policy_cert_service.h revision 5d1f7b1de12d16ceb2c938c56701a3e8bfa558f7 
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_
6#define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_
7
8#include <string>
9#include <vector>
10
11#include "base/basictypes.h"
12#include "base/compiler_specific.h"
13#include "base/memory/ref_counted.h"
14#include "base/memory/scoped_ptr.h"
15#include "base/memory/weak_ptr.h"
16#include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
17#include "components/browser_context_keyed_service/browser_context_keyed_service.h"
18
19namespace chromeos {
20class UserManager;
21}
22
23namespace net {
24class X509Certificate;
25typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
26}
27
28namespace policy {
29
30class PolicyCertVerifier;
31
32// This service is the counterpart of PolicyCertVerifier on the UI thread. It's
33// responsible for pushing the current list of trust anchors to the CertVerifier
34// and marking the profile's prefs if any of the trust anchors was used.
35// Except for unit tests, PolicyCertVerifier should only be created through this
36// class.
37class PolicyCertService
38    : public BrowserContextKeyedService,
39      public UserNetworkConfigurationUpdater::WebTrustedCertsObserver {
40 public:
41  PolicyCertService(const std::string& user_id,
42                    UserNetworkConfigurationUpdater* net_conf_updater,
43                    chromeos::UserManager* user_manager);
44  virtual ~PolicyCertService();
45
46  // Creates an associated PolicyCertVerifier. The returned object must only be
47  // used on the IO thread and must outlive this object.
48  scoped_ptr<PolicyCertVerifier> CreatePolicyCertVerifier();
49
50  // Returns true if the profile that owns this service has used certificates
51  // installed via policy to establish a secure connection before. This means
52  // that it may have cached content from an untrusted source.
53  bool UsedPolicyCertificates() const;
54
55  bool has_policy_certificates() const { return has_trust_anchors_; }
56
57  // UserNetworkConfigurationUpdater::WebTrustedCertsObserver:
58  virtual void OnTrustAnchorsChanged(const net::CertificateList& trust_anchors)
59      OVERRIDE;
60
61  // BrowserContextKeyedService:
62  virtual void Shutdown() OVERRIDE;
63
64  static scoped_ptr<PolicyCertService> CreateForTesting(
65      const std::string& user_id,
66      PolicyCertVerifier* verifier,
67      chromeos::UserManager* user_manager);
68
69 private:
70  PolicyCertService(const std::string& user_id,
71                    PolicyCertVerifier* verifier,
72                    chromeos::UserManager* user_manager);
73
74  PolicyCertVerifier* cert_verifier_;
75  std::string user_id_;
76  UserNetworkConfigurationUpdater* net_conf_updater_;
77  chromeos::UserManager* user_manager_;
78  bool has_trust_anchors_;
79
80  // Weak pointers to handle callbacks from PolicyCertVerifier on the IO thread.
81  // The factory and the created WeakPtrs must only be used on the UI thread.
82  base::WeakPtrFactory<PolicyCertService> weak_ptr_factory_;
83
84  DISALLOW_COPY_AND_ASSIGN(PolicyCertService);
85};
86
87}  // namespace policy
88
89#endif  // CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_
90