Fix cyclic dependency between ProfilePolicyConnector and PrefService.

chrome/browser/chromeos/policy/network_policy_service.h

+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROMEOS_POLICY_NETWORK_POLICY_SERVICE_H_
+#define CHROME_BROWSER_CHROMEOS_POLICY_NETWORK_POLICY_SERVICE_H_
+
+#include <vector>
+
+#include "base/callback.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/memory/weak_ptr.h"
+#include "components/browser_context_keyed_service/browser_context_keyed_service.h"
+
+class Profile;
+class PrefService;
+
+namespace net {
+class CertTrustAnchorProvider;
+class X509Certificate;
+typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
+}
+
+namespace policy {
+
+class PolicyCertVerifier;
+class PolicyService;
+class UserNetworkConfigurationUpdater;
+
+class NetworkPolicyService : public BrowserContextKeyedService {
+ public:
+  NetworkPolicyService(Profile* profile, PolicyService* policy_service);

[Mattias Nissler (ping if slow), 2013/09/20 12:35:23]

You actually don't need a full profile, please pass a PrefService here.

For background, passing a Profile* makes it easy for people to create cyclic
references between BCKS, which is why I'm advising everybody to pass
dependencies explicitly to the ctor.

[pneubeck (no reviews), 2013/10/15 13:23:11]

Done.

+  virtual ~NetworkPolicyService();
+
+  // Sets the CertVerifier on which the current list of Web trusted server and
+  // CA certificates will be set. Policy updates will trigger further calls to
+  // |cert_verifier| later. |cert_verifier| must be valid until
+  // SetPolicyCertVerifier is called again (with another CertVerifier or NULL)
+  // or until this Connector is destructed. |cert_verifier|'s methods are only
+  // called on the IO thread. This function must be called on the UI thread.
+  void SetPolicyCertVerifier(PolicyCertVerifier* cert_verifier);
+
+  void SetUsedPolicyCertificatesOnce();

[Mattias Nissler (ping if slow), 2013/09/20 12:35:23]

Why is this public?

[pneubeck (no reviews), 2013/10/15 13:23:11]

Done.

+
+  // Returns a callback that should be called if a policy installed certificate
+  // was trusted for the associated profile. The closure can be safely used (on
+  // the UI thread) even after this Connector is destructed.

[Mattias Nissler (ping if slow), 2013/09/20 12:35:23]

I'm still feeling a bit uneasy about the weak ptr here, since it's just a way to
work around a lifetime mismatch problem that's caused elsewhere (i.e. Profile
initialization / shutdown). I think a better way would be for
NetworkPolicyService to generate notifications that NetworkPolicyService can
listen for. That's now very easy with base/callback_registry.h, so you might
want to give that a try.

[pneubeck (no reviews), 2013/09/20 12:39:36]

Who should generate and who should listen? (your comment seems to contain a
typo)

+  base::Closure GetPolicyCertTrustedCallback();
+
+  // Sets |certs| to the list of Web trusted server and CA certificates from the
+  // last received ONC user policy.
+  void GetWebTrustedCertificates(net::CertificateList* certs) const;
+
+  // Returns true if the profile with |user_prefs| has used certificates
+  // installed via policy to establish a secure connection before. This means
+  // that it may have cached content from an untrusted source.
+  bool UsedPolicyCertificates();
+
+  // BrowserContextKeyedService:
+  virtual void Shutdown() OVERRIDE;
+
+ private:
+  PrefService* user_prefs_;
+  scoped_ptr<UserNetworkConfigurationUpdater> network_configuration_updater_;
+  base::WeakPtrFactory<NetworkPolicyService> weak_ptr_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(NetworkPolicyService);
+};
+
+}  // namespace policy
+
+#endif  // CHROME_BROWSER_CHROMEOS_POLICY_NETWORK_POLICY_SERVICE_H_