user_network_configuration_updater.cc revision 424c4d7b64af9d0d8fd9624f381f469654d5e3d2 
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
6
7#include "base/bind.h"
8#include "base/bind_helpers.h"
9#include "base/logging.h"
10#include "chrome/browser/chromeos/login/user.h"
11#include "chrome/browser/chromeos/net/onc_utils.h"
12#include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
13#include "chromeos/network/managed_network_configuration_handler.h"
14#include "chromeos/network/onc/onc_certificate_importer.h"
15#include "content/public/browser/browser_thread.h"
16#include "net/cert/x509_certificate.h"
17#include "policy/policy_constants.h"
18
19namespace policy {
20
21UserNetworkConfigurationUpdater::~UserNetworkConfigurationUpdater() {}
22
23// static
24scoped_ptr<UserNetworkConfigurationUpdater>
25UserNetworkConfigurationUpdater::CreateForUserPolicy(
26    bool allow_trusted_certs_from_policy,
27    const chromeos::User& user,
28    scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer,
29    PolicyService* policy_service,
30    chromeos::ManagedNetworkConfigurationHandler* network_config_handler) {
31  scoped_ptr<UserNetworkConfigurationUpdater> updater(
32      new UserNetworkConfigurationUpdater(allow_trusted_certs_from_policy,
33                                          user,
34                                          certificate_importer.Pass(),
35                                          policy_service,
36                                          network_config_handler));
37  updater->Init();
38  return updater.Pass();
39}
40
41UserNetworkConfigurationUpdater::UserNetworkConfigurationUpdater(
42    bool allow_trusted_certs_from_policy,
43    const chromeos::User& user,
44    scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer,
45    PolicyService* policy_service,
46    chromeos::ManagedNetworkConfigurationHandler* network_config_handler)
47    : NetworkConfigurationUpdater(chromeos::onc::ONC_SOURCE_USER_POLICY,
48                                  key::kOpenNetworkConfiguration,
49                                  certificate_importer.Pass(),
50                                  policy_service,
51                                  network_config_handler),
52      allow_trusted_certificates_from_policy_(allow_trusted_certs_from_policy),
53      user_(&user),
54      cert_verifier_(NULL) {}
55
56void UserNetworkConfigurationUpdater::SetPolicyCertVerifier(
57    PolicyCertVerifier* cert_verifier) {
58  cert_verifier_ = cert_verifier;
59  SetTrustAnchors();
60}
61
62void UserNetworkConfigurationUpdater::GetWebTrustedCertificates(
63    net::CertificateList* certs) const {
64  *certs = web_trust_certs_;
65}
66
67void UserNetworkConfigurationUpdater::ImportCertificates(
68    const base::ListValue& certificates_onc) {
69  web_trust_certs_.clear();
70  certificate_importer_->ImportCertificates(
71      certificates_onc,
72      onc_source_,
73      allow_trusted_certificates_from_policy_ ? &web_trust_certs_ : NULL);
74
75  SetTrustAnchors();
76}
77
78void UserNetworkConfigurationUpdater::ApplyNetworkPolicy(
79    base::ListValue* network_configs_onc) {
80  DCHECK(user_);
81  chromeos::onc::ExpandStringPlaceholdersInNetworksForUser(user_,
82                                                           network_configs_onc);
83  network_config_handler_->SetPolicy(
84      onc_source_, user_->username_hash(), *network_configs_onc);
85}
86
87void UserNetworkConfigurationUpdater::SetTrustAnchors() {
88  if (!cert_verifier_)
89    return;
90  content::BrowserThread::PostTask(
91      content::BrowserThread::IO,
92      FROM_HERE,
93      base::Bind(&PolicyCertVerifier::SetTrustAnchors,
94                 base::Unretained(cert_verifier_),
95                 web_trust_certs_));
96}
97
98}  // namespace policy
99