Replace c/b/nss_context by a KeyedService.

chromeos/network/onc/onc_certificate_importer_impl.cc

Index: chromeos/network/onc/onc_certificate_importer_impl.cc
diff --git a/chromeos/network/onc/onc_certificate_importer_impl.cc b/chromeos/network/onc/onc_certificate_importer_impl.cc
index 6403fb41014b4be7283a5cba6deefc79d390f524..2f9554a880a320824f38c54b6a58c3a2538e1a74 100644
--- a/chromeos/network/onc/onc_certificate_importer_impl.cc
+++ b/chromeos/network/onc/onc_certificate_importer_impl.cc
@@ -20,6 +20,7 @@
 #include "base/values.h"
 #include "chromeos/network/network_event_log.h"
 #include "chromeos/network/onc/onc_utils.h"
+#include "components/cert_database/public/cert_database_service_io_part.h"
 #include "components/onc/onc_constants.h"
 #include "crypto/scoped_nss_types.h"
 #include "net/base/crypto_module.h"
@@ -41,15 +42,27 @@ void CallBackOnOriginLoop(
       FROM_HERE, base::Bind(callback, success, onc_trusted_certificates));
 }
 
+void GetNSSCertDatabase(

[stevenjb, 2014/10/29 18:43:51]

This name is a bit confusing, maybe something like 'CallWithCertDatabase'?

[pneubeck (no reviews), 2014/11/05 14:53:36]

Added a comment to clarify. I think the naming scheme is rather common for
asynchronous results.
Done.

+    const base::WeakPtr<cert_database::CertDatabaseServiceIOPart>& cert_db_io,
+    const cert_database::CertDatabaseServiceIOPart::GetCertDBCallback&
+        callback) {
+  if (!cert_db_io) {
+    callback.Run(NULL /* no NSSCertDatabase */);
+    return;
+  }
+  net::NSSCertDatabase* nss_db = cert_db_io->GetNSSCertDatabase(callback);
+  if (nss_db)
+    callback.Run(nss_db);
+}
+
 }  // namespace
 
 CertificateImporterImpl::CertificateImporterImpl(
     const scoped_refptr<base::SequencedTaskRunner>& io_task_runner,
-    net::NSSCertDatabase* target_nssdb)
+    const base::WeakPtr<cert_database::CertDatabaseServiceIOPart>& cert_db_io)
     : io_task_runner_(io_task_runner),
-      target_nssdb_(target_nssdb),
+      cert_db_io_(cert_db_io),
       weak_factory_(this) {
-  CHECK(target_nssdb);
 }
 
 CertificateImporterImpl::~CertificateImporterImpl() {
@@ -74,16 +87,19 @@ void CertificateImporterImpl::ImportCertificates(
                  base::ThreadTaskRunnerHandle::Get(),
                  callback_to_this);
 
-  // This is the actual function that imports the certificates.
-  base::Closure import_certs_callback =
-      base::Bind(&ParseAndStoreCertificates,
-                 source,
-                 callback_on_origin_loop,
-                 base::Owned(certificates.DeepCopy()),
-                 target_nssdb_);
-
-  // The NSSCertDatabase must be accessed on |io_task_runner_|
-  io_task_runner_->PostTask(FROM_HERE, import_certs_callback);
+  // This is the actual function that imports the certificates. This must be
+  // executed when the NSSCertDatabase is available.
+  cert_database::CertDatabaseServiceIOPart::GetCertDBCallback
+      import_certs_callback = base::Bind(&ParseAndStoreCertificates,
+                                         source,
+                                         callback_on_origin_loop,
+                                         base::Owned(certificates.DeepCopy()));
+
+  // The NSSCertDatabase is obtained from |cert_db_io_|, which must be accessed
+  // on |io_task_runner_|
+  io_task_runner_->PostTask(
+      FROM_HERE,
+      base::Bind(&GetNSSCertDatabase, cert_db_io_, import_certs_callback));
 }
 
 // static
@@ -92,9 +108,13 @@ void CertificateImporterImpl::ParseAndStoreCertificates(
     const DoneCallback& done_callback,
     base::ListValue* certificates,
     net::NSSCertDatabase* nssdb) {
+  net::CertificateList onc_trusted_certificates;
+  if (!nssdb) {
+    done_callback.Run(false, onc_trusted_certificates);
+    return;
+  }
   // Web trust is only granted to certificates imported by the user.
   bool allow_trust_imports = source == ::onc::ONC_SOURCE_USER_IMPORT;
-  net::CertificateList onc_trusted_certificates;
   bool success = true;
   for (size_t i = 0; i < certificates->GetSize(); ++i) {
     const base::DictionaryValue* certificate = NULL;