Extract certificate policy application from NetworkLibrary.

chrome/browser/chromeos/policy/network_configuration_updater.h

Index: chrome/browser/chromeos/policy/network_configuration_updater.h
diff --git a/chrome/browser/chromeos/policy/network_configuration_updater.h b/chrome/browser/chromeos/policy/network_configuration_updater.h
index 70634255bafe406d005ae718c46f1c476d79dd48..e9bf6f30ac0500c92cf2321b5ee8865a75d0c3aa 100644
--- a/chrome/browser/chromeos/policy/network_configuration_updater.h
+++ b/chrome/browser/chromeos/policy/network_configuration_updater.h
@@ -6,6 +6,8 @@
 #define CHROME_BROWSER_CHROMEOS_POLICY_NETWORK_CONFIGURATION_UPDATER_H_
 
 #include "base/basictypes.h"
+#include "base/memory/scoped_ptr.h"
+#include "net/cert/x509_certificate.h"
 
 namespace net {
 class CertTrustAnchorProvider;
@@ -18,21 +20,20 @@ namespace policy {
 // to Shill.
 class NetworkConfigurationUpdater {
  public:
-  NetworkConfigurationUpdater() {}
-  virtual ~NetworkConfigurationUpdater() {}
+  NetworkConfigurationUpdater();
+  virtual ~NetworkConfigurationUpdater();
 
   // Notifies this updater that the user policy is initialized. Before this
   // function is called, the user policy is not applied. This function may
   // trigger immediate policy applications.
   virtual void OnUserPolicyInitialized() = 0;
 
-  // TODO(pneubeck): Extract the following two certificate related functions
-  // into a separate CertificateUpdater.
-
   // Web trust isn't given to certificates imported from ONC by default. Setting
   // |allow| to true allows giving Web trust to the certificates that
   // request it.
-  virtual void set_allow_trusted_certificates_from_policy(bool allow) = 0;
+  void set_allow_trusted_certificates_from_policy(bool allow) {
+    allow_trusted_certificates_from_policy_ = allow;
+  }
 
   // Returns a CertTrustAnchorProvider that provides the list of server and
   // CA certificates with the Web trust flag set that were retrieved from the
@@ -41,9 +42,19 @@ class NetworkConfigurationUpdater {
   // on the IO thread. It is only valid as long as the
   // NetworkConfigurationUpdater is valid; the NetworkConfigurationUpdater
   // outlives all the profiles, and deletes the provider on the IO thread.
-  virtual net::CertTrustAnchorProvider* GetCertTrustAnchorProvider() = 0;
+  net::CertTrustAnchorProvider* GetCertTrustAnchorProvider();
+
+ protected:
+  void SetTrustAnchors(scoped_ptr<net::CertificateList> web_trust_certs);
 
  private:
+  // Whether Web trust is allowed or not.
+  bool allow_trusted_certificates_from_policy_;
+
+  // An implementation of CertTrustAnchorProvider. Owned by the updater, but

[stevenjb, 2013/04/22 16:53:41]

s/the updater/this class/ (It wasn't immediately clear to me what 'the updater'
referred to).

[pneubeck (no reviews), 2013/04/23 18:05:25]

Done.

+  // lives on the IO thread.

[stevenjb, 2013/04/22 16:53:41]

s/lives/runs (and is deleted)/ (or something more descriptive)

[pneubeck (no reviews), 2013/04/23 18:05:25]

Done.

+  net::CertTrustAnchorProvider* cert_trust_provider_;
+
   DISALLOW_COPY_AND_ASSIGN(NetworkConfigurationUpdater);
 };