1f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved. 2f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// found in the LICENSE file. 4f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 5f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_ 6f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_ 7f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 85d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include <string> 9f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include <vector> 10f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 11f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/basictypes.h" 12f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/compiler_specific.h" 13f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/memory/ref_counted.h" 14f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/memory/scoped_ptr.h" 15f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/memory/weak_ptr.h" 16f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" 17a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "components/keyed_service/core/keyed_service.h" 18f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 196e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)namespace user_manager { 205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)class UserManager; 215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 22f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 23f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)namespace net { 24f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)class X509Certificate; 25f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; 26f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)} 27f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 28f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)namespace policy { 29f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 30f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)class PolicyCertVerifier; 31f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 32f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// This service is the counterpart of PolicyCertVerifier on the UI thread. It's 33f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// responsible for pushing the current list of trust anchors to the CertVerifier 34f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// and marking the profile's prefs if any of the trust anchors was used. 35f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Except for unit tests, PolicyCertVerifier should only be created through this 36f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// class. 37f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)class PolicyCertService 38a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) : public KeyedService, 39f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) public UserNetworkConfigurationUpdater::WebTrustedCertsObserver { 40f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) public: 415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) PolicyCertService(const std::string& user_id, 425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) UserNetworkConfigurationUpdater* net_conf_updater, 436e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) user_manager::UserManager* user_manager); 44f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) virtual ~PolicyCertService(); 45f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 46f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Creates an associated PolicyCertVerifier. The returned object must only be 47f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // used on the IO thread and must outlive this object. 48f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) scoped_ptr<PolicyCertVerifier> CreatePolicyCertVerifier(); 49f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Returns true if the profile that owns this service has used certificates 51f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // installed via policy to establish a secure connection before. This means 52f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // that it may have cached content from an untrusted source. 53f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) bool UsedPolicyCertificates() const; 54f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) bool has_policy_certificates() const { return has_trust_anchors_; } 565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 57f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // UserNetworkConfigurationUpdater::WebTrustedCertsObserver: 58f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) virtual void OnTrustAnchorsChanged(const net::CertificateList& trust_anchors) 59f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) OVERRIDE; 60f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 61a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // KeyedService: 62f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) virtual void Shutdown() OVERRIDE; 63f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 645d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) static scoped_ptr<PolicyCertService> CreateForTesting( 655d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const std::string& user_id, 665d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) PolicyCertVerifier* verifier, 676e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) user_manager::UserManager* user_manager); 685d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 69f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) private: 705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) PolicyCertService(const std::string& user_id, 715d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) PolicyCertVerifier* verifier, 726e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) user_manager::UserManager* user_manager); 73f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 74f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) PolicyCertVerifier* cert_verifier_; 755d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string user_id_; 76f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) UserNetworkConfigurationUpdater* net_conf_updater_; 776e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) user_manager::UserManager* user_manager_; 785d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) bool has_trust_anchors_; 79f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 80f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Weak pointers to handle callbacks from PolicyCertVerifier on the IO thread. 81f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // The factory and the created WeakPtrs must only be used on the UI thread. 82f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) base::WeakPtrFactory<PolicyCertService> weak_ptr_factory_; 83f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 84f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(PolicyCertService); 85f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)}; 86f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 87f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)} // namespace policy 88f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 89f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#endif // CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_ 90