6 files changed, 44 insertions, 39 deletions

diff --git a/content/browser/renderer_host/render_message_filter.cc b/content/browser/renderer_host/render_message_filter.cc
index 224b17c..fc084e1 100644
--- a/content/browser/renderer_host/render_message_filter.cc
+++ b/content/browser/renderer_host/render_message_filter.cc
@@ -989,40 +989,41 @@ void RenderMessageFilter::OnKeygen(uint32 key_size_index,
       return;
   }
 
+  resource_context_->CreateKeygenHandler(
+      key_size_in_bits,
+      challenge_string,
+      url,
+      base::Bind(
+          &RenderMessageFilter::PostKeygenToWorkerThread, this, reply_msg));
+}
+
+void RenderMessageFilter::PostKeygenToWorkerThread(
+    IPC::Message* reply_msg,
+    scoped_ptr<net::KeygenHandler> keygen_handler) {
   VLOG(1) << "Dispatching keygen task to worker pool.";
   // Dispatch to worker pool, so we do not block the IO thread.
   if (!base::WorkerPool::PostTask(
            FROM_HERE,
-           base::Bind(
-               &RenderMessageFilter::OnKeygenOnWorkerThread, this,
-               key_size_in_bits, challenge_string, url, reply_msg),
+           base::Bind(&RenderMessageFilter::OnKeygenOnWorkerThread,
+                      this,
+                      base::Passed(&keygen_handler),
+                      reply_msg),
            true)) {
     NOTREACHED() << "Failed to dispatch keygen task to worker pool";
     ViewHostMsg_Keygen::WriteReplyParams(reply_msg, std::string());
     Send(reply_msg);
-    return;
   }
 }
 
 void RenderMessageFilter::OnKeygenOnWorkerThread(
-    int key_size_in_bits,
-    const std::string& challenge_string,
-    const GURL& url,
+    scoped_ptr<net::KeygenHandler> keygen_handler,
     IPC::Message* reply_msg) {
   DCHECK(reply_msg);
 
   // Generate a signed public key and challenge, then send it back.
-  net::KeygenHandler keygen_handler(key_size_in_bits, challenge_string, url);
-
-#if defined(USE_NSS)
-  // Attach a password delegate so we can authenticate.
-  keygen_handler.set_crypto_module_password_delegate(
-      GetContentClient()->browser()->GetCryptoPasswordDelegate(url));
-#endif  // defined(USE_NSS)
-
   ViewHostMsg_Keygen::WriteReplyParams(
       reply_msg,
-      keygen_handler.GenKeyAndSignChallenge());
+      keygen_handler->GenKeyAndSignChallenge());
   Send(reply_msg);
 }
 
diff --git a/content/browser/renderer_host/render_message_filter.h b/content/browser/renderer_host/render_message_filter.h
index b7ea390..ed879dc 100644
--- a/content/browser/renderer_host/render_message_filter.h
+++ b/content/browser/renderer_host/render_message_filter.h
@@ -62,6 +62,7 @@ struct MediaLogEvent;
 }
 
 namespace net {
+class KeygenHandler;
 class URLRequestContext;
 class URLRequestContextGetter;
 }
@@ -222,11 +223,10 @@ class RenderMessageFilter : public BrowserMessageFilter {
                                     const std::vector<char>& data);
   void OnKeygen(uint32 key_size_index, const std::string& challenge_string,
                 const GURL& url, IPC::Message* reply_msg);
-  void OnKeygenOnWorkerThread(
-      int key_size_in_bits,
-      const std::string& challenge_string,
-      const GURL& url,
-      IPC::Message* reply_msg);
+  void PostKeygenToWorkerThread(IPC::Message* reply_msg,
+                                scoped_ptr<net::KeygenHandler> keygen_handler);
+  void OnKeygenOnWorkerThread(scoped_ptr<net::KeygenHandler> keygen_handler,
+                              IPC::Message* reply_msg);
   void OnMediaLogEvents(const std::vector<media::MediaLogEvent>&);
 
