Handle empty username_hash in ClientCertFilterChromeOS.

The Init() function did never call back if the username_hash was empty, because GetPrivateSlotForChromeOSUser would return a nullptr and InitIfSlotsAvailable returning consistently false.

Now the callback will be called once GetPrivateSlotForChromeOSUser returned.

This change is on purpose kept minimal to allow merging to M40.

BUG=434205

Review URL: https://codereview.chromium.org/802433002

Cr-Commit-Position: refs/heads/master@{#308191}

chrome/browser/chromeos/net/client_cert_filter_chromeos.cc

@@ -16,6 +16,7 @@ ClientCertFilterChromeOS::ClientCertFilterChromeOS(
     : init_called_(false),
       use_system_slot_(use_system_slot),
       username_hash_(username_hash),
+      waiting_for_private_slot_(false),
       weak_ptr_factory_(this) {
 }
 
@@ -26,16 +27,25 @@ bool ClientCertFilterChromeOS::Init(const base::Closure& callback) {
   DCHECK(!init_called_);
   init_called_ = true;
 
+  waiting_for_private_slot_ = true;
+
   if (use_system_slot_) {
     system_slot_ = crypto::GetSystemNSSKeySlot(
                        base::Bind(&ClientCertFilterChromeOS::GotSystemSlot,
                                   weak_ptr_factory_.GetWeakPtr())).Pass();
   }
+
   private_slot_ =
       crypto::GetPrivateSlotForChromeOSUser(
           username_hash_, base::Bind(&ClientCertFilterChromeOS::GotPrivateSlot,
                                      weak_ptr_factory_.GetWeakPtr())).Pass();
 
+  // If the returned slot is null, GotPrivateSlot will be called back
+  // eventually. If it is not null, the private slot was available synchronously
+  // and the callback will not be called.
+  if (private_slot_)
+    waiting_for_private_slot_ = false;
+
   // Do not call back if we initialized synchronously.
   if (InitIfSlotsAvailable())
     return true;
@@ -60,6 +70,7 @@ void ClientCertFilterChromeOS::GotSystemSlot(
 
 void ClientCertFilterChromeOS::GotPrivateSlot(
     crypto::ScopedPK11Slot private_slot) {
+  waiting_for_private_slot_ = false;
   private_slot_ = private_slot.Pass();
   if (InitIfSlotsAvailable() && !init_callback_.is_null()) {
     init_callback_.Run();
@@ -68,7 +79,7 @@ void ClientCertFilterChromeOS::GotPrivateSlot(
 }
 
 bool ClientCertFilterChromeOS::InitIfSlotsAvailable() {
-  if ((use_system_slot_ && !system_slot_) || !private_slot_)
+  if ((use_system_slot_ && !system_slot_) || waiting_for_private_slot_)
     return false;
   nss_profile_filter_.Init(crypto::GetPublicSlotForChromeOSUser(username_hash_),
                            private_slot_.Pass(),

chrome/browser/chromeos/net/client_cert_filter_chromeos.h

@@ -23,6 +23,7 @@ class ClientCertFilterChromeOS
   // The internal NSSProfileFilterChromeOS will be initialized with the public
   // and private slot of the user with |username_hash| and with the system slot
   // if |use_system_slot| is true.
+  // If |username_hash| is empty, no public and no private slot will be used.
   ClientCertFilterChromeOS(bool use_system_slot,
                            const std::string& username_hash);
   ~ClientCertFilterChromeOS() override;
@@ -64,6 +65,11 @@ class ClientCertFilterChromeOS
   // filter is initialized.
   crypto::ScopedPK11Slot private_slot_;
 
+  // If a private slot is requested but the slot, maybe null, is not obtained
+  // yet, this is equal true. As long as this is true, the NSSProfileFilter will
+  // not be initialized.
+  bool waiting_for_private_slot_;
+
   net::NSSProfileFilterChromeOS nss_profile_filter_;
   base::WeakPtrFactory<ClientCertFilterChromeOS> weak_ptr_factory_;
 };