Initialize per-ChromeOS-user NSS slots and provide the functions to access them.

chrome/browser/net/nss_context.h

Index: chrome/browser/net/nss_context.h
diff --git a/chrome/browser/net/nss_context.h b/chrome/browser/net/nss_context.h
new file mode 100644
index 0000000000000000000000000000000000000000..f4885d0d8908f0da1b0b2bac699b50a2476ad8b1
--- /dev/null
+++ b/chrome/browser/net/nss_context.h
@@ -0,0 +1,32 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_NET_NSS_CONTEXT_H_
+#define CHROME_BROWSER_NET_NSS_CONTEXT_H_
+
+#include <string>
+
+#include "base/callback.h"
+#include "base/compiler_specific.h"
+#include "crypto/scoped_nss_types.h"
+
+namespace content {
+class ResourceContext;
+}  // namespace content
+
+// Returns a reference to the public slot for the user associated with
+// |context|.  Should be called only on the IO thread.
+crypto::ScopedPK11Slot GetPublicNSSKeySlotForResourceContext(
+    content::ResourceContext* context) WARN_UNUSED_RESULT;

[Ryan Sleevi, 2013/12/04 20:59:55]

Why W_U_R on these? What's the bad effect you're trying to defend against?

[mattm, 2013/12/04 22:09:28]

Guess I got overzealous, since there's not really any reason to call this
function if you aren't going to use the result. But since there is no harm
either, I'll remove. 

+
+// Returns a reference to the private slot for the user associated with
+// |context|, if it is loaded. If it is not loaded and |callback| is non-null,
+// the |callback| will be run once the slot is loaded.
+// Should be called only on the IO thread.
+crypto::ScopedPK11Slot GetPrivateNSSKeySlotForResourceContext(
+    content::ResourceContext* context,
+    const base::Callback<void(crypto::ScopedPK11Slot)>& callback)
+    WARN_UNUSED_RESULT;
+
+#endif  // CHROME_BROWSER_NET_NSS_CONTEXT_H_