Refactor client cert private key handling.

android_webview/browser/aw_contents_client_bridge.cc

Index: android_webview/browser/aw_contents_client_bridge.cc
diff --git a/android_webview/browser/aw_contents_client_bridge.cc b/android_webview/browser/aw_contents_client_bridge.cc
index 506033338cc58bc0fe3b67d01b5c01b502a234ad..973f94b1d45d020173eccee59cc6e40c88a3eebc 100644
--- a/android_webview/browser/aw_contents_client_bridge.cc
+++ b/android_webview/browser/aw_contents_client_bridge.cc
@@ -27,7 +27,6 @@
 #include "jni/AwContentsClientBridge_jni.h"
 #include "net/cert/x509_certificate.h"
 #include "net/http/http_response_headers.h"
-#include "net/ssl/openssl_client_key_store.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/ssl/ssl_client_cert_type.h"
 #include "net/ssl/ssl_platform_key_android.h"
@@ -51,15 +50,6 @@ namespace android_webview {
 
 namespace {
 
-// Must be called on the I/O thread to record a client certificate
-// and its private key in the OpenSSLClientKeyStore.
-void RecordClientCertificateKey(net::X509Certificate* client_cert,
-                                scoped_refptr<net::SSLPrivateKey> private_key) {
-  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
-  net::OpenSSLClientKeyStore::GetInstance()->RecordClientCertPrivateKey(
-      client_cert, std::move(private_key));
-}
-
 const void* const kAwContentsClientBridge = &kAwContentsClientBridge;
 
 // This class is invented so that the UserData registry that we inject the
@@ -266,6 +256,7 @@ void AwContentsClientBridge::ProvideClientCertificateResponse(
     const JavaRef<jobject>& private_key_ref) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
 
+  // TODO(mattm): make this a unique_ptr and get rid of the guard stuff.

[sgurun-gerrit only, 2017/06/13 22:48:34]

why not do it in this CL?

[mattm, 2017/06/13 23:40:59]

Done.

   content::ClientCertificateDelegate* delegate =
       pending_client_cert_request_delegates_.Lookup(request_id);
   DCHECK(delegate);
@@ -273,7 +264,7 @@ void AwContentsClientBridge::ProvideClientCertificateResponse(
   if (encoded_chain_ref.is_null() || private_key_ref.is_null()) {
     LOG(ERROR) << "No client certificate selected";
     pending_client_cert_request_delegates_.Remove(request_id);
-    delegate->ContinueWithCertificate(nullptr);
+    delegate->ContinueWithCertificate(nullptr, nullptr);
     delete delegate;
     return;
   }
@@ -315,15 +306,9 @@ void AwContentsClientBridge::ProvideClientCertificateResponse(
   pending_client_cert_request_delegates_.Remove(request_id);
   ignore_result(guard.Release());
 
-  // RecordClientCertificateKey() must be called on the I/O thread,
-  // before the delegate is called with the selected certificate on
-  // the UI thread.
-  content::BrowserThread::PostTaskAndReply(
-      content::BrowserThread::IO, FROM_HERE,
-      base::Bind(&RecordClientCertificateKey, base::RetainedRef(client_cert),
-                 base::Passed(&private_key)),
-      base::Bind(&content::ClientCertificateDelegate::ContinueWithCertificate,
-                 base::Owned(delegate), base::RetainedRef(client_cert)));
+  delegate->ContinueWithCertificate(std::move(client_cert),
+                                    std::move(private_key));
+  delete delegate;
 }
 
 void AwContentsClientBridge::RunJavaScriptDialog(