user_network_configuration_updater.cc revision 1320f92c476a1ad9d19dba2a48c72b75566198e9
1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" 6 7#include "base/bind.h" 8#include "base/bind_helpers.h" 9#include "base/logging.h" 10#include "base/values.h" 11#include "chrome/browser/chrome_notification_types.h" 12#include "chrome/browser/chromeos/net/onc_utils.h" 13#include "chrome/browser/net/nss_context.h" 14#include "chrome/browser/profiles/profile.h" 15#include "chromeos/network/managed_network_configuration_handler.h" 16#include "chromeos/network/onc/onc_certificate_importer_impl.h" 17#include "components/user_manager/user.h" 18#include "content/public/browser/browser_thread.h" 19#include "content/public/browser/notification_source.h" 20#include "net/cert/x509_certificate.h" 21#include "policy/policy_constants.h" 22 23namespace policy { 24 25UserNetworkConfigurationUpdater::~UserNetworkConfigurationUpdater() {} 26 27// static 28scoped_ptr<UserNetworkConfigurationUpdater> 29UserNetworkConfigurationUpdater::CreateForUserPolicy( 30 Profile* profile, 31 bool allow_trusted_certs_from_policy, 32 const user_manager::User& user, 33 PolicyService* policy_service, 34 chromeos::ManagedNetworkConfigurationHandler* network_config_handler) { 35 scoped_ptr<UserNetworkConfigurationUpdater> updater( 36 new UserNetworkConfigurationUpdater(profile, 37 allow_trusted_certs_from_policy, 38 user, 39 policy_service, 40 network_config_handler)); 41 updater->Init(); 42 return updater.Pass(); 43} 44 45void UserNetworkConfigurationUpdater::AddTrustedCertsObserver( 46 WebTrustedCertsObserver* observer) { 47 observer_list_.AddObserver(observer); 48} 49 50void UserNetworkConfigurationUpdater::RemoveTrustedCertsObserver( 51 WebTrustedCertsObserver* observer) { 52 observer_list_.RemoveObserver(observer); 53} 54 55UserNetworkConfigurationUpdater::UserNetworkConfigurationUpdater( 56 Profile* profile, 57 bool allow_trusted_certs_from_policy, 58 const user_manager::User& user, 59 PolicyService* policy_service, 60 chromeos::ManagedNetworkConfigurationHandler* network_config_handler) 61 : NetworkConfigurationUpdater(onc::ONC_SOURCE_USER_POLICY, 62 key::kOpenNetworkConfiguration, 63 policy_service, 64 network_config_handler), 65 allow_trusted_certificates_from_policy_(allow_trusted_certs_from_policy), 66 user_(&user), 67 weak_factory_(this) { 68 // The updater is created with |certificate_importer_| unset and is 69 // responsible for creating it. This requires |GetNSSCertDatabaseForProfile| 70 // call, which is not safe before the profile initialization is finalized. 71 // Thus, listen for PROFILE_ADDED notification, on which |cert_importer_| 72 // creation should start. 73 registrar_.Add(this, 74 chrome::NOTIFICATION_PROFILE_ADDED, 75 content::Source<Profile>(profile)); 76} 77 78void UserNetworkConfigurationUpdater::SetCertificateImporterForTest( 79 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer) { 80 SetCertificateImporter(certificate_importer.Pass()); 81} 82 83void UserNetworkConfigurationUpdater::GetWebTrustedCertificates( 84 net::CertificateList* certs) const { 85 *certs = web_trust_certs_; 86} 87 88void UserNetworkConfigurationUpdater::OnCertificatesImported( 89 bool /* unused success */, 90 const net::CertificateList& onc_trusted_certificates) { 91 web_trust_certs_.clear(); 92 if (allow_trusted_certificates_from_policy_) 93 web_trust_certs_ = onc_trusted_certificates; 94 NotifyTrustAnchorsChanged(); 95} 96 97void UserNetworkConfigurationUpdater::ImportCertificates( 98 const base::ListValue& certificates_onc) { 99 // If certificate importer is not yet set, cache the certificate onc. It will 100 // be imported when the certificate importer gets set. 101 if (!certificate_importer_) { 102 pending_certificates_onc_.reset(certificates_onc.DeepCopy()); 103 return; 104 } 105 106 certificate_importer_->ImportCertificates( 107 certificates_onc, 108 onc_source_, 109 base::Bind(&UserNetworkConfigurationUpdater::OnCertificatesImported, 110 base::Unretained(this))); 111} 112 113void UserNetworkConfigurationUpdater::ApplyNetworkPolicy( 114 base::ListValue* network_configs_onc, 115 base::DictionaryValue* global_network_config) { 116 DCHECK(user_); 117 chromeos::onc::ExpandStringPlaceholdersInNetworksForUser(user_, 118 network_configs_onc); 119 network_config_handler_->SetPolicy(onc_source_, 120 user_->username_hash(), 121 *network_configs_onc, 122 *global_network_config); 123} 124 125void UserNetworkConfigurationUpdater::Observe( 126 int type, 127 const content::NotificationSource& source, 128 const content::NotificationDetails& details) { 129 DCHECK_EQ(type, chrome::NOTIFICATION_PROFILE_ADDED); 130 Profile* profile = content::Source<Profile>(source).ptr(); 131 132 GetNSSCertDatabaseForProfile( 133 profile, 134 base::Bind( 135 &UserNetworkConfigurationUpdater::CreateAndSetCertificateImporter, 136 weak_factory_.GetWeakPtr())); 137} 138 139void UserNetworkConfigurationUpdater::CreateAndSetCertificateImporter( 140 net::NSSCertDatabase* database) { 141 DCHECK(database); 142 SetCertificateImporter(scoped_ptr<chromeos::onc::CertificateImporter>( 143 new chromeos::onc::CertificateImporterImpl( 144 content::BrowserThread::GetMessageLoopProxyForThread( 145 content::BrowserThread::IO), 146 database))); 147} 148 149void UserNetworkConfigurationUpdater::SetCertificateImporter( 150 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer) { 151 certificate_importer_ = certificate_importer.Pass(); 152 153 if (pending_certificates_onc_) 154 ImportCertificates(*pending_certificates_onc_); 155 pending_certificates_onc_.reset(); 156} 157 158void UserNetworkConfigurationUpdater::NotifyTrustAnchorsChanged() { 159 FOR_EACH_OBSERVER(WebTrustedCertsObserver, 160 observer_list_, 161 OnTrustAnchorsChanged(web_trust_certs_)); 162} 163 164} // namespace policy 165