Refactor client cert private key handling.

chrome/browser/chrome_content_browser_client.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chrome_content_browser_client.h"
 
 #include <map>
 #include <set>
 #include <utility>
 #include <vector>
@@ skipping 2257 matching lines @@
       new CertificateReportingServiceCertReporter(cert_reporting_service));
 
   SSLErrorHandler::HandleSSLError(web_contents, cert_error, ssl_info,
                                   request_url, options_mask,
                                   std::move(cert_reporter), callback);
 }
 
 void ChromeContentBrowserClient::SelectClientCertificate(
     content::WebContents* web_contents,
     net::SSLCertRequestInfo* cert_request_info,
-    net::CertificateList client_certs,
+    net::ClientCertIdentityList client_certs,
     std::unique_ptr<content::ClientCertificateDelegate> delegate) {
   prerender::PrerenderContents* prerender_contents =
       prerender::PrerenderContents::FromWebContents(web_contents);
   if (prerender_contents) {
     prerender_contents->Destroy(
         prerender::FINAL_STATUS_SSL_CLIENT_CERTIFICATE_REQUESTED);
     return;
   }
 
   GURL requesting_url("https://" + cert_request_info->host_and_port.ToString());
   DCHECK(requesting_url.is_valid())
       << "Invalid URL string: https://"
       << cert_request_info->host_and_port.ToString();
 
   Profile* profile =
       Profile::FromBrowserContext(web_contents->GetBrowserContext());
   std::unique_ptr<base::Value> filter =
       HostContentSettingsMapFactory::GetForProfile(profile)->GetWebsiteSetting(
           requesting_url, requesting_url,
           CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE, std::string(), NULL);
 
   if (filter.get()) {
     // Try to automatically select a client certificate.
     if (filter->IsType(base::Value::Type::DICTIONARY)) {
       base::DictionaryValue* filter_dict =
           static_cast<base::DictionaryValue*>(filter.get());
 
       for (size_t i = 0; i < client_certs.size(); ++i) {
-        if (CertMatchesFilter(*client_certs[i].get(), *filter_dict)) {
+        if (CertMatchesFilter(*client_certs[i]->certificate(), *filter_dict)) {
           // Use the first certificate that is matched by the filter.
-          delegate->ContinueWithCertificate(client_certs[i].get());
+          // The callback will own |client_certs[i]| and |delegate|, keeping
+          // them alive until after ContinueWithCertificate is called.
+          scoped_refptr<net::X509Certificate> cert =
+              client_certs[i]->certificate();
+          net::ClientCertIdentity::SelfOwningAcquirePrivateKey(
+              std::move(client_certs[i]),
+              base::Bind(
+                  &content::ClientCertificateDelegate::ContinueWithCertificate,
+                  base::Passed(&delegate), std::move(cert)));
           return;
         }
       }
     } else {
       NOTREACHED();
     }
   }
 
   chrome::ShowSSLClientCertificateSelector(web_contents, cert_request_info,
                                            std::move(client_certs),
@@ skipping 1116 matching lines @@
 
 base::FilePath ChromeContentBrowserClient::GetLoggingFileName() {
   return logging::GetLogFileName();
 }
 
 // static
 void ChromeContentBrowserClient::SetDefaultQuotaSettingsForTesting(
     const storage::QuotaSettings* settings) {
   g_default_quota_settings = settings;
 }