Update keygen to use correct NSS slot on ChromeOS multiprofile.

BUG=302126

Review URL: https://codereview.chromium.org/61643007

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@240868 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 55 insertions, 35 deletions

diff --git a/crypto/crypto.gyp b/crypto/crypto.gyp
index fd80fa5..c932946 100644
--- a/crypto/crypto.gyp
+++ b/crypto/crypto.gyp
@@ -172,7 +172,6 @@
         'capi_util.cc',
         'capi_util.h',
         'crypto_export.h',
-        'crypto_module_blocking_password_delegate.h',
         'cssm_init.cc',
         'cssm_init.h',
         'curve25519.cc',
@@ -204,6 +203,7 @@
         'mock_apple_keychain_mac.cc',
         'p224_spake.cc',
         'p224_spake.h',
+        'nss_crypto_module_delegate.h',
         'nss_util.cc',
         'nss_util.h',
         'nss_util_internal.h',
diff --git a/crypto/crypto_module_blocking_password_delegate.h b/crypto/crypto_module_blocking_password_delegate.h
deleted file mode 100644
index c4acf1a..0000000
--- a/crypto/crypto_module_blocking_password_delegate.h
+++ /dev/null
@@ -1,33 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CRYPTO_CRYPTO_MODULE_BLOCKING_PASSWORD_DELEGATE_H_
-#define CRYPTO_CRYPTO_MODULE_BLOCKING_PASSWORD_DELEGATE_H_
-
-#include <string>
-
-namespace crypto {
-
-// PK11_SetPasswordFunc is a global setting.  An implementation of
-// CryptoModuleBlockingPasswordDelegate should be passed as the user data
-// argument (|wincx|) to relevant NSS functions, which the global password
-// handler will call to do the actual work.
-class CryptoModuleBlockingPasswordDelegate {
- public:
-  virtual ~CryptoModuleBlockingPasswordDelegate() {}
-
-  // Requests a password to unlock |slot_name|. The interface is
-  // synchronous because NSS cannot issue an asynchronous
-  // request. |retry| is true if this is a request for the retry
-  // and we previously returned the wrong password.
-  // The implementation should set |*cancelled| to true if the user cancelled
-  // instead of entering a password, otherwise it should return the password the
-  // user entered.
-  virtual std::string RequestPassword(const std::string& slot_name, bool retry,
-                                      bool* cancelled) = 0;
-};
-
-}  // namespace crypto
-
-#endif  // CRYPTO_CRYPTO_MODULE_BLOCKING_PASSWORD_DELEGATE_H_
diff --git a/crypto/nss_crypto_module_delegate.h b/crypto/nss_crypto_module_delegate.h
new file mode 100644
index 0000000..00b2b75
--- /dev/null
+++ b/crypto/nss_crypto_module_delegate.h
@@ -0,0 +1,53 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_
+#define CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_
+
+#include <string>
+
+#include "base/callback_forward.h"
+#include "crypto/scoped_nss_types.h"
+
+namespace crypto {
+
+// PK11_SetPasswordFunc is a global setting.  An implementation of
+// CryptoModuleBlockingPasswordDelegate should be passed using wincx() as the
+// user data argument (|wincx|) to relevant NSS functions, which the global
+// password handler will call to do the actual work. This delegate should only
+// be used in NSS calls on worker threads due to the blocking nature.
+class CryptoModuleBlockingPasswordDelegate {
+ public:
+  virtual ~CryptoModuleBlockingPasswordDelegate() {}
+
+  // Return a value suitable for passing to the |wincx| argument of relevant NSS
+  // functions. This should be used instead of passing the object pointer
+  // directly to avoid accidentally casting a pointer to a subclass to void* and
+  // then casting back to a pointer of the base class
+  void* wincx() { return this; }
+
+  // Requests a password to unlock |slot_name|. The interface is synchronous
+  // because NSS cannot issue an asynchronous request. |retry| is true if this
+  // is a request for the retry and we previously returned the wrong password.
+  // The implementation should set |*cancelled| to true if the user cancelled
+  // instead of entering a password, otherwise it should return the password the
+  // user entered.
+  virtual std::string RequestPassword(const std::string& slot_name, bool retry,
+                                      bool* cancelled) = 0;
+
+};
+
+// Extends CryptoModuleBlockingPasswordDelegate with the ability to return a
+// slot in which to act. (Eg, which slot to store a generated key in.)
+class NSSCryptoModuleDelegate : public CryptoModuleBlockingPasswordDelegate {
+ public:
+  virtual ~NSSCryptoModuleDelegate() {}
+
+  // Get the slot to store the generated key.
+  virtual ScopedPK11Slot RequestSlot() = 0;
+};
+
+}  // namespace crypto
+
+#endif  // CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_
diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc
index 7479585..5b8c6f5 100644
--- a/crypto/nss_util.cc
+++ b/crypto/nss_util.cc
@@ -49,7 +49,7 @@
 // certificate and key databases.
 #if defined(USE_NSS)
 #include "base/synchronization/lock.h"
-#include "crypto/crypto_module_blocking_password_delegate.h"
+#include "crypto/nss_crypto_module_delegate.h"
 #endif  // defined(USE_NSS)
 
 namespace crypto {