Extract certificate policy application from NetworkLibrary.

chrome/browser/chromeos/policy/network_configuration_updater_impl.cc

Index: chrome/browser/chromeos/policy/network_configuration_updater_impl.cc
diff --git a/chrome/browser/chromeos/policy/network_configuration_updater_impl.cc b/chrome/browser/chromeos/policy/network_configuration_updater_impl.cc
index 72d21269be80a81a2fb86a28b23816283b3ecaaa..0674f00cd06aff4d9c741a18051f18782985e0e1 100644
--- a/chrome/browser/chromeos/policy/network_configuration_updater_impl.cc
+++ b/chrome/browser/chromeos/policy/network_configuration_updater_impl.cc
@@ -10,6 +10,7 @@
 #include "base/bind_helpers.h"
 #include "base/debug/stack_trace.h"
 #include "chrome/browser/policy/policy_map.h"
+#include "chromeos/network/certificate_handler.h"
 #include "chromeos/network/managed_network_configuration_handler.h"
 #include "chromeos/network/onc/onc_utils.h"
 #include "policy/policy_constants.h"
@@ -17,11 +18,15 @@
 namespace policy {
 
 NetworkConfigurationUpdaterImpl::NetworkConfigurationUpdaterImpl(
-    PolicyService* policy_service)
+    PolicyService* policy_service,
+    chromeos::ManagedNetworkConfigurationHandler* network_config_handler,
+    chromeos::CertificateHandler* certificate_handler)
     : user_policy_initialized_(false),
       policy_change_registrar_(
           policy_service, PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())),
-      policy_service_(policy_service) {
+      policy_service_(policy_service),
+      network_config_handler_(network_config_handler),
+      certificate_handler_(certificate_handler) {
   policy_change_registrar_.Observe(
       key::kDeviceOpenNetworkConfiguration,
       base::Bind(&NetworkConfigurationUpdaterImpl::OnPolicyChanged,
@@ -45,11 +50,6 @@ void NetworkConfigurationUpdaterImpl::OnUserPolicyInitialized() {
   ApplyNetworkConfiguration(chromeos::onc::ONC_SOURCE_USER_POLICY);
 }
 
-net::CertTrustAnchorProvider*
-NetworkConfigurationUpdaterImpl::GetCertTrustAnchorProvider() {
-  return NULL;
-}
-
 void NetworkConfigurationUpdaterImpl::OnPolicyChanged(
     chromeos::onc::ONCSource onc_source,
     const base::Value* previous,
@@ -85,19 +85,22 @@ void NetworkConfigurationUpdaterImpl::ApplyNetworkConfiguration(
   }
   VLOG(2) << "The policy contains this ONC: " << onc_blob;
 
-  if (onc_blob.empty())
-    onc_blob = chromeos::onc::kEmptyUnencryptedConfiguration;
+  scoped_ptr<base::ListValue> network_configs;
+  scoped_ptr<base::ListValue> certificates;
+  ParseAndValidateOncForImport(
+      onc_blob, onc_source, "", &network_configs, &certificates);
 
-  scoped_ptr<base::DictionaryValue> onc_dict =
-      chromeos::onc::ReadDictionaryFromJson(onc_blob);
-  if (!onc_dict) {
-    LOG(ERROR) << "ONC loaded from policy " << policy_key
-               << " is not a valid JSON dictionary.";
-    return;
+  if (network_configs)
+    network_config_handler_->SetPolicy(onc_source, *network_configs);
+
+  scoped_ptr<net::CertificateList> web_trust_certs(new net::CertificateList);
+  if (certificates) {
+    certificate_handler_->ImportCertificates(
+        *certificates, onc_source, web_trust_certs.get());
   }
 
-  chromeos::ManagedNetworkConfigurationHandler::Get()->SetPolicy(onc_source,
-                                                                 *onc_dict);
+  if (onc_source == chromeos::onc::ONC_SOURCE_USER_POLICY)
+    SetTrustAnchors(web_trust_certs.Pass());
 }
 
 }  // namespace policy