Refactor client cert private key handling.

chrome/browser/ui/views/ssl_client_certificate_selector.cc

Index: chrome/browser/ui/views/ssl_client_certificate_selector.cc
diff --git a/chrome/browser/ui/views/ssl_client_certificate_selector.cc b/chrome/browser/ui/views/ssl_client_certificate_selector.cc
index 0176e6528f177ad45408e4c6c9bbc9f6c31db040..a56291704ffc5084057e6ac5505382d2a4e992dc 100644
--- a/chrome/browser/ui/views/ssl_client_certificate_selector.cc
+++ b/chrome/browser/ui/views/ssl_client_certificate_selector.cc
@@ -28,7 +28,7 @@
 SSLClientCertificateSelector::SSLClientCertificateSelector(
     content::WebContents* web_contents,
     const scoped_refptr<net::SSLCertRequestInfo>& cert_request_info,
-    net::CertificateList client_certs,
+    net::ClientCertIdentityList client_certs,
     std::unique_ptr<content::ClientCertificateDelegate> delegate)
     : CertificateSelector(std::move(client_certs), web_contents),
       SSLClientAuthObserver(web_contents->GetBrowserContext(),
@@ -63,27 +63,22 @@ void SSLClientCertificateSelector::DeleteDelegate() {
   // to abort instead of proceeding with a null certificate. (This will be
   // ignored if there was a previous call to CertificateSelected or
   // CancelCertificateSelection.)
-  CertificateSelected(nullptr);
+  CertificateSelected(nullptr, nullptr);
   chrome::CertificateSelector::DeleteDelegate();
 }
 
 bool SSLClientCertificateSelector::Accept() {
-  scoped_refptr<net::X509Certificate> cert = GetSelectedCert();
-  if (cert.get()) {
-    // Remove the observer before we try unlocking, otherwise we might act on a
-    // notification while waiting for the unlock dialog, causing us to delete
-    // ourself before the Unlocked callback gets called.
+  net::ClientCertIdentity* identity = GetSelectedCert();
+  if (identity) {
+    // Remove the observer before we try acquiring private key, otherwise we
+    // might act on a notification while waiting for the callback, causing us
+    // to delete ourself before the callback gets called.
     StopObserving();
-#if defined(USE_NSS_CERTS) && !defined(OS_CHROMEOS)
-    chrome::UnlockCertSlotIfNecessary(
-        cert.get(), chrome::kCryptoModulePasswordClientAuth,
-        cert_request_info()->host_and_port, GetWidget()->GetNativeView(),
-        base::Bind(&SSLClientCertificateSelector::Unlocked,
-                   base::Unretained(this), base::RetainedRef(cert)));
-#else
-    Unlocked(cert.get());
-#endif
-    return false;  // Unlocked() will close the dialog.
+    identity->AcquirePrivateKey(base::Bind(
+        &SSLClientCertificateSelector::GotPrivateKey, base::Unretained(this),

[davidben, 2017/06/07 23:06:17]

Existing issue, but I'm not sure base::Unretained works here. What if the window
is closed while all this is going on?

[mattm, 2017/06/08 21:47:56]

Yep. Crash :/

I think at one point these used to be modal or something so that couldn't
happen? Or maybe it always was broken. dunno.

Might as well fix while I'm here.

+        base::Unretained(identity->certificate())));
+    // GotPrivateKey() will close the dialog. It may be run synchronously.
+    return false;
   }
 
   return false;
@@ -94,8 +89,10 @@ void SSLClientCertificateSelector::WebContentsDestroyed() {
   CancelCertificateSelection();
 }
 
-void SSLClientCertificateSelector::Unlocked(net::X509Certificate* cert) {
-  CertificateSelected(cert);
+void SSLClientCertificateSelector::GotPrivateKey(
+    net::X509Certificate* cert,
+    scoped_refptr<net::SSLPrivateKey> private_key) {
+  CertificateSelected(cert, private_key.get());
   GetWidget()->Close();
 }
 
@@ -104,7 +101,7 @@ namespace chrome {
 void ShowSSLClientCertificateSelector(
     content::WebContents* contents,
     net::SSLCertRequestInfo* cert_request_info,
-    net::CertificateList client_certs,
+    net::ClientCertIdentityList client_certs,
     std::unique_ptr<content::ClientCertificateDelegate> delegate) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);