Replace c/b/nss_context by a KeyedService.

chromeos/network/client_cert_store_chromeos.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/ssl/client_cert_store_chromeos.h"
+#include "chromeos/network/client_cert_store_chromeos.h"
 
 #include <cert.h>
 
 #include "base/bind.h"
-#include "crypto/nss_crypto_module_delegate.h"
-#include "crypto/nss_util_internal.h"
+#include "base/logging.h"
+#include "components/cert_database/public/cert_database_service_io_part.h"
+#include "net/cert/nss_cert_database.h"
+#include "net/cert/x509_certificate.h"
 
-namespace net {
+namespace chromeos {
 
-namespace {
-
-typedef base::Callback<void(crypto::ScopedPK11Slot system_slot,
-                            crypto::ScopedPK11Slot private_slot)>
-    GetSystemAndPrivateSlotCallback;
-
-// Gets the private slot for the user with the username hash |username_hash| and
-// calls |callback| with both |system_slot| and the obtained private slot.
-void GetPrivateSlotAndCallBack(const std::string& username_hash,
-                               const GetSystemAndPrivateSlotCallback& callback,
-                               crypto::ScopedPK11Slot system_slot) {
-  base::Callback<void(crypto::ScopedPK11Slot)> wrapped_callback =
-      base::Bind(callback, base::Passed(&system_slot));
-
-  crypto::ScopedPK11Slot slot(
-      crypto::GetPrivateSlotForChromeOSUser(username_hash, wrapped_callback));
-  if (slot)
-    wrapped_callback.Run(slot.Pass());
+ClientCertStoreChromeOS::ClientCertStoreChromeOS(
+    const base::WeakPtr<CertDatabaseServiceIOPart>& cert_db_io,
+    const PasswordDelegateFactory& password_delegate_factory)
+    : ClientCertStoreNSS(password_delegate_factory), cert_db_io_(cert_db_io) {
 }
 
-// Gets the system slot, then the private slot for the user with the username
-// hash |username_hash|, and finally calls |callback| with both slots.
-void GetSystemAndPrivateSlot(const std::string& username_hash,
-                             const GetSystemAndPrivateSlotCallback& callback) {
-  crypto::ScopedPK11Slot system_slot(crypto::GetSystemNSSKeySlot(
-      base::Bind(&GetPrivateSlotAndCallBack, username_hash, callback)));
-  if (system_slot)
-    GetPrivateSlotAndCallBack(username_hash, callback, system_slot.Pass());
+ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {
 }
 
-}  // namespace
-
-ClientCertStoreChromeOS::ClientCertStoreChromeOS(
-    bool use_system_slot,
-    const std::string& username_hash,
-    const PasswordDelegateFactory& password_delegate_factory)
-    : ClientCertStoreNSS(password_delegate_factory),
-      use_system_slot_(use_system_slot),
-      username_hash_(username_hash) {
-}
-
-ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {}
-
 void ClientCertStoreChromeOS::GetClientCerts(
-    const SSLCertRequestInfo& cert_request_info,
-    CertificateList* selected_certs,
+    const net::SSLCertRequestInfo& cert_request_info,
+    net::CertificateList* selected_certs,
     const base::Closure& callback) {
-  GetSystemAndPrivateSlotCallback bound_callback =
-      base::Bind(&ClientCertStoreChromeOS::DidGetSystemAndPrivateSlot,
+  if (!cert_db_io_) {
+    LOG(ERROR) << "Cert database shutdown.";
+    return;
+  }
+  base::Callback<void(net::NSSCertDatabase*)> nss_db_callback =
+      base::Bind(&ClientCertStoreChromeOS::DidGetNSSCertDatabase,
                  // Caller is responsible for keeping the ClientCertStore alive
                  // until the callback is run.
                  base::Unretained(this),
                  &cert_request_info,
                  selected_certs,
                  callback);
-
-  if (use_system_slot_) {
-    GetSystemAndPrivateSlot(username_hash_, bound_callback);
-  } else {
-    // Skip getting the system slot.
-    GetPrivateSlotAndCallBack(
-        username_hash_, bound_callback, crypto::ScopedPK11Slot());
-  }
+  net::NSSCertDatabase* cert_db =
+      cert_db_io_->GetNSSCertDatabase(nss_db_callback);
+  if (cert_db)
+    nss_db_callback.Run(cert_db);
 }
 
 void ClientCertStoreChromeOS::GetClientCertsImpl(
     CERTCertList* cert_list,
-    const SSLCertRequestInfo& request,
+    const net::SSLCertRequestInfo& request,
     bool query_nssdb,
-    CertificateList* selected_certs) {
+    net::CertificateList* selected_certs) {
   ClientCertStoreNSS::GetClientCertsImpl(
       cert_list, request, query_nssdb, selected_certs);
 
   size_t pre_size = selected_certs->size();
   selected_certs->erase(
       std::remove_if(
           selected_certs->begin(),
           selected_certs->end(),
-          NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate(
+          net::NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate(
               profile_filter_)),
       selected_certs->end());
   DVLOG(1) << "filtered " << pre_size - selected_certs->size() << " of "
            << pre_size << " certs";
 }
 
-void ClientCertStoreChromeOS::DidGetSystemAndPrivateSlot(
-    const SSLCertRequestInfo* request,
-    CertificateList* selected_certs,
+void ClientCertStoreChromeOS::DidGetNSSCertDatabase(
+    const net::SSLCertRequestInfo* request,
+    net::CertificateList* selected_certs,
     const base::Closure& callback,
-    crypto::ScopedPK11Slot system_slot,
-    crypto::ScopedPK11Slot private_slot) {
-  profile_filter_.Init(crypto::GetPublicSlotForChromeOSUser(username_hash_),
-                       private_slot.Pass(),
-                       system_slot.Pass());
+    net::NSSCertDatabase* nss_cert_db) {
+  profile_filter_.Init(nss_cert_db->GetPublicSlot(),
+                       nss_cert_db->GetPrivateSlot(),
+                       nss_cert_db->GetSystemSlot());
   ClientCertStoreNSS::GetClientCerts(*request, selected_certs, callback);
 }
 
-}  // namespace net
+}  // namespace chromeos