policy_cert_verifier.h revision 424c4d7b64af9d0d8fd9624f381f469654d5e3d2 
1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_
6#define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_
7
8#include <vector>
9
10#include "base/basictypes.h"
11#include "base/callback.h"
12#include "base/compiler_specific.h"
13#include "base/memory/ref_counted.h"
14#include "base/memory/scoped_ptr.h"
15#include "net/cert/cert_trust_anchor_provider.h"
16#include "net/cert/cert_verifier.h"
17
18namespace net {
19class X509Certificate;
20typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
21}
22
23namespace policy {
24
25// Wraps a MultiThreadedCertVerifier to make it use the additional trust anchors
26// configured by the ONC user policy.
27class PolicyCertVerifier : public net::CertVerifier,
28                           public net::CertTrustAnchorProvider {
29 public:
30  // This object must be created on the UI thread. It's member functions and
31  // destructor must be called on the IO thread. |anchor_used_callback| is
32  // called on the IO thread everytime a certificate from the additional trust
33  // anchors (set with SetTrustAnchors) is used.
34  explicit PolicyCertVerifier(const base::Closure& anchor_used_callback);
35  virtual ~PolicyCertVerifier();
36
37  void InitializeOnIOThread();
38
39  void SetTrustAnchors(const net::CertificateList& trust_anchors);
40
41  // CertVerifier:
42  // Note: |callback| can be null.
43  virtual int Verify(net::X509Certificate* cert,
44                     const std::string& hostname,
45                     int flags,
46                     net::CRLSet* crl_set,
47                     net::CertVerifyResult* verify_result,
48                     const net::CompletionCallback& callback,
49                     RequestHandle* out_req,
50                     const net::BoundNetLog& net_log) OVERRIDE;
51
52  virtual void CancelRequest(RequestHandle req) OVERRIDE;
53
54  // CertTrustAnchorProvider:
55  virtual const net::CertificateList& GetAdditionalTrustAnchors() OVERRIDE;
56
57 private:
58  net::CertificateList trust_anchors_;
59  base::Closure anchor_used_callback_;
60  scoped_ptr<CertVerifier> delegate_;
61
62  DISALLOW_COPY_AND_ASSIGN(PolicyCertVerifier);
63};
64
65}  // namespace policy
66
67#endif  // CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_
68