines @@
  public:
   explicit SelectCertificatesState(
       const std::string& username_hash,
       const bool use_system_key_slot,
       const scoped_refptr<net::SSLCertRequestInfo>& request,
       const subtle::SelectCertificatesCallback& callback);
   ~SelectCertificatesState() override {}
 
   void OnError(const tracked_objects::Location& from,
                const std::string& error_message) override {
-    CallBack(from, scoped_ptr<net::CertificateList>() /* no matches */,
+    CallBack(from, std::unique_ptr<net::CertificateList>() /* no matches */,
              error_message);
   }
 
   void CallBack(const tracked_objects::Location& from,
-                scoped_ptr<net::CertificateList> matches,
+                std::unique_ptr<net::CertificateList> matches,
                 const std::string& error_message) {
     origin_task_runner_->PostTask(
         from, base::Bind(callback_, base::Passed(&matches), error_message));
   }
 
   const std::string username_hash_;
   const bool use_system_key_slot_;
   scoped_refptr<net::SSLCertRequestInfo> cert_request_info_;
-  scoped_ptr<net::ClientCertStore> cert_store_;
-  scoped_ptr<net::CertificateList> certs_;
+  std::unique_ptr<net::ClientCertStore> cert_store_;
+  std::unique_ptr<net::CertificateList> certs_;
 
  private:
   // Must be called on origin thread, therefore use CallBack().
   subtle::SelectCertificatesCallback callback_;
 };
 
 class GetCertificatesState : public NSSOperationState {
  public:
   explicit GetCertificatesState(const GetCertificatesCallback& callback);
   ~GetCertificatesState() override {}
 
   void OnError(const tracked_objects::Location& from,
                const std::string& error_message) override {
     CallBack(from,
-             scoped_ptr<net::CertificateList>() /* no certificates */,
+             std::unique_ptr<net::CertificateList>() /* no certificates */,
              error_message);
   }
 
   void CallBack(const tracked_objects::Location& from,
-                scoped_ptr<net::CertificateList> certs,
+                std::unique_ptr<net::CertificateList> certs,
                 const std::string& error_message) {
     origin_task_runner_->PostTask(
         from, base::Bind(callback_, base::Passed(&certs), error_message));
   }
 
-  scoped_ptr<net::CertificateList> certs_;
+  std::unique_ptr<net::CertificateList> certs_;
 
  private:
   // Must be called on origin thread, therefore use CallBack().
   GetCertificatesCallback callback_;
 };
 
 class ImportCertificateState : public NSSOperationState {
  public:
   ImportCertificateState(const scoped_refptr<net::X509Certificate>& certificate,
                          const ImportCertificateCallback& callback);
@@ skipping 40 matching lines @@
 };
 
 class GetTokensState : public NSSOperationState {
  public:
   explicit GetTokensState(const GetTokensCallback& callback);
   ~GetTokensState() override {}
 
   void OnError(const tracked_objects::Location& from,
                const std::string& error_message) override {
     CallBack(from,
-             scoped_ptr<std::vector<std::string> >() /* no token ids */,
+             std::unique_ptr<std::vector<std::string>>() /* no token ids */,
              error_message);
   }
 
   void CallBack(const tracked_objects::Location& from,
-                scoped_ptr<std::vector<std::string> > token_ids,
+                std::unique_ptr<std::vector<std::string>> token_ids,
                 const std::string& error_message) {
     origin_task_runner_->PostTask(
         from, base::Bind(callback_, base::Passed(&token_ids), error_message));
   }
 
  private:
   // Must be called on origin thread, therefore use CallBack().
   GetTokensCallback callback_;
 };
 
@@ skipping 46 matching lines @@
     const RemoveCertificateCallback& callback)
     : certificate_(certificate), callback_(callback) {
 }
 
 GetTokensState::GetTokensState(const GetTokensCallback& callback)
     : callback_(callback) {
 }
 
