policy_cert_verifier.h revision 424c4d7b64af9d0d8fd9624f381f469654d5e3d2
1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_ 6#define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_ 7 8#include <vector> 9 10#include "base/basictypes.h" 11#include "base/callback.h" 12#include "base/compiler_specific.h" 13#include "base/memory/ref_counted.h" 14#include "base/memory/scoped_ptr.h" 15#include "net/cert/cert_trust_anchor_provider.h" 16#include "net/cert/cert_verifier.h" 17 18namespace net { 19class X509Certificate; 20typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; 21} 22 23namespace policy { 24 25// Wraps a MultiThreadedCertVerifier to make it use the additional trust anchors 26// configured by the ONC user policy. 27class PolicyCertVerifier : public net::CertVerifier, 28 public net::CertTrustAnchorProvider { 29 public: 30 // This object must be created on the UI thread. It's member functions and 31 // destructor must be called on the IO thread. |anchor_used_callback| is 32 // called on the IO thread everytime a certificate from the additional trust 33 // anchors (set with SetTrustAnchors) is used. 34 explicit PolicyCertVerifier(const base::Closure& anchor_used_callback); 35 virtual ~PolicyCertVerifier(); 36 37 void InitializeOnIOThread(); 38 39 void SetTrustAnchors(const net::CertificateList& trust_anchors); 40 41 // CertVerifier: 42 // Note: |callback| can be null. 43 virtual int Verify(net::X509Certificate* cert, 44 const std::string& hostname, 45 int flags, 46 net::CRLSet* crl_set, 47 net::CertVerifyResult* verify_result, 48 const net::CompletionCallback& callback, 49 RequestHandle* out_req, 50 const net::BoundNetLog& net_log) OVERRIDE; 51 52 virtual void CancelRequest(RequestHandle req) OVERRIDE; 53 54 // CertTrustAnchorProvider: 55 virtual const net::CertificateList& GetAdditionalTrustAnchors() OVERRIDE; 56 57 private: 58 net::CertificateList trust_anchors_; 59 base::Closure anchor_used_callback_; 60 scoped_ptr<CertVerifier> delegate_; 61 62 DISALLOW_COPY_AND_ASSIGN(PolicyCertVerifier); 63}; 64 65} // namespace policy 66 67#endif // CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_ 68