Resolve certificate references in ONC by PEM.

chrome/browser/chromeos/policy/network_configuration_updater_impl.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/policy/network_configuration_updater_impl.h"
 
 #include <string>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
@@ skipping 74 matching lines @@
   } else {
     VLOG(2) << "The policy is not set.";
   }
   VLOG(2) << "The policy contains this ONC: " << onc_blob;
 
   base::ListValue network_configs;
   base::ListValue certificates;
   ParseAndValidateOncForImport(
       onc_blob, onc_source, "", &network_configs, &certificates);
 
+  chromeos::CertificateHandler::CertsByGUID imported_server_and_ca_certs;
+  scoped_ptr<net::CertificateList> web_trust_certs(new net::CertificateList);
+  certificate_handler_->ImportCertificates(
+      certificates, onc_source, web_trust_certs.get(),
+      &imported_server_and_ca_certs);
+
+  if (!chromeos::onc::ResolveServerCertRefsInNetworks(
+          imported_server_and_ca_certs, &network_configs)) {
+    LOG(ERROR) << "Some certificate references in the ONC policy for source "
+               << chromeos::onc::GetSourceAsString(onc_source)
+               << " could not be resolved.";
+  }
+
   std::string userhash = onc_source == chromeos::onc::ONC_SOURCE_USER_POLICY ?
       hashed_username_ : std::string();
   chromeos::NetworkHandler::Get()->managed_network_configuration_handler()->
       SetPolicy(onc_source, userhash, network_configs);
 
-  scoped_ptr<net::CertificateList> web_trust_certs(new net::CertificateList);
-  certificate_handler_->ImportCertificates(
-      certificates, onc_source, web_trust_certs.get());
-
   if (onc_source == chromeos::onc::ONC_SOURCE_USER_POLICY)
     SetTrustAnchors(web_trust_certs.Pass());
 }
 
 }  // namespace policy