Use user specific NSSDatabase in CertLoader.

chrome/browser/chromeos/login/login_utils.cc

Index: chrome/browser/chromeos/login/login_utils.cc
diff --git a/chrome/browser/chromeos/login/login_utils.cc b/chrome/browser/chromeos/login/login_utils.cc
index 57df96531f530a6a7ba8eadc8d30877f4c6d45db..3c49ad1c3dcceb5ff91cc8506a82a9421d7a822b 100644
--- a/chrome/browser/chromeos/login/login_utils.cc
+++ b/chrome/browser/chromeos/login/login_utils.cc
@@ -46,6 +46,7 @@
 #include "chrome/browser/chromeos/login/screen_locker.h"
 #include "chrome/browser/chromeos/login/supervised_user_manager.h"
 #include "chrome/browser/chromeos/login/user_manager.h"
+#include "chrome/browser/chromeos/net/nss_cert_database_factory.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/first_run/first_run.h"
@@ -63,6 +64,7 @@
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/logging_chrome.h"
 #include "chrome/common/pref_names.h"
+#include "chromeos/cert_loader.h"
 #include "chromeos/chromeos_switches.h"
 #include "chromeos/cryptohome/cryptohome_util.h"
 #include "chromeos/dbus/cryptohome_client.h"
@@ -81,6 +83,10 @@
 
 using content::BrowserThread;
 
+namespace net {
+class NSSCertDatabase;
+}
+
 namespace chromeos {
 
 namespace {
@@ -134,6 +140,7 @@ class LoginUtilsImpl
       LoginStatusConsumer* consumer) OVERRIDE;
   virtual void RestoreAuthenticationSession(Profile* profile) OVERRIDE;
   virtual void InitRlzDelayed(Profile* user_profile) OVERRIDE;
+  virtual void StartCertLoader(Profile* user_profile) OVERRIDE;
 
   // OAuth2LoginManager::Observer overrides.
   virtual void OnSessionRestoreStateChanged(
@@ -197,6 +204,10 @@ class LoginUtilsImpl
   // Initializes RLZ. If |disabled| is true, RLZ pings are disabled.
   void InitRlz(Profile* user_profile, bool disabled);
 
+  // Starts CertLoader with the provided NSS database. It must be called at most
+  // once, and with the primary user's database.
+  void StartCertLoaderWithNSSDB(net::NSSCertDatabase* database);
+
   // Attempts restarting the browser process and esures that this does
   // not happen while we are still fetching new OAuth refresh tokens.
   void AttemptRestart(Profile* profile);
@@ -584,10 +595,12 @@ void LoginUtilsImpl::FinalizePrepareProfile(Profile* user_profile) {
       content::NotificationService::AllSources(),
       content::Details<Profile>(user_profile));
 
-  // Initialize RLZ only for primary user.
+  // Initialize RLZ and CertLoader only for primary user.
   if (UserManager::Get()->GetPrimaryUser() ==
       UserManager::Get()->GetUserByProfile(user_profile)) {
     InitRlzDelayed(user_profile);
+    if (CertLoader::IsInitialized())

[Nikita (slow), 2014/01/23 17:15:38]

When CertLoader is initialized?

What happens if it is not initialized at this point?

[tbarzic, 2014/01/23 17:47:56]

It's initialized together with DBusServices on startup (during
ChromeBrowserMainPartsChromeos::PostMainMessageLoopStart;
https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/chr...
)
It should be initialized at this point, unless it's not going to be initialized
at all (e.g. in unit tests).

+      StartCertLoader(user_profile);
   }
   // TODO(altimofeev): This pointer should probably never be NULL, but it looks
   // like LoginUtilsImpl::OnProfileCreated() may be getting called before
@@ -640,6 +653,19 @@ void LoginUtilsImpl::InitRlz(Profile* user_profile, bool disabled) {
 #endif
 }
 
+void LoginUtilsImpl::StartCertLoader(Profile* user_profile) {
+  chromeos::GetNSSCertDatabaseForProfile(
+      user_profile,
+      base::Bind(&LoginUtilsImpl::StartCertLoaderWithNSSDB, AsWeakPtr()));
+}
+
+void LoginUtilsImpl::StartCertLoaderWithNSSDB(net::NSSCertDatabase* database) {
+  if (!CertLoader::IsInitialized())
+    return;

[stevenjb, 2014/01/23 18:17:42]

This is testing in case the callback occurs during shutdown? We should add a
comment to that effect, otherwise it seems redundant.

[tbarzic, 2014/01/23 19:18:37]

I was just about to remove this.

+
+  CertLoader::Get()->StartWithNSSDB(database);
+}
+
 void LoginUtilsImpl::CompleteOffTheRecordLogin(const GURL& start_url) {
   VLOG(1) << "Completing incognito login";