user_network_configuration_updater.cc revision 5f1c94371a64b3196d4be9466099bb892df9b88e
1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" 6 7#include "base/bind.h" 8#include "base/bind_helpers.h" 9#include "base/logging.h" 10#include "base/values.h" 11#include "chrome/browser/chrome_notification_types.h" 12#include "chrome/browser/chromeos/net/onc_utils.h" 13#include "chrome/browser/net/nss_context.h" 14#include "chrome/browser/profiles/profile.h" 15#include "chromeos/network/managed_network_configuration_handler.h" 16#include "chromeos/network/onc/onc_certificate_importer_impl.h" 17#include "components/user_manager/user.h" 18#include "content/public/browser/notification_source.h" 19#include "net/cert/x509_certificate.h" 20#include "policy/policy_constants.h" 21 22namespace policy { 23 24UserNetworkConfigurationUpdater::~UserNetworkConfigurationUpdater() {} 25 26// static 27scoped_ptr<UserNetworkConfigurationUpdater> 28UserNetworkConfigurationUpdater::CreateForUserPolicy( 29 Profile* profile, 30 bool allow_trusted_certs_from_policy, 31 const user_manager::User& user, 32 PolicyService* policy_service, 33 chromeos::ManagedNetworkConfigurationHandler* network_config_handler) { 34 scoped_ptr<UserNetworkConfigurationUpdater> updater( 35 new UserNetworkConfigurationUpdater(profile, 36 allow_trusted_certs_from_policy, 37 user, 38 policy_service, 39 network_config_handler)); 40 updater->Init(); 41 return updater.Pass(); 42} 43 44void UserNetworkConfigurationUpdater::AddTrustedCertsObserver( 45 WebTrustedCertsObserver* observer) { 46 observer_list_.AddObserver(observer); 47} 48 49void UserNetworkConfigurationUpdater::RemoveTrustedCertsObserver( 50 WebTrustedCertsObserver* observer) { 51 observer_list_.RemoveObserver(observer); 52} 53 54UserNetworkConfigurationUpdater::UserNetworkConfigurationUpdater( 55 Profile* profile, 56 bool allow_trusted_certs_from_policy, 57 const user_manager::User& user, 58 PolicyService* policy_service, 59 chromeos::ManagedNetworkConfigurationHandler* network_config_handler) 60 : NetworkConfigurationUpdater(onc::ONC_SOURCE_USER_POLICY, 61 key::kOpenNetworkConfiguration, 62 policy_service, 63 network_config_handler), 64 allow_trusted_certificates_from_policy_(allow_trusted_certs_from_policy), 65 user_(&user), 66 weak_factory_(this) { 67 // The updater is created with |certificate_importer_| unset and is 68 // responsible for creating it. This requires |GetNSSCertDatabaseForProfile| 69 // call, which is not safe before the profile initialization is finalized. 70 // Thus, listen for PROFILE_ADDED notification, on which |cert_importer_| 71 // creation should start. 72 registrar_.Add(this, 73 chrome::NOTIFICATION_PROFILE_ADDED, 74 content::Source<Profile>(profile)); 75} 76 77void UserNetworkConfigurationUpdater::SetCertificateImporterForTest( 78 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer) { 79 SetCertificateImporter(certificate_importer.Pass()); 80} 81 82void UserNetworkConfigurationUpdater::GetWebTrustedCertificates( 83 net::CertificateList* certs) const { 84 *certs = web_trust_certs_; 85} 86 87void UserNetworkConfigurationUpdater::ImportCertificates( 88 const base::ListValue& certificates_onc) { 89 // If certificate importer is not yet set, cache the certificate onc. It will 90 // be imported when the certificate importer gets set. 91 if (!certificate_importer_) { 92 pending_certificates_onc_.reset(certificates_onc.DeepCopy()); 93 return; 94 } 95 96 web_trust_certs_.clear(); 97 certificate_importer_->ImportCertificates( 98 certificates_onc, 99 onc_source_, 100 allow_trusted_certificates_from_policy_ ? &web_trust_certs_ : NULL); 101 102 NotifyTrustAnchorsChanged(); 103} 104 105void UserNetworkConfigurationUpdater::ApplyNetworkPolicy( 106 base::ListValue* network_configs_onc, 107 base::DictionaryValue* global_network_config) { 108 DCHECK(user_); 109 chromeos::onc::ExpandStringPlaceholdersInNetworksForUser(user_, 110 network_configs_onc); 111 network_config_handler_->SetPolicy(onc_source_, 112 user_->username_hash(), 113 *network_configs_onc, 114 *global_network_config); 115} 116 117void UserNetworkConfigurationUpdater::Observe( 118 int type, 119 const content::NotificationSource& source, 120 const content::NotificationDetails& details) { 121 DCHECK_EQ(type, chrome::NOTIFICATION_PROFILE_ADDED); 122 Profile* profile = content::Source<Profile>(source).ptr(); 123 124 GetNSSCertDatabaseForProfile( 125 profile, 126 base::Bind( 127 &UserNetworkConfigurationUpdater::CreateAndSetCertificateImporter, 128 weak_factory_.GetWeakPtr())); 129} 130 131void UserNetworkConfigurationUpdater::CreateAndSetCertificateImporter( 132 net::NSSCertDatabase* database) { 133 DCHECK(database); 134 SetCertificateImporter(scoped_ptr<chromeos::onc::CertificateImporter>( 135 new chromeos::onc::CertificateImporterImpl(database))); 136} 137 138void UserNetworkConfigurationUpdater::SetCertificateImporter( 139 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer) { 140 certificate_importer_ = certificate_importer.Pass(); 141 142 if (pending_certificates_onc_) 143 ImportCertificates(*pending_certificates_onc_); 144 pending_certificates_onc_.reset(); 145} 146 147void UserNetworkConfigurationUpdater::NotifyTrustAnchorsChanged() { 148 FOR_EACH_OBSERVER(WebTrustedCertsObserver, 149 observer_list_, 150 OnTrustAnchorsChanged(web_trust_certs_)); 151} 152 153} // namespace policy 154