policy_cert_verifier.h revision f2477e01787aa58f445919b809d89e252beef54f 
1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_
6#define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_
7
8#include <vector>
9
10#include "base/basictypes.h"
11#include "base/callback.h"
12#include "base/compiler_specific.h"
13#include "base/memory/ref_counted.h"
14#include "base/memory/scoped_ptr.h"
15#include "net/base/completion_callback.h"
16#include "net/cert/cert_trust_anchor_provider.h"
17#include "net/cert/cert_verifier.h"
18
19namespace net {
20class CertVerifyResult;
21class X509Certificate;
22typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
23}
24
25namespace policy {
26
27// Wraps a MultiThreadedCertVerifier to make it use the additional trust anchors
28// configured by the ONC user policy.
29class PolicyCertVerifier : public net::CertVerifier,
30                           public net::CertTrustAnchorProvider {
31 public:
32  // Except for tests, PolicyCertVerifier should only be created by
33  // PolicyCertService, which is the counterpart of this class on the UI thread.
34  // Except of the constructor, all methods and the destructor must be called on
35  // the IO thread. Calls |anchor_used_callback| on the IO thread everytime a
36  // certificate from the additional trust anchors (set with SetTrustAnchors) is
37  // used.
38  explicit PolicyCertVerifier(const base::Closure& anchor_used_callback);
39  virtual ~PolicyCertVerifier();
40
41  void InitializeOnIOThread();
42
43  // Sets the additional trust anchors.
44  void SetTrustAnchors(const net::CertificateList& trust_anchors);
45
46  // CertVerifier:
47  // Note: |callback| can be null.
48  virtual int Verify(net::X509Certificate* cert,
49                     const std::string& hostname,
50                     int flags,
51                     net::CRLSet* crl_set,
52                     net::CertVerifyResult* verify_result,
53                     const net::CompletionCallback& callback,
54                     RequestHandle* out_req,
55                     const net::BoundNetLog& net_log) OVERRIDE;
56
57  virtual void CancelRequest(RequestHandle req) OVERRIDE;
58
59  // CertTrustAnchorProvider:
60  virtual const net::CertificateList& GetAdditionalTrustAnchors() OVERRIDE;
61
62 private:
63  net::CertificateList trust_anchors_;
64  base::Closure anchor_used_callback_;
65  scoped_ptr<CertVerifier> delegate_;
66
67  DISALLOW_COPY_AND_ASSIGN(PolicyCertVerifier);
68};
69
70}  // namespace policy
71
72#endif  // CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_
73