Enable system NSS key slot.

net/cert/nss_cert_database.h

Index: net/cert/nss_cert_database.h
diff --git a/net/cert/nss_cert_database.h b/net/cert/nss_cert_database.h
index 4c47429303d8dbb60593ce7d3a15612e698e5939..16aeb553d61f38791e18c683458dd0a9de6c065f 100644
--- a/net/cert/nss_cert_database.h
+++ b/net/cert/nss_cert_database.h
@@ -130,6 +130,12 @@ class NET_EXPORT NSSCertDatabase {
   virtual void ListCertsInSlot(const ListCertsCallback& callback,
                                PK11SlotInfo* slot);
 
+#if defined(OS_CHROMEOS)

[Ryan Sleevi, 2014/07/29 23:53:15]

This feels like a layering violation to me, to have it declared on the base, but
only OS_CHROMEOS, but then overridden in the _chromeos file.

Should this just be always declared (no ifdef)?

[pneubeck (no reviews), 2014/07/30 06:27:39]

Yes! Totally agreed. This shouldn't be present on Linux at all. But,
NSSCertDatabaseChromeOS is not exposed to the consumers in the UI.
And the correct solution might be to have something like a GetChromeOSPart()
which returns an object that contains all ChromeOS specifics. Ok to punt?
I can do that if you think it's better, abstract however will not work because
even on ChromeOS the base class is instantiated in tests.

[Ryan Sleevi, 2014/07/30 06:45:30]

That would still be a pretty egregious layering violation. Agreed to punt, since
we need to work out the details.
Then we definitely have layering issues to fix.

+  // Get the slot for system-wide key data. May be NULL if the system token was
+  // not explicitly set.
+  virtual crypto::ScopedPK11Slot GetSystemSlot() const;
+#endif
+
   // Get the default slot for public key data.
   crypto::ScopedPK11Slot GetPublicSlot() const;