Remove nss_util dependency from ClientCertStoreChromeOS.

net/ssl/client_cert_store_chromeos.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_SSL_CLIENT_CERT_STORE_CHROMEOS_H_
 #define NET_SSL_CLIENT_CERT_STORE_CHROMEOS_H_
 
 #include <string>
 
-#include "crypto/scoped_nss_types.h"
-#include "net/cert/nss_profile_filter_chromeos.h"
+#include "base/memory/scoped_ptr.h"
 #include "net/ssl/client_cert_store_nss.h"
 
 namespace net {
 
+class X509Certificate;
+
 class NET_EXPORT ClientCertStoreChromeOS : public ClientCertStoreNSS {
  public:
-  // Constructs a ClientCertStore that will return client certs available on
-  // the user's private and public slots. If |use_system_slot| is true, certs on
-  // the system slot will also be returned.
+  class CertFilter {
+   public:
+    virtual ~CertFilter() {}
+    // Initializes this filter. Returns true if it finished initialization,

[Ryan Sleevi, 2014/10/29 23:48:08]

nit: newline

[pneubeck (no reviews), 2014/10/30 08:24:40]

Done.

+    // otherwise returns false and calls |callback| once the initialization is
+    // completed.
+    // Must be called at most once.
+    virtual bool Init(const base::Closure& callback) = 0;
+
+    // Returns true if |cert| is allowed to be used as a client certificate
+    // (e.g. for a certain browser context or user).
+    // This is only called once initialization is finished, see Init().
+    virtual bool IsCertAllowed(
+        const scoped_refptr<X509Certificate>& cert) const = 0;
+  };
+
+  // This ClientCertStore will createy a filter using |profile_filter_factory|

[Ryan Sleevi, 2014/10/29 23:48:08]

nit: creaty -> create

This comment is no longer accurate though - it doesn't use _factory

[pneubeck (no reviews), 2014/10/30 08:24:40]

Done.

+  // and only return client certs that pass this filter.
   ClientCertStoreChromeOS(
-      bool use_system_slot,
-      const std::string& username_hash,
+      scoped_ptr<CertFilter> cert_filter,
       const PasswordDelegateFactory& password_delegate_factory);
   virtual ~ClientCertStoreChromeOS();
 
   // ClientCertStoreNSS:
   virtual void GetClientCerts(const SSLCertRequestInfo& cert_request_info,
                               CertificateList* selected_certs,
                               const base::Closure& callback) override;
 
  protected:
   // ClientCertStoreNSS:
   virtual void GetClientCertsImpl(CERTCertList* cert_list,
                                   const SSLCertRequestInfo& request,
                                   bool query_nssdb,
                                   CertificateList* selected_certs) override;
 
  private:
-  void DidGetSystemAndPrivateSlot(const SSLCertRequestInfo* request,
-                                  CertificateList* selected_certs,
-                                  const base::Closure& callback,
-                                  crypto::ScopedPK11Slot system_slot,
-                                  crypto::ScopedPK11Slot private_slot);
+  void CertFilterInitialized(const SSLCertRequestInfo* request,
+                             CertificateList* selected_certs,
+                             const base::Closure& callback);
 
-  bool use_system_slot_;
-  std::string username_hash_;
-  NSSProfileFilterChromeOS profile_filter_;
+  scoped_ptr<CertFilter> cert_filter_;
 
   DISALLOW_COPY_AND_ASSIGN(ClientCertStoreChromeOS);
 };
 
 }  // namespace net
 
 #endif  // NET_SSL_CLIENT_CERT_STORE_CHROMEOS_H_