Replace c/b/nss_context by a KeyedService.

chrome/browser/chromeos/net/client_cert_filter_chromeos.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h"
 
 #include "base/bind.h"
-#include "crypto/nss_util_internal.h"
+#include "components/cert_database/public/cert_database_service_io_part.h"
+#include "net/cert/nss_cert_database.h"
 #include "net/cert/x509_certificate.h"
 
 namespace chromeos {
 
 ClientCertFilterChromeOS::ClientCertFilterChromeOS(
-    bool use_system_slot,
-    const std::string& username_hash)
-    : init_called_(false),
-      use_system_slot_(use_system_slot),
-      username_hash_(username_hash),
-      weak_ptr_factory_(this) {
+    const base::WeakPtr<cert_database::CertDatabaseServiceIOPart>& cert_db_io)
+    : init_called_(false), cert_db_io_(cert_db_io), weak_ptr_factory_(this) {
 }
 
 ClientCertFilterChromeOS::~ClientCertFilterChromeOS() {
 }
 
 bool ClientCertFilterChromeOS::Init(const base::Closure& callback) {
   DCHECK(!init_called_);
   init_called_ = true;
 
   init_callback_ = callback;
-  if (use_system_slot_) {
-    system_slot_ = crypto::GetSystemNSSKeySlot(
-                       base::Bind(&ClientCertFilterChromeOS::GotSystemSlot,
-                                  weak_ptr_factory_.GetWeakPtr())).Pass();
+
+  if (!cert_db_io_) {
+    LOG(WARNING) << "Certificate database already shutdown.";
+    // Do not call back if we initialized synchronously.
+    return true;
   }
-  private_slot_ =
-      crypto::GetPrivateSlotForChromeOSUser(
-          username_hash_, base::Bind(&ClientCertFilterChromeOS::GotPrivateSlot,
-                                     weak_ptr_factory_.GetWeakPtr())).Pass();
 
-  // Do not call back if we initialized synchronously.
-  return InitIfSlotsAvailable();
+  net::NSSCertDatabase* cert_db = cert_db_io_->GetNSSCertDatabase(
+      base::Bind(&ClientCertFilterChromeOS::GotNSSCertDatabase,
+                 weak_ptr_factory_.GetWeakPtr()));
+  if (cert_db) {
+    InitNSSProfileFilter(cert_db);
+    // Do not call back if we initialized synchronously.
+    return true;
+  }
+
+  return false;
 }
 
 bool ClientCertFilterChromeOS::IsCertAllowed(
     const scoped_refptr<net::X509Certificate>& cert) const {
   return nss_profile_filter_.IsCertAllowed(cert->os_cert_handle());
 }
 
-void ClientCertFilterChromeOS::GotSystemSlot(
-    crypto::ScopedPK11Slot system_slot) {
-  system_slot_ = system_slot.Pass();
-  if (InitIfSlotsAvailable() && !init_callback_.is_null())
+void ClientCertFilterChromeOS::GotNSSCertDatabase(
+    net::NSSCertDatabase* nss_cert_db) {
+  InitNSSProfileFilter(nss_cert_db);
+  if (!init_callback_.is_null())
     init_callback_.Run();
 }
 
-void ClientCertFilterChromeOS::GotPrivateSlot(
-    crypto::ScopedPK11Slot private_slot) {
-  private_slot_ = private_slot.Pass();
-  if (InitIfSlotsAvailable() && !init_callback_.is_null())
-    init_callback_.Run();
-}
-
-bool ClientCertFilterChromeOS::InitIfSlotsAvailable() {
-  if ((use_system_slot_ && !system_slot_) || !private_slot_)
-    return false;
-  nss_profile_filter_.Init(crypto::GetPublicSlotForChromeOSUser(username_hash_),
-                           private_slot_.Pass(),
-                           system_slot_.Pass());
-  return true;
+void ClientCertFilterChromeOS::InitNSSProfileFilter(
+    net::NSSCertDatabase* nss_cert_db) {
+  if (!nss_cert_db) {
+    LOG(WARNING) << "No NSSCertDatabase available.";
+    return;
+  }
+  nss_profile_filter_.Init(nss_cert_db->GetPublicSlot(),
+                           nss_cert_db->GetPrivateSlot(),
+                           nss_cert_db->GetSystemSlot());
 }
 
 }  // namespace chromeos