Update keygen to use correct NSS slot on ChromeOS multiprofile.

chrome/browser/ui/crypto_module_delegate_nss.cc

Index: chrome/browser/ui/crypto_module_delegate_nss.cc
diff --git a/chrome/browser/ui/crypto_module_password_dialog.cc b/chrome/browser/ui/crypto_module_delegate_nss.cc
similarity index 52%
rename from chrome/browser/ui/crypto_module_password_dialog.cc
rename to chrome/browser/ui/crypto_module_delegate_nss.cc
index c8b1d0d4776deeb1a08ec04dba5418c1779e6de1..2704a4d6f1e81701cf9432561e4e6c1c4f378187 100644
--- a/chrome/browser/ui/crypto_module_password_dialog.cc
+++ b/chrome/browser/ui/crypto_module_delegate_nss.cc
@@ -2,17 +2,14 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "chrome/browser/ui/crypto_module_password_dialog.h"
+#include "chrome/browser/ui/crypto_module_delegate_nss.h"
 
 #include "base/basictypes.h"
 #include "base/bind.h"
-#include "base/strings/utf_string_conversions.h"
 #include "base/synchronization/waitable_event.h"
+#include "chrome/browser/net/nss_context.h"
 #include "content/public/browser/browser_thread.h"
-#include "crypto/crypto_module_blocking_password_delegate.h"
-#include "grit/generated_resources.h"
-#include "ui/base/l10n/l10n_util.h"
-#include "url/gurl.h"
+#include "crypto/nss_crypto_module_delegate.h"
 
 using content::BrowserThread;
 
@@ -20,23 +17,43 @@ namespace chrome {
 
 namespace {
 
-class CryptoModuleBlockingDialogDelegate
-    : public crypto::CryptoModuleBlockingPasswordDelegate {
+class ChromeNSSCryptoModuleDelegate
+    : public crypto::NSSCryptoModuleDelegate {
  public:
-  CryptoModuleBlockingDialogDelegate(CryptoModulePasswordReason reason,
-                                     const std::string& server)
+  ChromeNSSCryptoModuleDelegate(content::ResourceContext* context,
+                                CryptoModulePasswordReason reason,
+                                const std::string& server)
       : event_(false, false),
+        context_(context),
         reason_(reason),
         server_(server),
-        cancelled_(false) {
-  }
+        cancelled_(false) {}
 
-  virtual ~CryptoModuleBlockingDialogDelegate() {
+  virtual ~ChromeNSSCryptoModuleDelegate() {
     // Make sure we clear the password in memory.
     password_.replace(0, password_.size(), password_.size(), 0);

[Ryan Sleevi, 2013/11/22 00:03:30]

This seems... highly unnecessary.

We should either be doing an optimizer-unfriendly memory erase (which we can't
really do, when using an std::string), or we should just remove this entirely,
because it implies we care about the password at rest, but we've just liberally
copied it around as a string (line 57) that we've given up all hope of managing
that buffer.

[mattm, 2013/11/22 00:30:31]

Done.

   }
 
-  // crypto::CryptoModuleBlockingDialogDelegate implementation.
+  // crypto::NSSCryptoModuleDelegate implementation.
+  virtual void Initialize(const base::Closure& callback) OVERRIDE {
+    DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+    content::ResourceContext* context = context_;
+    context_ = NULL;
+    OnPrivateNSSKeySlotForResourceContextReady(
+        context,
+        base::Bind(&ChromeNSSCryptoModuleDelegate::DidGetSlot,
+                   // Caller is responsible for keeping us alive.

[Ryan Sleevi, 2013/11/22 00:03:30]

Alive until when? How can the caller know when things are safe to tear down?

Should we be using an inner WeakPtr'd helper-core instead?

[mattm, 2013/11/22 00:30:31]

Until we call the callback. I'll update the comment.
 
I think the approach of the caller keeping it alive using base::Passed in the
callback works correctly. We could change it to use a weakptr to make the
interface simpler, though I don't think it would actually change the way
RenderMessageFilter uses it.
If we did use weakptr, I don't think the inner helper approach would be
necessary here, a simple weakptrfactory member should do.

+                   base::Unretained(this),
+                   callback));
+  }
+
+  // TODO(mattm): allow choosing which slot to generate and store the key.
+  virtual crypto::ScopedPK11Slot RequestSlot() OVERRIDE {
+    return slot_.Pass();
+  }
+
+  // crypto::CryptoModuleBlockingPasswordDelegate implementation.
   virtual std::string RequestPassword(const std::string& slot_name,
                                       bool retry,
                                       bool* cancelled) OVERRIDE {
@@ -46,7 +63,7 @@ class CryptoModuleBlockingDialogDelegate
 
     if (BrowserThread::PostTask(
             BrowserThread::UI, FROM_HERE,
-            base::Bind(&CryptoModuleBlockingDialogDelegate::ShowDialog,
+            base::Bind(&ChromeNSSCryptoModuleDelegate::ShowDialog,
                        // We block on event_ until the task completes, so
                        // there's no need to ref-count.
                        base::Unretained(this),
@@ -68,7 +85,7 @@ class CryptoModuleBlockingDialogDelegate
         reason_,
         server_,
         NULL,  // TODO(mattm): Supply parent window.
-        base::Bind(&CryptoModuleBlockingDialogDelegate::GotPassword,
+        base::Bind(&ChromeNSSCryptoModuleDelegate::GotPassword,
                    // We block on event_ until the task completes, so
                    // there's no need to ref-count.
                    base::Unretained(this)));
@@ -82,21 +99,30 @@ class CryptoModuleBlockingDialogDelegate
     event_.Signal();
   }
 
+  void DidGetSlot(const base::Closure& callback, crypto::ScopedPK11Slot slot) {
+    slot_ = slot.Pass();
+    callback.Run();
+  }
+
   base::WaitableEvent event_;
+  content::ResourceContext* context_;
   CryptoModulePasswordReason reason_;
   std::string server_;
   std::string password_;
+  crypto::ScopedPK11Slot slot_;
   bool cancelled_;
 
-  DISALLOW_COPY_AND_ASSIGN(CryptoModuleBlockingDialogDelegate);
+  DISALLOW_COPY_AND_ASSIGN(ChromeNSSCryptoModuleDelegate);
 };
 
 }  // namespace
 
-crypto::CryptoModuleBlockingPasswordDelegate*
-    NewCryptoModuleBlockingDialogDelegate(CryptoModulePasswordReason reason,
-                                          const std::string& server) {
-  return new CryptoModuleBlockingDialogDelegate(reason, server);
+crypto::NSSCryptoModuleDelegate* NewNSSCryptoModuleDelegate(
+    content::ResourceContext* context,
+    CryptoModulePasswordReason reason,
+    const std::string& server) {
+  return new ChromeNSSCryptoModuleDelegate(context, reason, server);
 }
 
+
 }  // namespace chrome