user_network_configuration_updater.h revision 424c4d7b64af9d0d8fd9624f381f469654d5e3d2
1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_ 6#define CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_ 7 8#include <vector> 9 10#include "base/basictypes.h" 11#include "base/compiler_specific.h" 12#include "base/memory/ref_counted.h" 13#include "base/memory/scoped_ptr.h" 14#include "chrome/browser/chromeos/policy/network_configuration_updater.h" 15 16namespace chromeos { 17class User; 18} 19 20namespace net { 21class X509Certificate; 22typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; 23} 24 25namespace policy { 26 27class PolicyCertVerifier; 28class PolicyService; 29 30// Implements additional special handling of ONC user policies. Namely string 31// expansion with the user's name (or email address, etc.) and handling of "Web" 32// trust of certificates. Web trusted certificates are pushed to the 33// PolicyCertVerifier if set. 34class UserNetworkConfigurationUpdater : public NetworkConfigurationUpdater { 35 public: 36 virtual ~UserNetworkConfigurationUpdater(); 37 38 // Creates an updater that applies the ONC user policy from |policy_service| 39 // for user |user| once the policy service is completely initialized and on 40 // each policy change. Imported certificates, that request it, are only 41 // granted Web trust if |allow_trusted_certs_from_policy| is true. A reference 42 // to |user| is stored. It must outlive the returned updater. 43 static scoped_ptr<UserNetworkConfigurationUpdater> CreateForUserPolicy( 44 bool allow_trusted_certs_from_policy, 45 const chromeos::User& user, 46 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer, 47 PolicyService* policy_service, 48 chromeos::ManagedNetworkConfigurationHandler* network_config_handler); 49 50 // Sets the CertVerifier on which the current list of Web trusted server and 51 // CA certificates will be set. Policy updates will trigger further calls to 52 // |cert_verifier| later. |cert_verifier| must be valid until 53 // SetPolicyCertVerifier is called again (with another CertVerifier or NULL) 54 // or until this Updater is destructed. |cert_verifier|'s methods are only 55 // called on the IO thread. This function must be called on the UI thread. 56 void SetPolicyCertVerifier(PolicyCertVerifier* cert_verifier); 57 58 // Sets |certs| to the list of Web trusted server and CA certificates from the 59 // last received policy. 60 void GetWebTrustedCertificates(net::CertificateList* certs) const; 61 62 private: 63 class CrosTrustAnchorProvider; 64 65 UserNetworkConfigurationUpdater( 66 bool allow_trusted_certs_from_policy, 67 const chromeos::User& user, 68 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer, 69 PolicyService* policy_service, 70 chromeos::ManagedNetworkConfigurationHandler* network_config_handler); 71 72 virtual void ImportCertificates( 73 const base::ListValue& certificates_onc) OVERRIDE; 74 75 virtual void ApplyNetworkPolicy( 76 base::ListValue* network_configs_onc) OVERRIDE; 77 78 // Push |web_trust_certs_| to |cert_verifier_| if necessary. 79 void SetTrustAnchors(); 80 81 // Whether Web trust is allowed or not. Only relevant for user policies. 82 bool allow_trusted_certificates_from_policy_; 83 84 // The user for whom the user policy will be applied. Is NULL if this Updater 85 // is used for device policy. 86 const chromeos::User* user_; 87 88 // Calls to this object are only allowed on the IO Thread. 89 PolicyCertVerifier* cert_verifier_; 90 91 // Contains the certificates of the last import that requested web trust. Must 92 // be empty if Web trust from policy is not allowed. 93 net::CertificateList web_trust_certs_; 94 95 DISALLOW_COPY_AND_ASSIGN(UserNetworkConfigurationUpdater); 96}; 97 98} // namespace policy 99 100#endif // CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_ 101