Use per-user nssdb in onc certificate importer

Instead of always using singleton NSSCertDatabase, pass the database to use as an argument to CertificateImporter::ImportCertificates BUG=315343 Review URL: https://codereview.chromium.org/148183013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@249881 0039d316-1c4b-4281-b951-d872f2087c98
Denger-Network · Feb 8, 2014 · f8f7a4b · f8f7a4b
1 parent 9e84c59
commit f8f7a4b
Show file tree

Hide file tree

Showing 14 changed files with 491 additions and 145 deletions.
diff --git a/chrome/browser/chromeos/policy/browser_policy_connector_chromeos.cc b/chrome/browser/chromeos/policy/browser_policy_connector_chromeos.cc
@@ -152,8 +152,6 @@ void BrowserPolicyConnectorChromeOS::Init(
 
   network_configuration_updater_ =
       DeviceNetworkConfigurationUpdater::CreateForDevicePolicy(
-          scoped_ptr<chromeos::onc::CertificateImporter>(
-              new chromeos::onc::CertificateImporterImpl),
           GetPolicyService(),
           chromeos::NetworkHandler::Get()
               ->managed_network_configuration_handler(),

diff --git a/chrome/browser/chromeos/policy/device_network_configuration_updater.cc b/chrome/browser/chromeos/policy/device_network_configuration_updater.cc
@@ -9,7 +9,6 @@
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chromeos/network/managed_network_configuration_handler.h"
 #include "chromeos/network/network_device_handler.h"
-#include "chromeos/network/onc/onc_certificate_importer.h"
 #include "chromeos/settings/cros_settings_names.h"
 #include "chromeos/settings/cros_settings_provider.h"
 #include "policy/policy_constants.h"
@@ -21,14 +20,12 @@ DeviceNetworkConfigurationUpdater::~DeviceNetworkConfigurationUpdater() {}
 // static
 scoped_ptr<DeviceNetworkConfigurationUpdater>
 DeviceNetworkConfigurationUpdater::CreateForDevicePolicy(
-    scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer,
     PolicyService* policy_service,
     chromeos::ManagedNetworkConfigurationHandler* network_config_handler,
     chromeos::NetworkDeviceHandler* network_device_handler,
     chromeos::CrosSettings* cros_settings) {
   scoped_ptr<DeviceNetworkConfigurationUpdater> updater(
-      new DeviceNetworkConfigurationUpdater(certificate_importer.Pass(),
-                                            policy_service,
+      new DeviceNetworkConfigurationUpdater(policy_service,
                                             network_config_handler,
                                             network_device_handler,
                                             cros_settings));
@@ -37,14 +34,12 @@ DeviceNetworkConfigurationUpdater::CreateForDevicePolicy(
 }
 
 DeviceNetworkConfigurationUpdater::DeviceNetworkConfigurationUpdater(
-    scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer,
     PolicyService* policy_service,
     chromeos::ManagedNetworkConfigurationHandler* network_config_handler,
     chromeos::NetworkDeviceHandler* network_device_handler,
     chromeos::CrosSettings* cros_settings)
     : NetworkConfigurationUpdater(onc::ONC_SOURCE_DEVICE_POLICY,
                                   key::kDeviceOpenNetworkConfiguration,
-                                  certificate_importer.Pass(),
                                   policy_service,
                                   network_config_handler),
       network_device_handler_(network_device_handler),
@@ -67,8 +62,9 @@ void DeviceNetworkConfigurationUpdater::Init() {
 
 void DeviceNetworkConfigurationUpdater::ImportCertificates(
     const base::ListValue& certificates_onc) {
-  certificate_importer_->ImportCertificates(
-      certificates_onc, onc_source_, NULL);
+  // Importing CA and server certs from device policy is not  allowed, while
+  // importing client is not yet supported (as a system-wide PKCS#11 token to
+  // which they should be imported does not exists at the time).
 }
 
 void DeviceNetworkConfigurationUpdater::ApplyNetworkPolicy(

diff --git a/chrome/browser/chromeos/policy/device_network_configuration_updater.h b/chrome/browser/chromeos/policy/device_network_configuration_updater.h
@@ -45,15 +45,13 @@ class DeviceNetworkConfigurationUpdater : public NetworkConfigurationUpdater {
   // once the policy service is completely initialized and on each policy
   // change. The argument objects must outlive the returned updater.
   static scoped_ptr<DeviceNetworkConfigurationUpdater> CreateForDevicePolicy(
-      scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer,
       PolicyService* policy_service,
       chromeos::ManagedNetworkConfigurationHandler* network_config_handler,
       chromeos::NetworkDeviceHandler* network_device_handler,
       chromeos::CrosSettings* cros_settings);
 
  private:
   DeviceNetworkConfigurationUpdater(
-      scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer,
       PolicyService* policy_service,
       chromeos::ManagedNetworkConfigurationHandler* network_config_handler,
       chromeos::NetworkDeviceHandler* network_device_handler,

diff --git a/chrome/browser/chromeos/policy/network_configuration_updater.cc b/chrome/browser/chromeos/policy/network_configuration_updater.cc
@@ -8,7 +8,6 @@
 #include "base/bind_helpers.h"
 #include "base/logging.h"
 #include "base/values.h"
-#include "chromeos/network/onc/onc_certificate_importer.h"
 #include "chromeos/network/onc/onc_utils.h"
 #include "components/policy/core/common/policy_map.h"
 #include "policy/policy_constants.h"
@@ -40,12 +39,10 @@ void NetworkConfigurationUpdater::OnPolicyServiceInitialized(
 NetworkConfigurationUpdater::NetworkConfigurationUpdater(
     onc::ONCSource onc_source,
     std::string policy_key,
-    scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer,
     PolicyService* policy_service,
     chromeos::ManagedNetworkConfigurationHandler* network_config_handler)
     : onc_source_(onc_source),
       network_config_handler_(network_config_handler),
-      certificate_importer_(certificate_importer.Pass()),
       policy_key_(policy_key),
       policy_change_registrar_(policy_service,
                                PolicyNamespace(POLICY_DOMAIN_CHROME,

diff --git a/chrome/browser/chromeos/policy/network_configuration_updater.h b/chrome/browser/chromeos/policy/network_configuration_updater.h
@@ -21,10 +21,6 @@ class Value;
 
 namespace chromeos {
 class ManagedNetworkConfigurationHandler;
-
-namespace onc {
-class CertificateImporter;
-}
 }
 
 namespace policy {
@@ -51,7 +47,6 @@ class NetworkConfigurationUpdater : public PolicyService::Observer {
   NetworkConfigurationUpdater(
       onc::ONCSource onc_source,
       std::string policy_key,
-      scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer,
       PolicyService* policy_service,
       chromeos::ManagedNetworkConfigurationHandler* network_config_handler);
 
@@ -72,8 +67,6 @@ class NetworkConfigurationUpdater : public PolicyService::Observer {
   // Pointer to the global singleton or a test instance.
   chromeos::ManagedNetworkConfigurationHandler* network_config_handler_;
 
-  scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer_;
-
  private:
   // Called if the ONC policy changed.
   void OnPolicyChanged(const base::Value* previous, const base::Value* current);