 // Does the actual key generation on a worker thread. Used by
 // GenerateRSAKeyWithDB().
-void GenerateRSAKeyOnWorkerThread(scoped_ptr<GenerateRSAKeyState> state) {
+void GenerateRSAKeyOnWorkerThread(std::unique_ptr<GenerateRSAKeyState> state) {
   if (!state->slot_) {
     LOG(ERROR) << "No slot.";
     state->OnError(FROM_HERE, kErrorInternal);
     return;
   }
 
   crypto::ScopedSECKEYPublicKey public_key;
   crypto::ScopedSECKEYPrivateKey private_key;
   if (!crypto::GenerateRSAKeyPairNSS(
           state->slot_.get(), state->modulus_length_bits_, true /* permanent */,
@@ skipping 13 matching lines @@
   }
   state->CallBack(
       FROM_HERE,
       std::string(reinterpret_cast<const char*>(public_key_der->data),
                   public_key_der->len),
       std::string() /* no error */);
 }
 
 // Continues generating a RSA key with the obtained NSSCertDatabase. Used by
 // GenerateRSAKey().
-void GenerateRSAKeyWithDB(scoped_ptr<GenerateRSAKeyState> state,
+void GenerateRSAKeyWithDB(std::unique_ptr<GenerateRSAKeyState> state,
                           net::NSSCertDatabase* cert_db) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   // Only the slot and not the NSSCertDatabase is required. Ignore |cert_db|.
   base::WorkerPool::PostTask(
       FROM_HERE,
       base::Bind(&GenerateRSAKeyOnWorkerThread, base::Passed(&state)),
       true /*task is slow*/);
 }
 
 // Does the actual signing on a worker thread. Used by SignRSAWithDB().
-void SignRSAOnWorkerThread(scoped_ptr<SignRSAState> state) {
+void SignRSAOnWorkerThread(std::unique_ptr<SignRSAState> state) {
   const uint8_t* public_key_uint8 =
       reinterpret_cast<const uint8_t*>(state->public_key_.data());
   std::vector<uint8_t> public_key_vector(
       public_key_uint8, public_key_uint8 + state->public_key_.size());
 
   crypto::ScopedSECKEYPrivateKey rsa_key;
   if (state->slot_) {
     rsa_key = crypto::FindNSSKeyFromPublicKeyInfoInSlot(public_key_vector,
                                                         state->slot_.get());
   } else {
@@ skipping 60 matching lines @@
   if (signature_str.empty()) {
     LOG(ERROR) << "Couldn't sign.";
     state->OnError(FROM_HERE, kErrorInternal);
     return;
   }
 
   state->CallBack(FROM_HERE, signature_str, std::string() /* no error */);
 }
 
 // Continues signing with the obtained NSSCertDatabase. Used by Sign().
-void SignRSAWithDB(scoped_ptr<SignRSAState> state,
+void SignRSAWithDB(std::unique_ptr<SignRSAState> state,
                    net::NSSCertDatabase* cert_db) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   // Only the slot and not the NSSCertDatabase is required. Ignore |cert_db|.
   base::WorkerPool::PostTask(
       FROM_HERE, base::Bind(&SignRSAOnWorkerThread, base::Passed(&state)),
       true /*task is slow*/);
 }
 
 // Called when ClientCertStoreChromeOS::GetClientCerts is done. Builds the list
 // of net::CertificateList and calls back. Used by
 // SelectCertificatesOnIOThread().
 void DidSelectCertificatesOnIOThread(
-    scoped_ptr<SelectCertificatesState> state) {
+    std::unique_ptr<SelectCertificatesState> state) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   state->CallBack(FROM_HERE, std::move(state->certs_),
                   std::string() /* no error */);
 }
 
 // Continues selecting certificates on the IO thread. Used by
 // SelectClientCertificates().
-void SelectCertificatesOnIOThread(scoped_ptr<SelectCertificatesState> state) {
+void SelectCertificatesOnIOThread(
+    std::unique_ptr<SelectCertificatesState> state) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   state->cert_store_.reset(new ClientCertStoreChromeOS(
       nullptr,  // no additional provider
-      make_scoped_ptr(new ClientCertFilterChromeOS(state->use_system_key_slot_,
-                                                   state->username_hash_)),
+      base::WrapUnique(new ClientCertFilterChromeOS(state->use_system_key_slot_,
+                                                    state->username_hash_)),
       ClientCertStoreChromeOS::PasswordDelegateFactory()));
 
   state->certs_.reset(new net::CertificateList);
 
