Extract certificate policy application from NetworkLibrary.

chromeos/network/certificate_handler.cc

Index: chromeos/network/certificate_handler.cc
diff --git a/chromeos/network/certificate_handler.cc b/chromeos/network/certificate_handler.cc
new file mode 100644
index 0000000000000000000000000000000000000000..6138b5dcaf0f201d7455759dcf06f5e6ca6cb54d
--- /dev/null
+++ b/chromeos/network/certificate_handler.cc
@@ -0,0 +1,66 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chromeos/network/certificate_handler.h"
+
+#include "base/values.h"
+#include "chromeos/network/onc/onc_certificate_importer.h"
+#include "chromeos/network/onc/onc_utils.h"
+
+namespace chromeos {
+
+namespace {
+CertificateHandler* g_certificate_handler_instance = NULL;

[Joao da Silva, 2013/04/22 10:38:09]

I generally singletons with static getters.

The CertificateHandler class doesn't have any state, so it could just be created
wherever it's used i.e. the NetworkConfigurationUpdater classes could get an
owned instance (scoped_ptr<CertificateHandler>) to use, so that tests can inject
the mock. Net internals UI can just create an instance when it needs one.

If the class grows in the future then the global instance could be owned by the
BrowserPolicyConnector or a similar class.

[stevenjb, 2013/04/22 16:53:41]

I tend to agree. This is a useful model for classes with external dependencies
where construction and destruction order matters, but is overkill here and
should be avoided. It seems like and instance of this can just be owned by the
class(es) that use it.

[pneubeck (no reviews), 2013/04/22 18:15:50]

Agree. This class was meant for several certificate tasks that require permanent
lifetime, but I can as well wait adding it until required.

FYI, in the future this class shall keep track
- of networks with CertificatePatterns, find matching Certificates and send them
to Shill.
  (notified by ManagedNetworkConfigurationHandler)
- of new / removal of certificates
  (notified by some certificate database)
- of certificate expiration
...

Certificate policies may (as in this patch) or may not be routed through this
class.

+}
+
+// static
+void CertificateHandler::Initialize() {
+  CHECK(!g_certificate_handler_instance);
+  g_certificate_handler_instance = new CertificateHandler;
+}
+
+// static
+bool CertificateHandler::IsInitialized() {
+  return g_certificate_handler_instance;
+}
+
+// static
+void CertificateHandler::Shutdown() {
+  CHECK(g_certificate_handler_instance);
+  delete g_certificate_handler_instance;
+  g_certificate_handler_instance = NULL;
+}
+
+// static
+CertificateHandler* CertificateHandler::Get() {
+  CHECK(g_certificate_handler_instance);
+  return g_certificate_handler_instance;
+}
+
+CertificateHandler::CertificateHandler() {
+}
+
+CertificateHandler::~CertificateHandler() {
+}
+
+bool CertificateHandler::ImportCertificates(
+    const base::ListValue& certificates,
+    onc::ONCSource source,
+    net::CertificateList* onc_trusted_certificates) {
+  VLOG(2) << "ONC file has " << certificates.GetSize() << " certificates";
+
+  // Web trust is only granted to certificates imported by the user.
+  bool allow_trust_imports = source == onc::ONC_SOURCE_USER_IMPORT;
+  onc::CertificateImporter cert_importer(allow_trust_imports);
+  if (cert_importer.ParseAndStoreCertificates(
+          certificates, onc_trusted_certificates) !=
+      onc::CertificateImporter::IMPORT_OK) {
+    LOG(ERROR) << "Cannot parse some of the certificates in the ONC from "
+               << onc::GetSourceAsString(source);
+    return false;
+  }
+  return true;
+}
+
+}  // namespace chromeos