Replace c/b/nss_context by a KeyedService.

chrome/browser/chromeos/net/client_cert_filter_chromeos.h

Index: chrome/browser/chromeos/net/client_cert_filter_chromeos.h
diff --git a/chrome/browser/chromeos/net/client_cert_filter_chromeos.h b/chrome/browser/chromeos/net/client_cert_filter_chromeos.h
index 302a8c959c5ca622175e7746d37c532b5a4706ab..6c6fbe273a0bcdddd50ffd688de5f86d8201d0af 100644
--- a/chrome/browser/chromeos/net/client_cert_filter_chromeos.h
+++ b/chrome/browser/chromeos/net/client_cert_filter_chromeos.h
@@ -13,18 +13,30 @@
 #include "net/cert/nss_profile_filter_chromeos.h"
 #include "net/ssl/client_cert_store_chromeos.h"
 
+namespace cert_database {
+class CertDatabaseServiceIOPart;
+}
+
+namespace net {
+class NSSCertDatabase;
+}
+
 namespace chromeos {
 
 // A client certificate filter that filters by applying a
 // NSSProfileFilterChromeOS.
+// The filter will accept any certificate from slots which are available to the
+// given CertDatabase and accordingly to the user of the owning BrowserContext.
+// That means, that the public, private and system slot are used if available.
+// If an error occurs during the initialization then an empty filter will be
+// used, see the default constructor of NSSProfileFilterChromeOS.
 class ClientCertFilterChromeOS
     : public net::ClientCertStoreChromeOS::CertFilter {
  public:
-  // The internal NSSProfileFilterChromeOS will be initialized with the public
-  // and private slot of the user with |username_hash| and with the system slot
-  // if |use_system_slot| is true.
-  ClientCertFilterChromeOS(bool use_system_slot,
-                           const std::string& username_hash);
+  // The internal NSSProfileFilterChromeOS will be initialized with the public,
+  // private and system slot if they're provided by |cert_db_io|.
+  ClientCertFilterChromeOS(const base::WeakPtr<
+      cert_database::CertDatabaseServiceIOPart>& cert_db_io);
   ~ClientCertFilterChromeOS() override;
 
   // ClientCertStoreChromeOS::CertFilter:
@@ -33,37 +45,17 @@ class ClientCertFilterChromeOS
       const scoped_refptr<net::X509Certificate>& cert) const override;
 
  private:
-  // Called back if the system slot was retrieved asynchronously. Continues the
-  // initialization.
-  void GotSystemSlot(crypto::ScopedPK11Slot system_slot);
+  // Called back if the NSSCertDatabase was retrieved asynchronously. Continues
+  // the initialization.
+  void GotNSSCertDatabase(net::NSSCertDatabase* nss_cert_db);
 
-  // Called back if the private slot was retrieved asynchronously. Continues the
-  // initialization.
-  void GotPrivateSlot(crypto::ScopedPK11Slot private_slot);
+  // Initializes |nss_profile_filter_| with the slots available from
+  // |nss_cert_db|, if not null.
+  void InitNSSProfileFilter(net::NSSCertDatabase* nss_cert_db);
 
-  // If the required slots (|private_slot_| and conditionally |system_slot_|)
-  // are available, initializes |nss_profile_filter_| and returns true.
-  // Otherwise returns false.
-  bool InitIfSlotsAvailable();
-
-  // True once Init() was called.
   bool init_called_;
-
-  // The callback provided to Init(), which may be null. Reset after the filter
-  // is initialized.
   base::Closure init_callback_;
-
-  bool use_system_slot_;
-  std::string username_hash_;
-
-  // Used to store the system slot, if required, for initialization. Will be
-  // null after the filter is initialized.
-  crypto::ScopedPK11Slot system_slot_;
-
-  // Used to store the private slot for initialization. Will be null after the
-  // filter is initialized.
-  crypto::ScopedPK11Slot private_slot_;
-
+  base::WeakPtr<cert_database::CertDatabaseServiceIOPart> cert_db_io_;
   net::NSSProfileFilterChromeOS nss_profile_filter_;
   base::WeakPtrFactory<ClientCertFilterChromeOS> weak_ptr_factory_;
 };