Update keygen to use correct NSS slot on ChromeOS multiprofile.

chrome/browser/ui/crypto_module_delegate_nss.cc

Index: chrome/browser/ui/crypto_module_delegate_nss.cc
diff --git a/chrome/browser/ui/crypto_module_delegate_nss.cc b/chrome/browser/ui/crypto_module_delegate_nss.cc
new file mode 100644
index 0000000000000000000000000000000000000000..2bc250386cbe026b437ffd93e1faf27f5a322efc
--- /dev/null
+++ b/chrome/browser/ui/crypto_module_delegate_nss.cc
@@ -0,0 +1,102 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.

[sky, 2013/12/11 14:20:42]

2013?

[mattm, 2013/12/11 23:12:09]

Done.

+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ui/crypto_module_delegate_nss.h"
+
+#include "base/basictypes.h"
+#include "base/bind.h"
+#include "chrome/browser/net/nss_context.h"
+#include "content/public/browser/browser_thread.h"
+
+using content::BrowserThread;
+
+ChromeNSSCryptoModuleDelegate::ChromeNSSCryptoModuleDelegate(
+    chrome::CryptoModulePasswordReason reason,
+    const std::string& server)
+    : reason_(reason),
+      server_(server),
+      event_(false, false),
+      cancelled_(false) {}
+
+ChromeNSSCryptoModuleDelegate::~ChromeNSSCryptoModuleDelegate() {}
+
+bool ChromeNSSCryptoModuleDelegate::InitializeSlot(
+    content::ResourceContext* context,
+    const base::Closure& initialization_complete_callback) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+  base::Callback<void(crypto::ScopedPK11Slot)> get_slot_callback;
+  if (!initialization_complete_callback.is_null())
+    get_slot_callback = base::Bind(&ChromeNSSCryptoModuleDelegate::DidGetSlot,
+                                   base::Unretained(this),

[sky, 2013/12/11 14:20:42]

How do you know its safe to use unretained here?

[mattm, 2013/12/11 23:12:09]

It depends on the caller keeping it alive (ex by having the callback own the
pointer).

I thought I had a comment about that, must have got lost in some revisions. 
Added.

+                                   initialization_complete_callback);
+
+  slot_ = GetPrivateNSSKeySlotForResourceContext(context, get_slot_callback);
+  return slot_.get() != NULL;
+}
+
+// TODO(mattm): allow choosing which slot to generate and store the key.
+crypto::ScopedPK11Slot ChromeNSSCryptoModuleDelegate::RequestSlot() {
+  return slot_.Pass();
+}
+
+std::string ChromeNSSCryptoModuleDelegate::RequestPassword(
+    const std::string& slot_name,
+    bool retry,
+    bool* cancelled) {
+  DCHECK(!event_.IsSignaled());
+  event_.Reset();
+
+  if (BrowserThread::PostTask(

[sky, 2013/12/11 14:20:42]

What thread is this wrong on that is safe to block?

[mattm, 2013/12/11 23:12:09]

It is run on a WorkerPool thread.

[sky, 2013/12/12 00:25:13]

Is it possible to convert from blocking to a callback?

[mattm, 2013/12/12 00:28:57]

Unfortunately not. NSS only supports doing a blocking call.

+          BrowserThread::UI,
+          FROM_HERE,
+          base::Bind(&ChromeNSSCryptoModuleDelegate::ShowDialog,
+                     // This method blocks on |event_| until the task completes,
+                     // so there's no need to ref-count.
+                     base::Unretained(this),
+                     slot_name,
+                     retry))) {
+    event_.Wait();
+  }
+  *cancelled = cancelled_;
+  return password_;
+}
+
+void ChromeNSSCryptoModuleDelegate::ShowDialog(const std::string& slot_name,
+                                               bool retry) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  ShowCryptoModulePasswordDialog(
+      slot_name,
+      retry,
+      reason_,
+      server_,
+      NULL,  // TODO(mattm): Supply parent window.
+      base::Bind(&ChromeNSSCryptoModuleDelegate::GotPassword,
+                 // RequestPassword is blocked on |event_| until GotPassword is
+                 // called, so there's no need to ref-count.
+                 base::Unretained(this)));
+}
+
+void ChromeNSSCryptoModuleDelegate::GotPassword(const char* password) {

[sky, 2013/12/11 14:20:42]

Can this be a std::string so that I don't have to wonder about the lifetime of
password?

[mattm, 2013/12/11 23:12:09]

Done.

+  if (password)
+    password_ = password;
+  else
+    cancelled_ = true;
+  event_.Signal();
+}
+
+void ChromeNSSCryptoModuleDelegate::DidGetSlot(const base::Closure& callback,
+                                               crypto::ScopedPK11Slot slot) {
+  slot_ = slot.Pass();
+  callback.Run();
+}
+
+crypto::CryptoModuleBlockingPasswordDelegate*
+CreateCryptoModuleBlockingPasswordDelegate(
+    chrome::CryptoModulePasswordReason reason,
+    const std::string& server) {
+  // Returns a ChromeNSSCryptoModuleDelegate without calling InitializeSlot.
+  // Since it is only being used as a CreateCryptoModuleBlockingDialogDelegate,
+  // initializing the slot handle is unnecessary.
+  return new ChromeNSSCryptoModuleDelegate(reason, server);
+}