   // Check the policy for getting cookies. Gets the cookies if allowed.
diff --git a/content/browser/resource_context_impl.cc b/content/browser/resource_context_impl.cc
index c2f2207..9561c8d 100644
--- a/content/browser/resource_context_impl.cc
+++ b/content/browser/resource_context_impl.cc
@@ -13,6 +13,7 @@
 #include "content/browser/webui/url_data_manager_backend.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/browser_thread.h"
+#include "net/base/keygen_handler.h"
 #include "net/ssl/client_cert_store.h"
 
 using base::UserDataAdapter;
@@ -63,6 +64,15 @@ scoped_ptr<net::ClientCertStore> ResourceContext::CreateClientCertStore() {
   return scoped_ptr<net::ClientCertStore>();
 }
 
+void ResourceContext::CreateKeygenHandler(
+    uint32 key_size_in_bits,
+    const std::string& challenge_string,
+    const GURL& url,
+    const base::Callback<void(scoped_ptr<net::KeygenHandler>)>& callback) {
+  callback.Run(make_scoped_ptr(
+      new net::KeygenHandler(key_size_in_bits, challenge_string, url)));
+}
+
 ChromeBlobStorageContext* GetChromeBlobStorageContextForResourceContext(
     ResourceContext* resource_context) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
diff --git a/content/public/browser/content_browser_client.cc b/content/public/browser/content_browser_client.cc
index f17b431..acb9fe8 100644
--- a/content/public/browser/content_browser_client.cc
+++ b/content/public/browser/content_browser_client.cc
@@ -298,13 +298,6 @@ const wchar_t* ContentBrowserClient::GetResourceDllName() {
 }
 #endif
 
-#if defined(USE_NSS)
-crypto::CryptoModuleBlockingPasswordDelegate*
-    ContentBrowserClient::GetCryptoPasswordDelegate(const GURL& url) {
-  return NULL;
-}
-#endif
-
 bool ContentBrowserClient::IsPluginAllowedToCallRequestOSFileHandle(
     content::BrowserContext* browser_context,
     const GURL& url) {
diff --git a/content/public/browser/content_browser_client.h b/content/public/browser/content_browser_client.h
index 29e7ef5..8633105 100644
--- a/content/public/browser/content_browser_client.h
+++ b/content/public/browser/content_browser_client.h
@@ -43,9 +43,6 @@ namespace base {
 class DictionaryValue;
 class FilePath;
 }
-namespace crypto {
-class CryptoModuleBlockingPasswordDelegate;
-}
 
 namespace gfx {
 class ImageSkia;
@@ -605,14 +602,6 @@ class CONTENT_EXPORT ContentBrowserClient {
                                 bool* success) {}
 #endif
 
-#if defined(USE_NSS)
-  // Return a delegate to authenticate and unlock |module|.
-  // This is called on a worker thread.
-  virtual
-      crypto::CryptoModuleBlockingPasswordDelegate* GetCryptoPasswordDelegate(
-          const GURL& url);
-#endif
-
   // Returns true if plugin referred to by the url can use
   // pp::FileIO::RequestOSFileHandle.
   virtual bool IsPluginAllowedToCallRequestOSFileHandle(
diff --git a/content/public/browser/resource_context.h b/content/public/browser/resource_context.h
index ba713f6..1308d76 100644
--- a/content/public/browser/resource_context.h
+++ b/content/public/browser/resource_context.h
@@ -5,7 +5,10 @@
 #ifndef CONTENT_PUBLIC_BROWSER_RESOURCE_CONTEXT_H_
 #define CONTENT_PUBLIC_BROWSER_RESOURCE_CONTEXT_H_
 
+#include <string>
+
 #include "base/basictypes.h"
+#include "base/callback.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/supports_user_data.h"
 #include "build/build_config.h"
@@ -20,6 +23,7 @@ class AppCacheService;
 namespace net {
 class ClientCertStore;
 class HostResolver;
+class KeygenHandler;
 class URLRequestContext;
 }
 
@@ -46,6 +50,14 @@ class CONTENT_EXPORT ResourceContext : public base::SupportsUserData {
   // Get platform ClientCertStore. May return NULL.
   virtual scoped_ptr<net::ClientCertStore> CreateClientCertStore();
 
+  // Create a platform KeygenHandler and pass it to |callback|. The |callback|
+  // may be run synchronously.
+  virtual void CreateKeygenHandler(
+      uint32 key_size_in_bits,
+      const std::string& challenge_string,
+      const GURL& url,
+      const base::Callback<void(scoped_ptr<net::KeygenHandler>)>& callback);
+
   // Returns true if microphone access is allowed for |origin|. Used to
   // determine what level of authorization is given to |origin| to access
   // resource metadata.