   SelectCertificatesState* state_ptr = state.get();
   state_ptr->cert_store_->GetClientCerts(
       *state_ptr->cert_request_info_, state_ptr->certs_.get(),
       base::Bind(&DidSelectCertificatesOnIOThread, base::Passed(&state)));
 }
 
 // Filters the obtained certificates on a worker thread. Used by
 // DidGetCertificates().
-void FilterCertificatesOnWorkerThread(scoped_ptr<GetCertificatesState> state) {
-  scoped_ptr<net::CertificateList> client_certs(new net::CertificateList);
+void FilterCertificatesOnWorkerThread(
+    std::unique_ptr<GetCertificatesState> state) {
+  std::unique_ptr<net::CertificateList> client_certs(new net::CertificateList);
   for (net::CertificateList::const_iterator it = state->certs_->begin();
        it != state->certs_->end();
        ++it) {
     net::X509Certificate::OSCertHandle cert_handle = (*it)->os_cert_handle();
     crypto::ScopedPK11Slot cert_slot(PK11_KeyForCertExists(cert_handle,
                                                            NULL,    // keyPtr
                                                            NULL));  // wincx
 
     // Keep only user certificates, i.e. certs for which the private key is
     // present and stored in the queried slot.
     if (cert_slot != state->slot_)
       continue;
 
     client_certs->push_back(*it);
   }
 
   state->CallBack(FROM_HERE, std::move(client_certs),
                   std::string() /* no error */);
 }
 
 // Passes the obtained certificates to the worker thread for filtering. Used by
 // GetCertificatesWithDB().
-void DidGetCertificates(scoped_ptr<GetCertificatesState> state,
-                        scoped_ptr<net::CertificateList> all_certs) {
+void DidGetCertificates(std::unique_ptr<GetCertificatesState> state,
+                        std::unique_ptr<net::CertificateList> all_certs) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   state->certs_ = std::move(all_certs);
   base::WorkerPool::PostTask(
       FROM_HERE,
       base::Bind(&FilterCertificatesOnWorkerThread, base::Passed(&state)),
       true /*task is slow*/);
 }
 
 // Continues getting certificates with the obtained NSSCertDatabase. Used by
 // GetCertificates().
-void GetCertificatesWithDB(scoped_ptr<GetCertificatesState> state,
+void GetCertificatesWithDB(std::unique_ptr<GetCertificatesState> state,
                            net::NSSCertDatabase* cert_db) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   // Get the pointer to slot before base::Passed releases |state|.
   PK11SlotInfo* slot = state->slot_.get();
   cert_db->ListCertsInSlot(
       base::Bind(&DidGetCertificates, base::Passed(&state)), slot);
 }
 
 // Does the actual certificate importing on the IO thread. Used by
 // ImportCertificate().
-void ImportCertificateWithDB(scoped_ptr<ImportCertificateState> state,
+void ImportCertificateWithDB(std::unique_ptr<ImportCertificateState> state,
                              net::NSSCertDatabase* cert_db) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   // TODO(pneubeck): Use |state->slot_| to verify that we're really importing to
   // the correct token.
   // |cert_db| is not required, ignore it.
   net::CertDatabase* db = net::CertDatabase::GetInstance();
 
   const net::Error cert_status =
       static_cast<net::Error>(db->CheckUserCert(state->certificate_.get()));
   if (cert_status == net::ERR_NO_PRIVATE_KEY_FOR_CERT) {
@@ skipping 17 matching lines @@
   if (import_status != net::OK) {
     LOG(ERROR) << "Could not import certificate.";
     state->OnError(FROM_HERE, net::ErrorToString(import_status));
     return;
   }
 
   state->CallBack(FROM_HERE, std::string() /* no error */);
 }
 
 // Called on IO thread after the certificate removal is finished.
-void DidRemoveCertificate(scoped_ptr<RemoveCertificateState> state,
+void DidRemoveCertificate(std::unique_ptr<RemoveCertificateState> state,
                           bool certificate_found,
                           bool success) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   // CertificateNotFound error has precedence over an internal error.
   if (!certificate_found) {
     state->OnError(FROM_HERE, kErrorCertificateNotFound);
     return;
   }
   if (!success) {
     state->OnError(FROM_HERE, kErrorInternal);
     return;
   }
 
