Enable system NSS key slot.

net/ssl/client_cert_store_chromeos.cc

Index: net/ssl/client_cert_store_chromeos.cc
diff --git a/net/ssl/client_cert_store_chromeos.cc b/net/ssl/client_cert_store_chromeos.cc
index bd4a5c47ccbacc55a2560b959155bd2b4c3af274..3f6e48170922fda9450a798a0eac8ab284200167 100644
--- a/net/ssl/client_cert_store_chromeos.cc
+++ b/net/ssl/client_cert_store_chromeos.cc
@@ -12,11 +12,42 @@
 
 namespace net {
 
+namespace {
+
+void GotSystemSlotGetPrivateSlot(

[Ryan Sleevi, 2014/07/29 00:23:16]

This is really poorly named. I don't even know what to suggest as an
alternative.

[pneubeck (no reviews), 2014/07/29 16:00:15]

Added a comment and hopefully improved the naming.

I should consider for the future CertDatabase design, to provide a nice way to
retrieve multiple slots asynchronously with a single call. These callback
sequences are... ^^

+    const std::string& username_hash,
+    const base::Callback<void(crypto::ScopedPK11Slot, crypto::ScopedPK11Slot)>&
+        callback,
+    crypto::ScopedPK11Slot system_slot) {
+  base::Callback<void(crypto::ScopedPK11Slot)> wrapped_callback =
+      base::Bind(callback, base::Passed(&system_slot));
+
+  crypto::ScopedPK11Slot slot(
+      crypto::GetPrivateSlotForChromeOSUser(username_hash, wrapped_callback));
+  if (slot)
+    wrapped_callback.Run(slot.Pass());
+}
+
+void GetSystemAndPrivateSlot(
+    const std::string& username_hash,
+    const base::Callback<void(crypto::ScopedPK11Slot, crypto::ScopedPK11Slot)>&
+        callback) {
+  crypto::ScopedPK11Slot system_slot(crypto::GetSystemNSSKeySlot(
+      base::Bind(&GotSystemSlotGetPrivateSlot, username_hash, callback)));
+  if (system_slot)
+    GotSystemSlotGetPrivateSlot(username_hash, callback, system_slot.Pass());
+}
+
+}  // namespace
+
 ClientCertStoreChromeOS::ClientCertStoreChromeOS(
+    bool use_system_slot,
     const std::string& username_hash,
     const PasswordDelegateFactory& password_delegate_factory)
     : ClientCertStoreNSS(password_delegate_factory),
-      username_hash_(username_hash) {}
+      use_system_slot_(use_system_slot),
+      username_hash_(username_hash) {
+}
 
 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {}
 
@@ -24,24 +55,30 @@ void ClientCertStoreChromeOS::GetClientCerts(
     const SSLCertRequestInfo& cert_request_info,
     CertificateList* selected_certs,
     const base::Closure& callback) {
-  crypto::ScopedPK11Slot private_slot(crypto::GetPrivateSlotForChromeOSUser(
-      username_hash_,
-      base::Bind(&ClientCertStoreChromeOS::DidGetPrivateSlot,
-                 // Caller is responsible for keeping the ClientCertStore alive
-                 // until the callback is run.
-                 base::Unretained(this),
-                 &cert_request_info,
-                 selected_certs,
-                 callback)));
-  if (private_slot)
-    DidGetPrivateSlot(
-        &cert_request_info, selected_certs, callback, private_slot.Pass());
+  base::Callback<void(crypto::ScopedPK11Slot, crypto::ScopedPK11Slot)>
+      bound_callback = base::Bind(
+          &ClientCertStoreChromeOS::DidGetPrivateAndSystemSlot,
+          // Caller is responsible for keeping the ClientCertStore alive
+          // until the callback is run.
+          base::Unretained(this),
+          &cert_request_info,
+          selected_certs,
+          callback);
+
+  if (use_system_slot_) {
+    GetSystemAndPrivateSlot(username_hash_, bound_callback);
+  } else {
+    // Skip getting the system slot.
+    GotSystemSlotGetPrivateSlot(
+        username_hash_, bound_callback, crypto::ScopedPK11Slot());
+  }
 }
 
-void ClientCertStoreChromeOS::GetClientCertsImpl(CERTCertList* cert_list,
-                                            const SSLCertRequestInfo& request,
-                                            bool query_nssdb,
-                                            CertificateList* selected_certs) {
+void ClientCertStoreChromeOS::GetClientCertsImpl(
+    CERTCertList* cert_list,
+    const SSLCertRequestInfo& request,
+    bool query_nssdb,
+    CertificateList* selected_certs) {
   ClientCertStoreNSS::GetClientCertsImpl(
       cert_list, request, query_nssdb, selected_certs);
 
@@ -57,13 +94,15 @@ void ClientCertStoreChromeOS::GetClientCertsImpl(CERTCertList* cert_list,
            << pre_size << " certs";
 }
 
-void ClientCertStoreChromeOS::DidGetPrivateSlot(
+void ClientCertStoreChromeOS::DidGetPrivateAndSystemSlot(
     const SSLCertRequestInfo* request,
     CertificateList* selected_certs,
     const base::Closure& callback,
+    crypto::ScopedPK11Slot system_slot,
     crypto::ScopedPK11Slot private_slot) {
   profile_filter_.Init(crypto::GetPublicSlotForChromeOSUser(username_hash_),
-                       private_slot.Pass());
+                       private_slot.Pass(),
+                       system_slot.Pass());
   ClientCertStoreNSS::GetClientCerts(*request, selected_certs, callback);
 }