Update keygen to use correct NSS slot on ChromeOS multiprofile.

chrome/browser/ui/crypto_module_delegate_nss.h

+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_UI_CRYPTO_MODULE_DELEGATE_NSS_H_
+#define CHROME_BROWSER_UI_CRYPTO_MODULE_DELEGATE_NSS_H_
+
+#include <string>
+
+#include "base/compiler_specific.h"
+#include "base/synchronization/waitable_event.h"
+#include "chrome/browser/ui/crypto_module_password_dialog.h"
+#include "crypto/nss_crypto_module_delegate.h"
+
+namespace content {
+class ResourceContext;
+}
+
+class ChromeNSSCryptoModuleDelegate

[Ryan Sleevi, 2013/12/05 00:23:19]

Why is the free function in namespace chrome, but not this class?

[mattm, 2013/12/05 04:41:25]

hm, I guess I didn't like chrome::NSSCryptoModuleDelegate since it could be
confusing to have the same named class in multiple namespaces. I'll just move
the function out of the namespace.

+    : public crypto::NSSCryptoModuleDelegate {
+ public:
+  // Create a ChromeNSSCryptoModuleDelegate. |reason| is used to select what
+  // string to show the user, |server| is displayed to indicate which connection
+  // is causing the dialog to appear.
+  ChromeNSSCryptoModuleDelegate(chrome::CryptoModulePasswordReason reason,
+                                const std::string& server);

[Ryan Sleevi, 2013/12/05 00:23:19]

I feel like we definitely should be using the GURL here if it's a user-visible
string. The KeygenHandler has the GURL (since Safari uses it w/ Keychain Access
in the WebKit impl, for example)

[mattm, 2013/12/05 04:41:25]

This can also be used with client auth, where the SSLCertRequestInfo only has a
std::string host_and_port. We should probably switch that to a HostPortPair at
least, then this could also take a HostPortPair. Mind if I do all that in a
separate CL?

+
+  virtual ~ChromeNSSCryptoModuleDelegate();
+
+  // Must be called on IO thread. Returns true if the delegate is ready for use.
+  // If |initialization_complete_callback| is non-null, the initialization will
+  // proceed asynchronously and the callback will be run once the delegate is
+  // ready to use.
+  bool InitializeSlot(content::ResourceContext* context,
+                      const base::Closure& initialization_complete_callback)
+      WARN_UNUSED_RESULT;

[Ryan Sleevi, 2013/12/05 00:23:19]

Unnecessary W_U_R

[mattm, 2013/12/05 04:41:25]

I think this one is necessary. If you pass a callback and then don't check the
result, you can't know if it's safe to use or not.

+
+  // crypto::NSSCryptoModuleDelegate implementation.
+  virtual crypto::ScopedPK11Slot RequestSlot() OVERRIDE;
+
+  // crypto::CryptoModuleBlockingPasswordDelegate implementation.
+  virtual std::string RequestPassword(const std::string& slot_name,
+                                      bool retry,
+                                      bool* cancelled) OVERRIDE;
+
+ private:
+  void ShowDialog(const std::string& slot_name, bool retry);
+
+  void GotPassword(const char* password);
+
+  void DidGetSlot(const base::Closure& callback, crypto::ScopedPK11Slot slot);
+
+  base::WaitableEvent event_;
+  chrome::CryptoModulePasswordReason reason_;
+  std::string server_;
+  std::string password_;
+  crypto::ScopedPK11Slot slot_;
+  bool cancelled_;
+
+  DISALLOW_COPY_AND_ASSIGN(ChromeNSSCryptoModuleDelegate);
+};
+
+namespace chrome {
+
+crypto::CryptoModuleBlockingPasswordDelegate*
+    CreateCryptoModuleBlockingPasswordDelegate(
+        CryptoModulePasswordReason reason,
+        const std::string& server);
+
+}  // namespace chrome
+
+#endif  // CHROME_BROWSER_UI_CRYPTO_MODULE_DELEGATE_NSS_H_