NSS Cros multiprofile: trust roots added by a profile shouldn't apply to other profiles.

chrome/browser/profiles/profile_io_data.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/profiles/profile_io_data.h"
 
 #include <string>
 
 #include "base/basictypes.h"
 #include "base/bind.h"
@@ skipping 85 matching lines @@
 #include "chrome/browser/chromeos/login/user_manager.h"
 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chromeos/dbus/cryptohome_client.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/settings/cros_settings_names.h"
 #include "crypto/nss_util.h"
 #include "crypto/nss_util_internal.h"
+#include "net/cert/cert_verify_proc_chromeos.h"
+#include "net/cert/multi_threaded_cert_verifier.h"
 #include "net/ssl/client_cert_store_chromeos.h"
 #endif  // defined(OS_CHROMEOS)
 
 #if defined(USE_NSS)
 #include "chrome/browser/ui/crypto_module_delegate_nss.h"
 #include "net/ssl/client_cert_store_nss.h"
 #endif
 
 #if defined(OS_WIN)
 #include "net/ssl/client_cert_store_win.h"
@@ skipping 837 matching lines @@
   extension_info_map_ = profile_params_->extension_info_map;
 
   resource_context_->host_resolver_ = io_thread_globals->host_resolver.get();
   resource_context_->request_context_ = main_request_context_.get();
 
 #if defined(ENABLE_MANAGED_USERS)
   managed_mode_url_filter_ = profile_params_->managed_mode_url_filter;
 #endif
 
 #if defined(OS_CHROMEOS)
+  username_hash_ = profile_params_->username_hash;
+  crypto::ScopedPK11Slot public_slot =
+      crypto::GetPublicSlotForChromeOSUser(username_hash_);
+  // Private slot won't be ready by this point, just pass NULL. It shouldn't be
+  // necessary for cert trust purposes anyway.
+  scoped_refptr<net::CertVerifyProc> verify_proc =
+      new net::CertVerifyProcChromeOS(public_slot.Pass(),
+                                      crypto::ScopedPK11Slot());
   if (cert_verifier_) {
-    cert_verifier_->InitializeOnIOThread();
+    cert_verifier_->InitializeOnIOThread(verify_proc.get());
     main_request_context_->set_cert_verifier(cert_verifier_.get());
   } else {
     main_request_context_->set_cert_verifier(
-        io_thread_globals->cert_verifier.get());
+        new net::MultiThreadedCertVerifier(verify_proc.get()));
   }
-  username_hash_ = profile_params_->username_hash;
 #else
   main_request_context_->set_cert_verifier(
       io_thread_globals->cert_verifier.get());
 #endif
 
   InitializeInternal(profile_params_.get(), protocol_handlers);
 
   profile_params_.reset();
   initialized_ = true;
 }
@@ skipping 142 matching lines @@
 void ProfileIOData::SetCookieSettingsForTesting(
     CookieSettings* cookie_settings) {
   DCHECK(!cookie_settings_.get());
   cookie_settings_ = cookie_settings;
 }
 
 void ProfileIOData::set_signin_names_for_testing(
     SigninNamesOnIOThread* signin_names) {
   signin_names_.reset(signin_names);
 }