Prevent ONC-pushed certificates from being used with multiprofiles.

chrome/browser/chromeos/policy/policy_cert_service.h

Index: chrome/browser/chromeos/policy/policy_cert_service.h
diff --git a/chrome/browser/chromeos/policy/policy_cert_service.h b/chrome/browser/chromeos/policy/policy_cert_service.h
index a32040f255f29084b300a85c10a6956c49e6d2f1..0d20d9829aa24bc1f7147e8b023394a520204471 100644
--- a/chrome/browser/chromeos/policy/policy_cert_service.h
+++ b/chrome/browser/chromeos/policy/policy_cert_service.h
@@ -5,6 +5,7 @@
 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_
 #define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_
 
+#include <string>
 #include <vector>
 
 #include "base/basictypes.h"
@@ -15,7 +16,9 @@
 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
 #include "components/browser_context_keyed_service/browser_context_keyed_service.h"
 
-class PrefService;
+namespace chromeos {
+class UserManager;
+}
 
 namespace net {
 class X509Certificate;
@@ -36,7 +39,8 @@ class PolicyCertService
       public UserNetworkConfigurationUpdater::WebTrustedCertsObserver {
  public:
   PolicyCertService(UserNetworkConfigurationUpdater* net_conf_updater,
-                    PrefService* user_prefs);
+                    const std::string& user_id,

[pneubeck (no reviews), 2013/12/17 15:25:31]

nit: const parameters should be first.

[Joao da Silva, 2013/12/17 16:36:41]

Done.

+                    chromeos::UserManager* user_manager);
   virtual ~PolicyCertService();
 
   // Creates an associated PolicyCertVerifier. The returned object must only be
@@ -48,6 +52,11 @@ class PolicyCertService
   // that it may have cached content from an untrusted source.
   bool UsedPolicyCertificates() const;
 
+  // Returns true if the profile has used certificates installed via policy
+  // before, or if it currently has certificates installed via policy but
+  // hasn't used them yet.
+  bool IsTainted() const;

[pneubeck (no reviews), 2013/12/17 15:25:31]

the function name doesn't fit / hides details behind a vague name.
if there's not better name, maybe instead make a HasTrustAnchors() and move the
|| to the call-side.

[Joao da Silva, 2013/12/17 16:36:41]

Done.

+
   // UserNetworkConfigurationUpdater::WebTrustedCertsObserver:
   virtual void OnTrustAnchorsChanged(const net::CertificateList& trust_anchors)
       OVERRIDE;
@@ -56,11 +65,11 @@ class PolicyCertService
   virtual void Shutdown() OVERRIDE;
 
  private:
-  void SetUsedPolicyCertificatesOnce();
-
   PolicyCertVerifier* cert_verifier_;
   UserNetworkConfigurationUpdater* net_conf_updater_;
-  PrefService* user_prefs_;
+  std::string user_id_;
+  chromeos::UserManager* user_manager_;
+  bool has_trust_anchors_;
 
   // Weak pointers to handle callbacks from PolicyCertVerifier on the IO thread.
   // The factory and the created WeakPtrs must only be used on the UI thread.