Use per-user nssdb in onc certificate importer

chrome/browser/chromeos/policy/network_configuration_updater.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_NETWORK_CONFIGURATION_UPDATER_H_
 #define CHROME_BROWSER_CHROMEOS_POLICY_NETWORK_CONFIGURATION_UPDATER_H_
 
 #include <string>
 
 #include "base/basictypes.h"
 #include "base/compiler_specific.h"
 #include "base/memory/scoped_ptr.h"
 #include "components/onc/onc_constants.h"
 #include "components/policy/core/common/policy_service.h"
 
 namespace base {
 class DictionaryValue;
 class ListValue;
 class Value;
 }
 
 namespace chromeos {
 class ManagedNetworkConfigurationHandler;
 
 namespace onc {
 class CertificateImporter;
 }
 }
 
+namespace net {
+class NSSCertDatabase;
+}
+
 namespace policy {
 
 class PolicyMap;
 
 // Implements the common part of tracking a OpenNetworkConfiguration device or
 // user policy. Pushes the network configs to the
 // ManagedNetworkConfigurationHandler, which in turn writes configurations to
 // Shill. Certificates are imported with the chromeos::onc::CertificateImporter.
 // For user policies the subclass UserNetworkConfigurationUpdater must be used.
 // Does not handle proxy settings.
 class NetworkConfigurationUpdater : public PolicyService::Observer {
  public:
   virtual ~NetworkConfigurationUpdater();
 
   // PolicyService::Observer overrides
   virtual void OnPolicyUpdated(const PolicyNamespace& ns,
                                const PolicyMap& previous,
                                const PolicyMap& current) OVERRIDE;
   virtual void OnPolicyServiceInitialized(PolicyDomain domain) OVERRIDE;
 
+  // Sets the database that should be used for importing certificates. It
+  // reapplies the policy if policy service is already initialized.
+  void SetCertDatabase(net::NSSCertDatabase* cert_database);
+
  protected:
   NetworkConfigurationUpdater(
       onc::ONCSource onc_source,
       std::string policy_key,
       scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer,
       PolicyService* policy_service,
       chromeos::ManagedNetworkConfigurationHandler* network_config_handler);
 
   virtual void Init();
 
   // Imports the certificates part of the policy.
-  virtual void ImportCertificates(const base::ListValue& certificates_onc) = 0;
+  virtual void ImportCertificates(const base::ListValue& certificates_onc,
+                                  net::NSSCertDatabase* target_nssdb) = 0;
 
   // Pushes the network part of the policy to the
   // ManagedNetworkConfigurationHandler. This can be overridden by subclasses to
   // modify |network_configs_onc| before the actual application.
   virtual void ApplyNetworkPolicy(
       base::ListValue* network_configs_onc,
       base::DictionaryValue* global_network_config) = 0;
 
   onc::ONCSource onc_source_;
 
@@ skipping 12 matching lines @@
   std::string LogHeader() const;
 
   std::string policy_key_;
 
   // Used to register for notifications from the |policy_service_|.
   PolicyChangeRegistrar policy_change_registrar_;
 
   // Used to retrieve the policies.
   PolicyService* policy_service_;
 
+  // Certificate database to which certificates specified in policy should be
+  // imported. If not set, |ImportCertificates| will not be called during
+  // |ApplyPolicy|.
+  net::NSSCertDatabase* cert_database_;
+
   DISALLOW_COPY_AND_ASSIGN(NetworkConfigurationUpdater);
 };
 
 }  // namespace policy
 
 #endif  // CHROME_BROWSER_CHROMEOS_POLICY_NETWORK_CONFIGURATION_UPDATER_H_