   state->CallBack(FROM_HERE, std::string() /* no error */);
 }
 
 // Does the actual certificate removal on the IO thread. Used by
 // RemoveCertificate().
-void RemoveCertificateWithDB(scoped_ptr<RemoveCertificateState> state,
+void RemoveCertificateWithDB(std::unique_ptr<RemoveCertificateState> state,
                              net::NSSCertDatabase* cert_db) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   // Get the pointer before base::Passed clears |state|.
   scoped_refptr<net::X509Certificate> certificate = state->certificate_;
   bool certificate_found = certificate->os_cert_handle()->isperm;
   cert_db->DeleteCertAndKeyAsync(
       certificate,
       base::Bind(
           &DidRemoveCertificate, base::Passed(&state), certificate_found));
 }
 
 // Does the actual work to determine which tokens are available.
-void GetTokensWithDB(scoped_ptr<GetTokensState> state,
+void GetTokensWithDB(std::unique_ptr<GetTokensState> state,
                      net::NSSCertDatabase* cert_db) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
-  scoped_ptr<std::vector<std::string> > token_ids(new std::vector<std::string>);
+  std::unique_ptr<std::vector<std::string>> token_ids(
+      new std::vector<std::string>);
 
   // The user's token is always available.
   token_ids->push_back(kTokenIdUser);
   if (cert_db->GetSystemSlot())
     token_ids->push_back(kTokenIdSystem);
 
   state->CallBack(FROM_HERE, std::move(token_ids),
                   std::string() /* no error */);
 }
 
 }  // namespace
 
 namespace subtle {
 
 void GenerateRSAKey(const std::string& token_id,
                     unsigned int modulus_length_bits,
                     const GenerateKeyCallback& callback,
                     BrowserContext* browser_context) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
-  scoped_ptr<GenerateRSAKeyState> state(
+  std::unique_ptr<GenerateRSAKeyState> state(
       new GenerateRSAKeyState(modulus_length_bits, callback));
 
   if (modulus_length_bits > kMaxRSAModulusLengthBits) {
     state->OnError(FROM_HERE, kErrorAlgorithmNotSupported);
     return;
   }
 
   // Get the pointer to |state| before base::Passed releases |state|.
   NSSOperationState* state_ptr = state.get();
   GetCertDatabase(token_id,
                   base::Bind(&GenerateRSAKeyWithDB, base::Passed(&state)),
                   browser_context,
                   state_ptr);
 }
 
 void SignRSAPKCS1Digest(const std::string& token_id,
                         const std::string& data,
                         const std::string& public_key,
                         HashAlgorithm hash_algorithm,
                         const SignCallback& callback,
                         content::BrowserContext* browser_context) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
-  scoped_ptr<SignRSAState> state(
+  std::unique_ptr<SignRSAState> state(
       new SignRSAState(data, public_key, false /* digest before signing */,
                        hash_algorithm, callback));
   // Get the pointer to |state| before base::Passed releases |state|.
   NSSOperationState* state_ptr = state.get();
 
   // The NSSCertDatabase object is not required. But in case it's not available
   // we would get more informative error messages and we can double check that
   // we use a key of the correct token.
   GetCertDatabase(token_id, base::Bind(&SignRSAWithDB, base::Passed(&state)),
                   browser_context, state_ptr);
 }
 
 void SignRSAPKCS1Raw(const std::string& token_id,
                      const std::string& data,
                      const std::string& public_key,
                      const SignCallback& callback,
                      content::BrowserContext* browser_context) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
-  scoped_ptr<SignRSAState> state(new SignRSAState(
+  std::unique_ptr<SignRSAState> state(new SignRSAState(
       data, public_key, true /* sign directly without hashing */,
       HASH_ALGORITHM_NONE, callback));
   // Get the pointer to |state| before base::Passed releases |state|.
   NSSOperationState* state_ptr = state.get();
 
