Refactor client cert private key handling.

chrome/browser/ui/views/ssl_client_certificate_selector.cc

Index: chrome/browser/ui/views/ssl_client_certificate_selector.cc
diff --git a/chrome/browser/ui/views/ssl_client_certificate_selector.cc b/chrome/browser/ui/views/ssl_client_certificate_selector.cc
index 0176e6528f177ad45408e4c6c9bbc9f6c31db040..97783932dcc6458b36e2852a6719426eb68d75bc 100644
--- a/chrome/browser/ui/views/ssl_client_certificate_selector.cc
+++ b/chrome/browser/ui/views/ssl_client_certificate_selector.cc
@@ -21,14 +21,10 @@
 #include "ui/views/controls/label.h"
 #include "ui/views/widget/widget.h"
 
-#if defined(USE_NSS_CERTS) && !defined(OS_CHROMEOS)
-#include "chrome/browser/ui/crypto_module_password_dialog_nss.h"
-#endif
-
 SSLClientCertificateSelector::SSLClientCertificateSelector(
     content::WebContents* web_contents,
     const scoped_refptr<net::SSLCertRequestInfo>& cert_request_info,
-    net::CertificateList client_certs,
+    net::ClientCertIdentityList client_certs,
     std::unique_ptr<content::ClientCertificateDelegate> delegate)
     : CertificateSelector(std::move(client_certs), web_contents),
       SSLClientAuthObserver(web_contents->GetBrowserContext(),
@@ -63,29 +59,22 @@ void SSLClientCertificateSelector::DeleteDelegate() {
   // to abort instead of proceeding with a null certificate. (This will be
   // ignored if there was a previous call to CertificateSelected or
   // CancelCertificateSelection.)
-  CertificateSelected(nullptr);
+  CertificateSelected(nullptr, nullptr);
   chrome::CertificateSelector::DeleteDelegate();
 }
 
-bool SSLClientCertificateSelector::Accept() {
-  scoped_refptr<net::X509Certificate> cert = GetSelectedCert();
-  if (cert.get()) {
-    // Remove the observer before we try unlocking, otherwise we might act on a
-    // notification while waiting for the unlock dialog, causing us to delete
-    // ourself before the Unlocked callback gets called.
-    StopObserving();
-#if defined(USE_NSS_CERTS) && !defined(OS_CHROMEOS)
-    chrome::UnlockCertSlotIfNecessary(
-        cert.get(), chrome::kCryptoModulePasswordClientAuth,
-        cert_request_info()->host_and_port, GetWidget()->GetNativeView(),
-        base::Bind(&SSLClientCertificateSelector::Unlocked,
-                   base::Unretained(this), base::RetainedRef(cert)));
-#else
-    Unlocked(cert.get());
-#endif
-    return false;  // Unlocked() will close the dialog.
-  }
-
+bool SSLClientCertificateSelector::AcceptCertificate(
+    std::unique_ptr<net::ClientCertIdentity> identity) {
+  // Remove the observer before we try acquiring private key, otherwise we
+  // might act on a notification while waiting for the callback, causing us
+  // to delete ourself before the callback gets called.
+  StopObserving();
+  net::X509Certificate* cert = identity->certificate();
+  net::ClientCertIdentity::SelfOwningAcquirePrivateKey(
+      std::move(identity),
+      base::Bind(&SSLClientCertificateSelector::GotPrivateKey,
+                 weak_ptr_factory_.GetWeakPtr(), base::Unretained(cert)));
+  // GotPrivateKey() will close the dialog. It may be run synchronously.
   return false;
 }
 
@@ -94,8 +83,10 @@ void SSLClientCertificateSelector::WebContentsDestroyed() {
   CancelCertificateSelection();
 }
 
-void SSLClientCertificateSelector::Unlocked(net::X509Certificate* cert) {
-  CertificateSelected(cert);
+void SSLClientCertificateSelector::GotPrivateKey(
+    net::X509Certificate* cert,
+    scoped_refptr<net::SSLPrivateKey> private_key) {
+  CertificateSelected(cert, private_key.get());
   GetWidget()->Close();
 }
 
@@ -104,7 +95,7 @@ namespace chrome {
 void ShowSSLClientCertificateSelector(
     content::WebContents* contents,
     net::SSLCertRequestInfo* cert_request_info,
-    net::CertificateList client_certs,
+    net::ClientCertIdentityList client_certs,
     std::unique_ptr<content::ClientCertificateDelegate> delegate) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);