Use per-user nssdb in onc certificate importer

chrome/browser/chromeos/login/login_utils.cc

Index: chrome/browser/chromeos/login/login_utils.cc
diff --git a/chrome/browser/chromeos/login/login_utils.cc b/chrome/browser/chromeos/login/login_utils.cc
index cdf7261f9f759b8e9fd0a9ac9cd4c7e849471daa..9d14cc3e82d9d19ebb9e2100f29ea18508c83821 100644
--- a/chrome/browser/chromeos/login/login_utils.cc
+++ b/chrome/browser/chromeos/login/login_utils.cc
@@ -46,6 +46,8 @@
 #include "chrome/browser/chromeos/login/screen_locker.h"
 #include "chrome/browser/chromeos/login/supervised_user_manager.h"
 #include "chrome/browser/chromeos/login/user_manager.h"
+#include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
+#include "chrome/browser/chromeos/policy/user_network_configuration_updater_factory.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/first_run/first_run.h"
@@ -140,7 +142,7 @@ class LoginUtilsImpl
       LoginStatusConsumer* consumer) OVERRIDE;
   virtual void RestoreAuthenticationSession(Profile* profile) OVERRIDE;
   virtual void InitRlzDelayed(Profile* user_profile) OVERRIDE;
-  virtual void StartCertLoader(Profile* user_profile) OVERRIDE;
+  virtual void InitNSSCertDatabaseUsers(Profile* user_profile) OVERRIDE;
 
   // OAuth2LoginManager::Observer overrides.
   virtual void OnSessionRestoreStateChanged(
@@ -204,9 +206,10 @@ class LoginUtilsImpl
   // Initializes RLZ. If |disabled| is true, RLZ pings are disabled.
   void InitRlz(Profile* user_profile, bool disabled);
 
-  // Starts CertLoader with the provided NSS database. It must be called at most
-  // once, and with the primary user's database.
-  void StartCertLoaderWithNSSDB(net::NSSCertDatabase* database);
+  // Starts CertLoader with the provided NSS database and sets the database for
+  // the user's NetworkConfigrationUpdater. It must be called at most once, and
+  // with the primary user's database.
+  void OnNSSCertDatabase(Profile* user_proilfe, net::NSSCertDatabase* database);
 
   // Attempts restarting the browser process and esures that this does
   // not happen while we are still fetching new OAuth refresh tokens.
@@ -595,12 +598,12 @@ void LoginUtilsImpl::FinalizePrepareProfile(Profile* user_profile) {
       content::NotificationService::AllSources(),
       content::Details<Profile>(user_profile));
 
-  // Initialize RLZ and CertLoader only for primary user.
+  // Initialize RLZ, and sets user NSSDB where needed. Both should be done for
+  // the primary user only.
   if (UserManager::Get()->GetPrimaryUser() ==
       UserManager::Get()->GetUserByProfile(user_profile)) {
     InitRlzDelayed(user_profile);
-    if (CertLoader::IsInitialized())
-      StartCertLoader(user_profile);
+    InitNSSCertDatabaseUsers(user_profile);
   }
   // TODO(altimofeev): This pointer should probably never be NULL, but it looks
   // like LoginUtilsImpl::OnProfileCreated() may be getting called before
@@ -653,14 +656,19 @@ void LoginUtilsImpl::InitRlz(Profile* user_profile, bool disabled) {
 #endif
 }
 
-void LoginUtilsImpl::StartCertLoader(Profile* user_profile) {
+void LoginUtilsImpl::InitNSSCertDatabaseUsers(Profile* user_profile) {
   GetNSSCertDatabaseForProfile(
       user_profile,
-      base::Bind(&LoginUtilsImpl::StartCertLoaderWithNSSDB, AsWeakPtr()));
+      base::Bind(&LoginUtilsImpl::OnNSSCertDatabase, AsWeakPtr(),
+                 base::Unretained(user_profile)));
 }
 
-void LoginUtilsImpl::StartCertLoaderWithNSSDB(net::NSSCertDatabase* database) {
-  CertLoader::Get()->StartWithNSSDB(database);
+void LoginUtilsImpl::OnNSSCertDatabase(Profile* user_profile,
+                                       net::NSSCertDatabase* database) {
+  if (CertLoader::IsInitialized())
+    CertLoader::Get()->StartWithNSSDB(database);
+  policy::UserNetworkConfigurationUpdaterFactory::GetForProfile(user_profile)
+      ->SetCertDatabase(database);
 }
 
 void LoginUtilsImpl::CompleteOffTheRecordLogin(const GURL& start_url) {