Fix cyclic dependency between ProfilePolicyConnector and PrefService.

chrome/browser/chromeos/policy/network_policy_service.cc

+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/policy/network_policy_service.h"
+
+#include "base/bind.h"
+#include "base/prefs/pref_service.h"
+#include "chrome/browser/browser_process.h"
+#include "chrome/browser/chromeos/login/user.h"
+#include "chrome/browser/chromeos/login/user_manager.h"
+#include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/browser/policy/browser_policy_connector.h"
+#include "chrome/common/pref_names.h"
+#include "chromeos/network/network_handler.h"
+#include "chromeos/network/onc/onc_certificate_importer_impl.h"
+
+namespace policy {
+
+NetworkPolicyService::~NetworkPolicyService() {}
+
+NetworkPolicyService::NetworkPolicyService(Profile* profile,
+                                           PolicyService* policy_service)
+    : user_prefs_(profile->GetPrefs()), weak_ptr_factory_(this) {

[Joao da Silva, 2013/09/20 13:00:01]

Pass the Prefs in the ctor directly

[pneubeck (no reviews), 2013/10/15 13:23:11]

Done.

+  if (chromeos::ProfileHelper::IsSigninProfile(profile))
+    return;

[Joao da Silva, 2013/09/20 13:00:01]

How about doing this check at the factory, and not creating the service at all
for the signin profile?

[pneubeck (no reviews), 2013/10/15 13:23:11]

Done.

+  chromeos::UserManager* user_manager = chromeos::UserManager::Get();
+  chromeos::User* user = user_manager->GetActiveUser();
+  CHECK(user);
+  std::string username = user->email();
+  bool is_primary_user =
+      chromeos::UserManager::Get()->GetLoggedInUsers().size() == 1;
+  if (!is_primary_user)
+    return;

[Joao da Silva, 2013/09/20 13:00:01]

Move this to the factory as well?

That would mean that this service can sometimes be NULL, which I think is a good
thing; if a Profile can't have injected certs then this shouldn't exist.

The callback for the PolicyCertVerifier of Profiles that don't have this should
just CHECK, since they should never use trust anchors.

[pneubeck (no reviews), 2013/10/15 13:23:11]

Done. But instead, I stopped creating PolicyCertVerifier in cases where it's
unused. In that case the callback is never passed...

+
+  BrowserPolicyConnector* connector =
+      g_browser_process->browser_policy_connector();
+  bool allow_trusted_certs_from_policy = false;
+  // Allow trusted certs from policy only for managed regular accounts.
+  const bool is_managed =
+      connector->GetUserAffiliation(username) == USER_AFFILIATION_MANAGED;
+  if (is_managed && user->GetType() == chromeos::User::USER_TYPE_REGULAR)
+    allow_trusted_certs_from_policy = true;
+
+  // A reference to |user| is stored by the NetworkConfigurationUpdater until
+  // the Updater is destructed during Shutdown.
+  network_configuration_updater_ =
+      UserNetworkConfigurationUpdater::CreateForUserPolicy(
+          allow_trusted_certs_from_policy,
+          *user,
+          scoped_ptr<chromeos::onc::CertificateImporter>(
+              new chromeos::onc::CertificateImporterImpl),
+          policy_service,
+          chromeos::NetworkHandler::Get()
+              ->managed_network_configuration_handler());
+}
+
+void NetworkPolicyService::SetPolicyCertVerifier(
+    PolicyCertVerifier* cert_verifier) {
+  if (network_configuration_updater_)
+    network_configuration_updater_->SetPolicyCertVerifier(cert_verifier);
+}
+
+base::Closure NetworkPolicyService::GetPolicyCertTrustedCallback() {
+  return base::Bind(&NetworkPolicyService::SetUsedPolicyCertificatesOnce,
+                    weak_ptr_factory_.GetWeakPtr());
+}
+
+void NetworkPolicyService::GetWebTrustedCertificates(
+    net::CertificateList* certs) const {
+  certs->clear();
+  if (network_configuration_updater_)
+    network_configuration_updater_->GetWebTrustedCertificates(certs);
+}
+
+bool NetworkPolicyService::UsedPolicyCertificates() {
+  return user_prefs_->GetBoolean(prefs::kUsedPolicyCertificatesOnce);
+}
+
+void NetworkPolicyService::SetUsedPolicyCertificatesOnce() {
+  user_prefs_->SetBoolean(prefs::kUsedPolicyCertificatesOnce, true);
+}
+
+void NetworkPolicyService::Shutdown() {
+  network_configuration_updater_.reset();

[Joao da Silva, 2013/09/20 13:00:01]

weak_ptr_factory_.InvalidateWeakPtrs()?

[pneubeck (no reviews), 2013/10/15 13:23:11]

Done.

+}
+
+}  // namespace policy