policy_cert_verifier.h revision f2477e01787aa58f445919b809d89e252beef54f
1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_ 6#define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_ 7 8#include <vector> 9 10#include "base/basictypes.h" 11#include "base/callback.h" 12#include "base/compiler_specific.h" 13#include "base/memory/ref_counted.h" 14#include "base/memory/scoped_ptr.h" 15#include "net/base/completion_callback.h" 16#include "net/cert/cert_trust_anchor_provider.h" 17#include "net/cert/cert_verifier.h" 18 19namespace net { 20class CertVerifyResult; 21class X509Certificate; 22typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; 23} 24 25namespace policy { 26 27// Wraps a MultiThreadedCertVerifier to make it use the additional trust anchors 28// configured by the ONC user policy. 29class PolicyCertVerifier : public net::CertVerifier, 30 public net::CertTrustAnchorProvider { 31 public: 32 // Except for tests, PolicyCertVerifier should only be created by 33 // PolicyCertService, which is the counterpart of this class on the UI thread. 34 // Except of the constructor, all methods and the destructor must be called on 35 // the IO thread. Calls |anchor_used_callback| on the IO thread everytime a 36 // certificate from the additional trust anchors (set with SetTrustAnchors) is 37 // used. 38 explicit PolicyCertVerifier(const base::Closure& anchor_used_callback); 39 virtual ~PolicyCertVerifier(); 40 41 void InitializeOnIOThread(); 42 43 // Sets the additional trust anchors. 44 void SetTrustAnchors(const net::CertificateList& trust_anchors); 45 46 // CertVerifier: 47 // Note: |callback| can be null. 48 virtual int Verify(net::X509Certificate* cert, 49 const std::string& hostname, 50 int flags, 51 net::CRLSet* crl_set, 52 net::CertVerifyResult* verify_result, 53 const net::CompletionCallback& callback, 54 RequestHandle* out_req, 55 const net::BoundNetLog& net_log) OVERRIDE; 56 57 virtual void CancelRequest(RequestHandle req) OVERRIDE; 58 59 // CertTrustAnchorProvider: 60 virtual const net::CertificateList& GetAdditionalTrustAnchors() OVERRIDE; 61 62 private: 63 net::CertificateList trust_anchors_; 64 base::Closure anchor_used_callback_; 65 scoped_ptr<CertVerifier> delegate_; 66 67 DISALLOW_COPY_AND_ASSIGN(PolicyCertVerifier); 68}; 69 70} // namespace policy 71 72#endif // CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_ 73