user_network_configuration_updater.h revision f2477e01787aa58f445919b809d89e252beef54f
1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_ 6#define CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_ 7 8#include <vector> 9 10#include "base/basictypes.h" 11#include "base/compiler_specific.h" 12#include "base/memory/ref_counted.h" 13#include "base/memory/scoped_ptr.h" 14#include "base/observer_list.h" 15#include "chrome/browser/chromeos/policy/network_configuration_updater.h" 16#include "components/browser_context_keyed_service/browser_context_keyed_service.h" 17 18namespace chromeos { 19class User; 20} 21 22namespace net { 23class X509Certificate; 24typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; 25} 26 27namespace policy { 28 29class PolicyService; 30 31// Implements additional special handling of ONC user policies. Namely string 32// expansion with the user's name (or email address, etc.) and handling of "Web" 33// trust of certificates. 34class UserNetworkConfigurationUpdater : public NetworkConfigurationUpdater, 35 public BrowserContextKeyedService { 36 public: 37 class WebTrustedCertsObserver { 38 public: 39 // Is called everytime the list of imported certificates with Web trust is 40 // changed. 41 virtual void OnTrustAnchorsChanged( 42 const net::CertificateList& trust_anchors) = 0; 43 }; 44 45 virtual ~UserNetworkConfigurationUpdater(); 46 47 // Creates an updater that applies the ONC user policy from |policy_service| 48 // for user |user| once the policy service is completely initialized and on 49 // each policy change. Imported certificates, that request it, are only 50 // granted Web trust if |allow_trusted_certs_from_policy| is true. A reference 51 // to |user| is stored. It must outlive the returned updater. 52 static scoped_ptr<UserNetworkConfigurationUpdater> CreateForUserPolicy( 53 bool allow_trusted_certs_from_policy, 54 const chromeos::User& user, 55 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer, 56 PolicyService* policy_service, 57 chromeos::ManagedNetworkConfigurationHandler* network_config_handler); 58 59 void AddTrustedCertsObserver(WebTrustedCertsObserver* observer); 60 void RemoveTrustedCertsObserver(WebTrustedCertsObserver* observer); 61 62 // Sets |certs| to the list of Web trusted server and CA certificates from the 63 // last received policy. 64 void GetWebTrustedCertificates(net::CertificateList* certs) const; 65 66 private: 67 class CrosTrustAnchorProvider; 68 69 UserNetworkConfigurationUpdater( 70 bool allow_trusted_certs_from_policy, 71 const chromeos::User& user, 72 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer, 73 PolicyService* policy_service, 74 chromeos::ManagedNetworkConfigurationHandler* network_config_handler); 75 76 virtual void ImportCertificates( 77 const base::ListValue& certificates_onc) OVERRIDE; 78 79 virtual void ApplyNetworkPolicy( 80 base::ListValue* network_configs_onc, 81 base::DictionaryValue* global_network_config) OVERRIDE; 82 83 void NotifyTrustAnchorsChanged(); 84 85 // Whether Web trust is allowed or not. Only relevant for user policies. 86 bool allow_trusted_certificates_from_policy_; 87 88 // The user for whom the user policy will be applied. Is NULL if this Updater 89 // is used for device policy. 90 const chromeos::User* user_; 91 92 ObserverList<WebTrustedCertsObserver, true> observer_list_; 93 94 // Contains the certificates of the last import that requested web trust. Must 95 // be empty if Web trust from policy is not allowed. 96 net::CertificateList web_trust_certs_; 97 98 DISALLOW_COPY_AND_ASSIGN(UserNetworkConfigurationUpdater); 99}; 100 101} // namespace policy 102 103#endif // CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_ 104