Use per-user nssdb in onc certificate importer

chrome/browser/chromeos/login/login_utils.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/login_utils.h"
 
 #include <algorithm>
 #include <set>
 #include <vector>
 
@@ skipping 28 matching lines @@
 #include "chrome/browser/chromeos/login/chrome_restart_request.h"
 #include "chrome/browser/chromeos/login/input_events_blocker.h"
 #include "chrome/browser/chromeos/login/login_display_host.h"
 #include "chrome/browser/chromeos/login/oauth2_login_manager.h"
 #include "chrome/browser/chromeos/login/oauth2_login_manager_factory.h"
 #include "chrome/browser/chromeos/login/parallel_authenticator.h"
 #include "chrome/browser/chromeos/login/profile_auth_data.h"
 #include "chrome/browser/chromeos/login/screen_locker.h"
 #include "chrome/browser/chromeos/login/supervised_user_manager.h"
 #include "chrome/browser/chromeos/login/user_manager.h"
+#include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
+#include "chrome/browser/chromeos/policy/user_network_configuration_updater_factory.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/first_run/first_run.h"
 #include "chrome/browser/google/google_util_chromeos.h"
 #include "chrome/browser/lifetime/application_lifetime.h"
 #include "chrome/browser/net/nss_context.h"
 #include "chrome/browser/pref_service_flags_storage.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/rlz/rlz.h"
@@ skipping 74 matching lines @@
       bool has_cookies,
       bool has_active_session,
       LoginUtils::Delegate* delegate) OVERRIDE;
   virtual void DelegateDeleted(LoginUtils::Delegate* delegate) OVERRIDE;
   virtual void CompleteOffTheRecordLogin(const GURL& start_url) OVERRIDE;
   virtual void SetFirstLoginPrefs(PrefService* prefs) OVERRIDE;
   virtual scoped_refptr<Authenticator> CreateAuthenticator(
       LoginStatusConsumer* consumer) OVERRIDE;
   virtual void RestoreAuthenticationSession(Profile* profile) OVERRIDE;
   virtual void InitRlzDelayed(Profile* user_profile) OVERRIDE;
-  virtual void StartCertLoader(Profile* user_profile) OVERRIDE;
+  virtual void InitNSSCertDatabaseUsers(Profile* user_profile) OVERRIDE;
 
   // OAuth2LoginManager::Observer overrides.
   virtual void OnSessionRestoreStateChanged(
       Profile* user_profile,
       OAuth2LoginManager::SessionRestoreState state) OVERRIDE;
   virtual void OnNewRefreshTokenAvaiable(Profile* user_profile) OVERRIDE;
 
   // net::NetworkChangeNotifier::ConnectionTypeObserver overrides.
   virtual void OnConnectionTypeChanged(
       net::NetworkChangeNotifier::ConnectionType type) OVERRIDE;
@@ skipping 43 matching lines @@
   // OAuthLoginManager.
   void InitSessionRestoreStrategy();
 
   // Restores GAIA auth cookies for the created user profile from OAuth2 token.
   void RestoreAuthSession(Profile* user_profile,
                           bool restore_from_auth_cookies);
 
   // Initializes RLZ. If |disabled| is true, RLZ pings are disabled.
   void InitRlz(Profile* user_profile, bool disabled);
 
-  // Starts CertLoader with the provided NSS database. It must be called at most
-  // once, and with the primary user's database.
-  void StartCertLoaderWithNSSDB(net::NSSCertDatabase* database);
+  // Starts CertLoader with the provided NSS database and sets the database for
+  // the user's NetworkConfigrationUpdater. It must be called at most once, and
+  // with the primary user's database.
+  void OnNSSCertDatabase(Profile* user_proilfe, net::NSSCertDatabase* database);
 
   // Attempts restarting the browser process and esures that this does
   // not happen while we are still fetching new OAuth refresh tokens.
   void AttemptRestart(Profile* profile);
 
   UserContext user_context_;
 
