Remove the deprecated NSSCertDatabase::GetInstance() .

net/cert/nss_cert_database.cc

Index: net/cert/nss_cert_database.cc
diff --git a/net/cert/nss_cert_database.cc b/net/cert/nss_cert_database.cc
index 38e60c6cb4510ff9b71d6fbf8c833323acf380c4..7cbdbaddc9cbf5340ca5e23206cdfdd21e4f7832 100644
--- a/net/cert/nss_cert_database.cc
+++ b/net/cert/nss_cert_database.cc
@@ -12,15 +12,12 @@
 
 #include "base/bind.h"
 #include "base/callback.h"
-#include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/observer_list_threadsafe.h"
 #include "base/task_runner.h"
 #include "base/task_runner_util.h"
 #include "base/threading/worker_pool.h"
-#include "crypto/nss_util.h"
-#include "crypto/nss_util_internal.h"
 #include "crypto/scoped_nss_types.h"
 #include "net/base/crypto_module.h"
 #include "net/base/net_errors.h"
@@ -70,9 +67,6 @@ class CertNotificationForwarder : public NSSCertDatabase::Observer {
   DISALLOW_COPY_AND_ASSIGN(CertNotificationForwarder);
 };
 
-base::LazyInstance<NSSCertDatabase>::Leaky
-    g_nss_cert_database = LAZY_INSTANCE_INITIALIZER;
-
 }  // namespace
 
 NSSCertDatabase::ImportCertFailure::ImportCertFailure(
@@ -82,19 +76,9 @@ NSSCertDatabase::ImportCertFailure::ImportCertFailure(
 
 NSSCertDatabase::ImportCertFailure::~ImportCertFailure() {}
 
-// static
-NSSCertDatabase* NSSCertDatabase::GetInstance() {
-  // TODO(mattm): Remove this ifdef guard once the linux impl of
-  // GetNSSCertDatabaseForResourceContext does not call GetInstance.
-#if defined(OS_CHROMEOS)
-  LOG(ERROR) << "NSSCertDatabase::GetInstance() is deprecated."
-             << "See http://crbug.com/329735.";
-#endif
-  return &g_nss_cert_database.Get();
-}
-
-NSSCertDatabase::NSSCertDatabase()
-    : observer_list_(new ObserverListThreadSafe<Observer>),
+NSSCertDatabase::NSSCertDatabase(crypto::ScopedPK11Slot persistent_slot)
+    : persistent_slot_(persistent_slot.Pass()),
+      observer_list_(new ObserverListThreadSafe<Observer>),
       weak_factory_(this) {
   // This also makes sure that NSS has been initialized.
   CertDatabase* cert_db = CertDatabase::GetInstance();
@@ -140,11 +124,15 @@ void NSSCertDatabase::ListCertsInSlot(const ListCertsCallback& callback,
 }
 
 crypto::ScopedPK11Slot NSSCertDatabase::GetPublicSlot() const {
-  return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot());
+  if (!persistent_slot_)
+    return crypto::ScopedPK11Slot();

[Ryan Sleevi, 2014/07/22 01:18:32]

Why is NULL valid? Requires updating the header files, but more importantly, I
think this is a breaking change and we should NEVER allow these to be NULL.

[pneubeck (no reviews), 2014/07/22 08:23:56]

Done.

Note that the DCHECK (PK11_REferenceSlot should crash on NULL) is here at the
usage site and not in the constructor, because the subclass
NSSCertDatabaseChromeOS overrides these to getters and doesn't use the
persistent_slot_.

+  return crypto::ScopedPK11Slot(PK11_ReferenceSlot(persistent_slot_.get()));
 }
 
 crypto::ScopedPK11Slot NSSCertDatabase::GetPrivateSlot() const {
-  return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot());
+  if (!persistent_slot_)
+    return crypto::ScopedPK11Slot();
+  return crypto::ScopedPK11Slot(PK11_ReferenceSlot(persistent_slot_.get()));
 }
 
 CryptoModule* NSSCertDatabase::GetPublicModule() const {