Cleanup unreachable cert adding code

chrome/browser/chromeos/platform_keys/platform_keys_nss.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <cert.h>
 #include <cryptohi.h>
 #include <keyhi.h>
 #include <secder.h>
 #include <stddef.h>
 #include <stdint.h>
@@ skipping 25 matching lines @@
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/browser_thread.h"
 #include "crypto/nss_key_util.h"
 #include "crypto/scoped_nss_types.h"
 #include "net/base/crypto_module.h"
 #include "net/base/net_errors.h"
 #include "net/cert/cert_database.h"
 #include "net/cert/nss_cert_database.h"
 #include "net/cert/x509_util_nss.h"
 #include "net/ssl/ssl_cert_request_info.h"
+#include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h"
 
 using content::BrowserContext;
 using content::BrowserThread;
 
 namespace {
 const char kErrorInternal[] = "Internal Error.";
 const char kErrorKeyNotFound[] = "Key not found.";
 const char kErrorCertificateNotFound[] = "Certificate could not be found.";
 const char kErrorAlgorithmNotSupported[] = "Algorithm not supported.";
 
@@ skipping 556 matching lines @@
   PK11SlotInfo* slot = state->slot_.get();
   cert_db->ListCertsInSlot(
       base::Bind(&DidGetCertificates, base::Passed(&state)), slot);
 }
 
 // Does the actual certificate importing on the IO thread. Used by
 // ImportCertificate().
 void ImportCertificateWithDB(std::unique_ptr<ImportCertificateState> state,
                              net::NSSCertDatabase* cert_db) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
-  // TODO(pneubeck): Use |state->slot_| to verify that we're really importing to
-  // the correct token.
-  // |cert_db| is not required, ignore it.
-  net::CertDatabase* db = net::CertDatabase::GetInstance();
 
-  const net::Error cert_status =
-      static_cast<net::Error>(db->CheckUserCert(state->certificate_.get()));
-  if (cert_status == net::ERR_NO_PRIVATE_KEY_FOR_CERT) {
-    state->OnError(FROM_HERE, kErrorKeyNotFound);
+  if (!state->certificate_) {
+    state->OnError(FROM_HERE, net::ErrorToString(net::ERR_CERT_INVALID));
     return;
-  } else if (cert_status != net::OK) {
-    state->OnError(FROM_HERE, net::ErrorToString(cert_status));
+  }
+  if (state->certificate_->HasExpired()) {
+    state->OnError(FROM_HERE, net::ErrorToString(net::ERR_CERT_DATE_INVALID));
     return;
   }
 
   // Check that the private key is in the correct slot.
-  PK11SlotInfo* slot =
-      PK11_KeyForCertExists(state->certificate_->os_cert_handle(), NULL, NULL);
-  if (slot != state->slot_.get()) {
+  crypto::ScopedPK11Slot slot(
+      PK11_KeyForCertExists(state->certificate_->os_cert_handle(), NULL, NULL));
+  if (slot.get() != state->slot_.get()) {
     state->OnError(FROM_HERE, kErrorKeyNotFound);
     return;
   }
 
-  const net::Error import_status =
-      static_cast<net::Error>(db->AddUserCert(state->certificate_.get()));
+  const net::Error import_status = static_cast<net::Error>(
+      cert_db->ImportUserCert(state->certificate_.get()));
   if (import_status != net::OK) {
     LOG(ERROR) << "Could not import certificate.";
     state->OnError(FROM_HERE, net::ErrorToString(import_status));
     return;
   }
 
   state->CallBack(FROM_HERE, std::string() /* no error */);
 }
 
 // Called on IO thread after the certificate removal is finished.
@@ skipping 241 matching lines @@
   NSSOperationState* state_ptr = state.get();
   GetCertDatabase(std::string() /* don't get any specific slot */,
                   base::Bind(&GetTokensWithDB, base::Passed(&state)),
                   browser_context,
                   state_ptr);
 }
 
 }  // namespace platform_keys
 
 }  // namespace chromeos