   // True if the authentication profile's cookie jar should contain
   // authentication cookies from the authentication extension log in flow.
   bool has_web_auth_cookies_;
@@ skipping 368 matching lines @@
 
   user_profile->OnLogin();
 
   // Send the notification before creating the browser so additional objects
   // that need the profile (e.g. the launcher) can be created first.
   content::NotificationService::current()->Notify(
       chrome::NOTIFICATION_LOGIN_USER_PROFILE_PREPARED,
       content::NotificationService::AllSources(),
       content::Details<Profile>(user_profile));
 
-  // Initialize RLZ and CertLoader only for primary user.
+  // Initialize RLZ, and sets user NSSDB where needed. Both should be done for
+  // the primary user only.
   if (UserManager::Get()->GetPrimaryUser() ==
       UserManager::Get()->GetUserByProfile(user_profile)) {
     InitRlzDelayed(user_profile);
-    if (CertLoader::IsInitialized())
-      StartCertLoader(user_profile);
+    InitNSSCertDatabaseUsers(user_profile);
   }
   // TODO(altimofeev): This pointer should probably never be NULL, but it looks
   // like LoginUtilsImpl::OnProfileCreated() may be getting called before
   // LoginUtilsImpl::PrepareProfile() has set |delegate_| when Chrome is killed
   // during shutdown in tests -- see http://crosbug.com/18269.  Replace this
   // 'if' statement with a CHECK(delegate_) once the underlying issue is
   // resolved.
   if (delegate_)
     delegate_->OnProfilePrepared(user_profile);
 }
@@ skipping 32 matching lines @@
   // Negative ping delay means to send ping immediately after a first search is
   // recorded.
   RLZTracker::InitRlzFromProfileDelayed(
       user_profile, UserManager::Get()->IsCurrentUserNew(),
       ping_delay < 0, base::TimeDelta::FromMilliseconds(abs(ping_delay)));
   if (delegate_)
     delegate_->OnRlzInitialized(user_profile);
 #endif
 }
 
-void LoginUtilsImpl::StartCertLoader(Profile* user_profile) {
+void LoginUtilsImpl::InitNSSCertDatabaseUsers(Profile* user_profile) {
   GetNSSCertDatabaseForProfile(
       user_profile,
-      base::Bind(&LoginUtilsImpl::StartCertLoaderWithNSSDB, AsWeakPtr()));
+      base::Bind(&LoginUtilsImpl::OnNSSCertDatabase, AsWeakPtr(),
+                 base::Unretained(user_profile)));
 }
 
-void LoginUtilsImpl::StartCertLoaderWithNSSDB(net::NSSCertDatabase* database) {
-  CertLoader::Get()->StartWithNSSDB(database);
+void LoginUtilsImpl::OnNSSCertDatabase(Profile* user_profile,
+                                       net::NSSCertDatabase* database) {
+  if (CertLoader::IsInitialized())
+    CertLoader::Get()->StartWithNSSDB(database);
+  policy::UserNetworkConfigurationUpdaterFactory::GetForProfile(user_profile)
+      ->SetCertDatabase(database);
 }
 
 void LoginUtilsImpl::CompleteOffTheRecordLogin(const GURL& start_url) {
   VLOG(1) << "Completing incognito login";
 
   // For guest session we ask session manager to restart Chrome with --bwsi
   // flag. We keep only some of the arguments of this process.
   const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess();
   CommandLine command_line(browser_command_line.GetProgram());
   std::string cmd_line_str = GetOffTheRecordCommandLine(start_url,
@@ skipping 227 matching lines @@
 
   CrosSettings* cros_settings = CrosSettings::Get();
   bool allow_new_user = false;
   cros_settings->GetBoolean(kAccountsPrefAllowNewUser, &allow_new_user);
   if (allow_new_user)
     return true;
   return cros_settings->FindEmailInList(kAccountsPrefUsers, username);
 }
 
 }  // namespace chromeos