Refactor client cert private key handling.

chrome/browser/chromeos/platform_keys/platform_keys_nss.cc

Index: chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
diff --git a/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc b/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
index 04a6af4ec6d907899ae5911cd002a38ffb7656ce..ec306f03b1a7e9eb01b9e969ebc2330288fd54d7 100644
--- a/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
+++ b/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
@@ -546,11 +546,17 @@ void SignRSAWithDB(std::unique_ptr<SignRSAState> state,
 // SelectCertificatesOnIOThread().
 void DidSelectCertificatesOnIOThread(
     std::unique_ptr<SelectCertificatesState> state,
-    net::CertificateList certs) {
+    net::ClientCertIdentityList identities) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
-  state->CallBack(FROM_HERE,
-                  base::MakeUnique<net::CertificateList>(std::move(certs)),
-                  std::string() /* no error */);
+  // Convert the ClientCertIdentityList to a CertificateList since returning
+  // ClientCertIdentities would require changing the platformKeys extension
+  // api. This assumes that the necessary keys can be found later with
+  // crypto::FindNSSKeyFromPublicKeyInfo.
+  std::unique_ptr<net::CertificateList> certs =
+      base::MakeUnique<net::CertificateList>();
+  for (const std::unique_ptr<net::ClientCertIdentity>& identity : identities)
+    certs->push_back(identity->certificate());
+  state->CallBack(FROM_HERE, std::move(certs), std::string() /* no error */);
 }
 
 // Continues selecting certificates on the IO thread. Used by