Extract certificate policy application from NetworkLibrary.

chrome/browser/chromeos/policy/network_configuration_updater.cc

Index: chrome/browser/chromeos/policy/network_configuration_updater.cc
diff --git a/chrome/browser/chromeos/policy/network_configuration_updater.cc b/chrome/browser/chromeos/policy/network_configuration_updater.cc
index 057a0c2494b8fa74c183078a9f9faa529ca0ea31..ab7aedc573a057904647708e116dbd2f1b9a6576 100644
--- a/chrome/browser/chromeos/policy/network_configuration_updater.cc
+++ b/chrome/browser/chromeos/policy/network_configuration_updater.cc
@@ -2,14 +2,75 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "base/command_line.h"
 #include "chrome/browser/chromeos/policy/network_configuration_updater.h"
+#include "chrome/common/chrome_switches.h"
+#include "chromeos/network/onc/onc_constants.h"
+#include "content/public/browser/browser_thread.h"
+#include "net/cert/cert_trust_anchor_provider.h"
+
+using content::BrowserThread;
 
 namespace policy {
 
-NetworkConfigurationUpdater::NetworkConfigurationUpdater() {
+namespace {
+
+// A simple implementation of net::CertTrustAnchorProvider that returns a list
+// of certificates that can be set by the owner of this object.
+class CrosTrustAnchorProvider : public net::CertTrustAnchorProvider {

[Joao da Silva, 2013/04/22 10:38:09]

Just a comment: once we have the ProfilePolicyConnector then we can move this
object there, and remove this class.

[pneubeck (no reviews), 2013/04/23 18:05:25]

Done.

+ public:
+  CrosTrustAnchorProvider() {}
+  virtual ~CrosTrustAnchorProvider() {}
+
+  // CertTrustAnchorProvider overrides.
+  virtual const net::CertificateList& GetAdditionalTrustAnchors() OVERRIDE {
+    DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+    return trust_anchors_;
+  }
+
+  void SetTrustAnchors(scoped_ptr<net::CertificateList> trust_anchors) {
+    DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+    trust_anchors_.swap(*trust_anchors);

[stevenjb, 2013/04/22 16:53:41]

Mixing scoped_ptr and direct pointer operations (swap) is confusing. I think
this would be more clear if trust_anchors_ were a scoped_ptr.

[pneubeck (no reviews), 2013/04/23 18:05:25]

@Joao, you added that code. Any comment?

[Joao da Silva, 2013/04/24 09:21:14]

trust_anchors_ as a scoped_ptr SGTM.

+  }
+
+ private:
+  net::CertificateList trust_anchors_;
+
+  DISALLOW_COPY_AND_ASSIGN(CrosTrustAnchorProvider);
+};
+
+}  // namespace
+
+NetworkConfigurationUpdater::NetworkConfigurationUpdater()
+    : allow_trusted_certificates_from_policy_(false),
+      cert_trust_provider_(new CrosTrustAnchorProvider()) {
 }
 
 NetworkConfigurationUpdater::~NetworkConfigurationUpdater() {
+  bool posted = BrowserThread::DeleteSoon(
+      BrowserThread::IO, FROM_HERE, cert_trust_provider_);
+  if (!posted)
+    delete cert_trust_provider_;
+}
+
+net::CertTrustAnchorProvider*
+NetworkConfigurationUpdater::GetCertTrustAnchorProvider() {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  return cert_trust_provider_;
+}
+
+void NetworkConfigurationUpdater::SetTrustAnchors(
+    scoped_ptr<net::CertificateList> web_trust_certs) {
+  CommandLine* command_line = CommandLine::ForCurrentProcess();
+  if (allow_trusted_certificates_from_policy_ &&
+      command_line->HasSwitch(switches::kEnableWebTrustCerts)) {
+    BrowserThread::PostTask(
+        BrowserThread::IO, FROM_HERE,
+        base::Bind(&CrosTrustAnchorProvider::SetTrustAnchors,
+                   base::Unretained(static_cast<CrosTrustAnchorProvider*>(
+                       cert_trust_provider_)),
+                   base::Passed(&web_trust_certs)));
+  }
 }
 
 }  // namespace policy