policy_cert_verifier.h revision 5d1f7b1de12d16ceb2c938c56701a3e8bfa558f7
1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_ 6#define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_ 7 8#include <vector> 9 10#include "base/basictypes.h" 11#include "base/callback.h" 12#include "base/compiler_specific.h" 13#include "base/memory/ref_counted.h" 14#include "base/memory/scoped_ptr.h" 15#include "net/base/completion_callback.h" 16#include "net/cert/cert_trust_anchor_provider.h" 17#include "net/cert/cert_verifier.h" 18 19namespace net { 20class CertVerifyProc; 21class CertVerifyResult; 22class X509Certificate; 23typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; 24} 25 26namespace policy { 27 28// Wraps a MultiThreadedCertVerifier to make it use the additional trust anchors 29// configured by the ONC user policy. 30class PolicyCertVerifier : public net::CertVerifier, 31 public net::CertTrustAnchorProvider { 32 public: 33 // Except for tests, PolicyCertVerifier should only be created by 34 // PolicyCertService, which is the counterpart of this class on the UI thread. 35 // Except of the constructor, all methods and the destructor must be called on 36 // the IO thread. Calls |anchor_used_callback| on the IO thread everytime a 37 // certificate from the additional trust anchors (set with SetTrustAnchors) is 38 // used. 39 explicit PolicyCertVerifier(const base::Closure& anchor_used_callback); 40 virtual ~PolicyCertVerifier(); 41 42 void InitializeOnIOThread( 43 const scoped_refptr<net::CertVerifyProc>& verify_proc); 44 45 // Sets the additional trust anchors. 46 void SetTrustAnchors(const net::CertificateList& trust_anchors); 47 48 // CertVerifier: 49 // Note: |callback| can be null. 50 virtual int Verify(net::X509Certificate* cert, 51 const std::string& hostname, 52 int flags, 53 net::CRLSet* crl_set, 54 net::CertVerifyResult* verify_result, 55 const net::CompletionCallback& callback, 56 RequestHandle* out_req, 57 const net::BoundNetLog& net_log) OVERRIDE; 58 59 virtual void CancelRequest(RequestHandle req) OVERRIDE; 60 61 // CertTrustAnchorProvider: 62 virtual const net::CertificateList& GetAdditionalTrustAnchors() OVERRIDE; 63 64 private: 65 net::CertificateList trust_anchors_; 66 base::Closure anchor_used_callback_; 67 scoped_ptr<CertVerifier> delegate_; 68 69 DISALLOW_COPY_AND_ASSIGN(PolicyCertVerifier); 70}; 71 72} // namespace policy 73 74#endif // CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_ 75