   // The NSSCertDatabase object is not required. But in case it's not available
   // we would get more informative error messages and we can double check that
   // we use a key of the correct token.
   GetCertDatabase(token_id, base::Bind(&SignRSAWithDB, base::Passed(&state)),
                   browser_context, state_ptr);
@@ skipping 15 matching lines @@
   cert_request_info->cert_authorities = certificate_authorities;
 
   const user_manager::User* user =
       chromeos::ProfileHelper::Get()->GetUserByProfile(
           Profile::FromBrowserContext(browser_context));
 
   // Use the device-wide system key slot only if the user is affiliated on the
   // device.
   const bool use_system_key_slot = user->IsAffiliated();
 
-  scoped_ptr<SelectCertificatesState> state(new SelectCertificatesState(
+  std::unique_ptr<SelectCertificatesState> state(new SelectCertificatesState(
       user->username_hash(), use_system_key_slot, cert_request_info, callback));
 
   BrowserThread::PostTask(
       BrowserThread::IO, FROM_HERE,
       base::Bind(&SelectCertificatesOnIOThread, base::Passed(&state)));
 }
 
 }  // namespace subtle
 
 std::string GetSubjectPublicKeyInfo(
@@ skipping 34 matching lines @@
 
   *key_type = key_type_tmp;
   *key_size_bits = key_size_bits_tmp;
   return true;
 }
 
 void GetCertificates(const std::string& token_id,
                      const GetCertificatesCallback& callback,
                      BrowserContext* browser_context) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
-  scoped_ptr<GetCertificatesState> state(new GetCertificatesState(callback));
+  std::unique_ptr<GetCertificatesState> state(
+      new GetCertificatesState(callback));
   // Get the pointer to |state| before base::Passed releases |state|.
   NSSOperationState* state_ptr = state.get();
   GetCertDatabase(token_id,
                   base::Bind(&GetCertificatesWithDB, base::Passed(&state)),
                   browser_context,
                   state_ptr);
 }
 
 void ImportCertificate(const std::string& token_id,
                        const scoped_refptr<net::X509Certificate>& certificate,
                        const ImportCertificateCallback& callback,
                        BrowserContext* browser_context) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
-  scoped_ptr<ImportCertificateState> state(
+  std::unique_ptr<ImportCertificateState> state(
       new ImportCertificateState(certificate, callback));
   // Get the pointer to |state| before base::Passed releases |state|.
   NSSOperationState* state_ptr = state.get();
 
   // The NSSCertDatabase object is not required. But in case it's not available
   // we would get more informative error messages and we can double check that
   // we use a key of the correct token.
   GetCertDatabase(token_id,
                   base::Bind(&ImportCertificateWithDB, base::Passed(&state)),
                   browser_context,
                   state_ptr);
 }
 
 void RemoveCertificate(const std::string& token_id,
                        const scoped_refptr<net::X509Certificate>& certificate,
                        const RemoveCertificateCallback& callback,
                        BrowserContext* browser_context) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
-  scoped_ptr<RemoveCertificateState> state(
+  std::unique_ptr<RemoveCertificateState> state(
       new RemoveCertificateState(certificate, callback));
   // Get the pointer to |state| before base::Passed releases |state|.
   NSSOperationState* state_ptr = state.get();
 
   // The NSSCertDatabase object is not required. But in case it's not available
   // we would get more informative error messages.
   GetCertDatabase(token_id,
                   base::Bind(&RemoveCertificateWithDB, base::Passed(&state)),
                   browser_context,
                   state_ptr);
 }
 
 void GetTokens(const GetTokensCallback& callback,
                content::BrowserContext* browser_context) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
-  scoped_ptr<GetTokensState> state(new GetTokensState(callback));
+  std::unique_ptr<GetTokensState> state(new GetTokensState(callback));
   // Get the pointer to |state| before base::Passed releases |state|.
   NSSOperationState* state_ptr = state.get();
   GetCertDatabase(std::string() /* don't get any specific slot */,
                   base::Bind(&GetTokensWithDB, base::Passed(&state)),
                   browser_context,
                   state_ptr);
 }
 
 }  // namespace platform_keys
 
 }  // namespace chromeos