Remove the deprecated NSSCertDatabase::GetInstance() .

net/cert/nss_cert_database.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/nss_cert_database.h"
 
 #include <cert.h>
 #include <certdb.h>
 #include <keyhi.h>
 #include <pk11pub.h>
 #include <secmod.h>
 
 #include "base/bind.h"
 #include "base/callback.h"
-#include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/observer_list_threadsafe.h"
 #include "base/task_runner.h"
 #include "base/task_runner_util.h"
 #include "base/threading/worker_pool.h"
-#include "crypto/nss_util.h"
-#include "crypto/nss_util_internal.h"
 #include "crypto/scoped_nss_types.h"
 #include "net/base/crypto_module.h"
 #include "net/base/net_errors.h"
 #include "net/cert/cert_database.h"
 #include "net/cert/x509_certificate.h"
 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h"
 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h"
 
 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use
 // the new name of the macro.
 #if !defined(CERTDB_TERMINAL_RECORD)
 #define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER
 #endif
 
 // PSM = Mozilla's Personal Security Manager.
 namespace psm = mozilla_security_manager;
 
 namespace net {
 
 namespace {
 
+// TODO(pneubeck): Move this class to chrome/browser/net/nss_context .

[Ryan Sleevi, 2014/07/22 08:31:58]

TODO with a bug #?

Feels gross mentioning //chrome/browser/net in //net here.

[pneubeck (no reviews), 2014/07/22 09:51:50]

Done.

 // Helper that observes events from the NSSCertDatabase and forwards them to
 // the given CertDatabase.
 class CertNotificationForwarder : public NSSCertDatabase::Observer {
  public:
   explicit CertNotificationForwarder(CertDatabase* cert_db)
       : cert_db_(cert_db) {}
 
   virtual ~CertNotificationForwarder() {}
 
   // NSSCertDatabase::Observer implementation:
   virtual void OnCertAdded(const X509Certificate* cert) OVERRIDE {
     cert_db_->NotifyObserversOfCertAdded(cert);
   }
 
   virtual void OnCertRemoved(const X509Certificate* cert) OVERRIDE {
     cert_db_->NotifyObserversOfCertRemoved(cert);
   }
 
   virtual void OnCACertChanged(const X509Certificate* cert) OVERRIDE {
     cert_db_->NotifyObserversOfCACertChanged(cert);
   }
 
  private:
   CertDatabase* cert_db_;
 
   DISALLOW_COPY_AND_ASSIGN(CertNotificationForwarder);
 };
 
-base::LazyInstance<NSSCertDatabase>::Leaky
-    g_nss_cert_database = LAZY_INSTANCE_INITIALIZER;
-
 }  // namespace
 
 NSSCertDatabase::ImportCertFailure::ImportCertFailure(
     const scoped_refptr<X509Certificate>& cert,
     int err)
     : certificate(cert), net_error(err) {}
 
 NSSCertDatabase::ImportCertFailure::~ImportCertFailure() {}
 
-// static
-NSSCertDatabase* NSSCertDatabase::GetInstance() {
-  // TODO(mattm): Remove this ifdef guard once the linux impl of
-  // GetNSSCertDatabaseForResourceContext does not call GetInstance.
-#if defined(OS_CHROMEOS)
-  LOG(ERROR) << "NSSCertDatabase::GetInstance() is deprecated."
-             << "See http://crbug.com/329735.";
-#endif
-  return &g_nss_cert_database.Get();
-}
-
-NSSCertDatabase::NSSCertDatabase()
-    : observer_list_(new ObserverListThreadSafe<Observer>),
+NSSCertDatabase::NSSCertDatabase(crypto::ScopedPK11Slot persistent_slot)
+    : persistent_slot_(persistent_slot.Pass()),
+      observer_list_(new ObserverListThreadSafe<Observer>),
       weak_factory_(this) {
   // This also makes sure that NSS has been initialized.
   CertDatabase* cert_db = CertDatabase::GetInstance();
   cert_notification_forwarder_.reset(new CertNotificationForwarder(cert_db));
   AddObserver(cert_notification_forwarder_.get());
 
   psm::EnsurePKCS12Init();
 }
 
 NSSCertDatabase::~NSSCertDatabase() {}
@@ skipping 25 matching lines @@
   CertificateList* raw_certs = certs.get();
   GetSlowTaskRunner()->PostTaskAndReply(
       FROM_HERE,
       base::Bind(&NSSCertDatabase::ListCertsImpl,
                  base::Passed(crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot))),
                  base::Unretained(raw_certs)),
       base::Bind(callback, base::Passed(&certs)));
 }
 
 crypto::ScopedPK11Slot NSSCertDatabase::GetPublicSlot() const {
-  return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot());
+  DCHECK(persistent_slot_);
+  return crypto::ScopedPK11Slot(PK11_ReferenceSlot(persistent_slot_.get()));
 }
 
 crypto::ScopedPK11Slot NSSCertDatabase::GetPrivateSlot() const {
-  return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot());
+  DCHECK(persistent_slot_);
+  return crypto::ScopedPK11Slot(PK11_ReferenceSlot(persistent_slot_.get()));
 }
 
 CryptoModule* NSSCertDatabase::GetPublicModule() const {
   crypto::ScopedPK11Slot slot(GetPublicSlot());
   return CryptoModule::CreateFromHandle(slot.get());
 }
 
 CryptoModule* NSSCertDatabase::GetPrivateModule() const {
   crypto::ScopedPK11Slot slot(GetPrivateSlot());
   return CryptoModule::CreateFromHandle(slot.get());
@@ skipping 314 matching lines @@
   } else {
     if (SEC_DeletePermCertificate(cert->os_cert_handle())) {
       LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError();
       return false;
     }
   }
   return true;
 }
 
 }  // namespace net