1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_ 6#define CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_ 7 8#include <string> 9#include <vector> 10 11#include "base/basictypes.h" 12#include "base/memory/ref_counted.h" 13#include "base/memory/scoped_ptr.h" 14#include "base/memory/weak_ptr.h" 15#include "chromeos/cert_loader.h" 16#include "chromeos/chromeos_export.h" 17#include "chromeos/network/client_cert_util.h" 18#include "chromeos/network/network_policy_observer.h" 19#include "chromeos/network/network_state_handler.h" 20#include "chromeos/network/network_state_handler_observer.h" 21 22namespace base { 23class TaskRunner; 24} 25 26namespace chromeos { 27 28class NetworkState; 29class ManagedNetworkConfigurationHandler; 30 31// Observes the known networks. If a network is configured with a client 32// certificate pattern, this class searches for a matching client certificate. 33// Each time it finds a match, it configures the network accordingly. 34class CHROMEOS_EXPORT ClientCertResolver : public NetworkStateHandlerObserver, 35 public CertLoader::Observer, 36 public NetworkPolicyObserver { 37 public: 38 struct NetworkAndMatchingCert; 39 40 ClientCertResolver(); 41 virtual ~ClientCertResolver(); 42 43 void Init(NetworkStateHandler* network_state_handler, 44 ManagedNetworkConfigurationHandler* managed_network_config_handler); 45 46 // Sets the task runner that any slow calls will be made from, e.g. calls 47 // to the NSS database. If not set, uses base::WorkerPool. 48 void SetSlowTaskRunnerForTest( 49 const scoped_refptr<base::TaskRunner>& task_runner); 50 51 // Returns true and sets the Shill properties that have to be configured in 52 // |shill_properties| if the certificate pattern |pattern| could be resolved. 53 // Returns false otherwise and sets empty Shill properties to clear the 54 // certificate configuration. 55 static bool ResolveCertificatePatternSync( 56 const client_cert::ConfigType client_cert_type, 57 const CertificatePattern& pattern, 58 base::DictionaryValue* shill_properties); 59 60 private: 61 // NetworkStateHandlerObserver overrides 62 virtual void NetworkListChanged() OVERRIDE; 63 64 // CertLoader::Observer overrides 65 virtual void OnCertificatesLoaded(const net::CertificateList& cert_list, 66 bool initial_load) OVERRIDE; 67 68 // NetworkPolicyObserver overrides 69 virtual void PolicyApplied(const std::string& service_path) OVERRIDE; 70 71 // Check which networks of |networks| are configured with a client certificate 72 // pattern. Search for certificates, on the worker thread, and configure the 73 // networks for which a matching cert is found (see ConfigureCertificates). 74 void ResolveNetworks(const NetworkStateHandler::NetworkStateList& networks); 75 76 // |matches| contains networks for which a matching certificate was found. 77 // Configures these networks. 78 void ConfigureCertificates(std::vector<NetworkAndMatchingCert>* matches); 79 80 // The set of networks that were checked/resolved in previous passes. These 81 // networks are skipped in the NetworkListChanged notification. 82 std::set<std::string> resolved_networks_; 83 84 // Unowned associated (global or test) instance. 85 NetworkStateHandler* network_state_handler_; 86 87 // Unowned associated (global or test) instance. 88 ManagedNetworkConfigurationHandler* managed_network_config_handler_; 89 90 // TaskRunner for slow tasks. 91 scoped_refptr<base::TaskRunner> slow_task_runner_for_test_; 92 93 base::WeakPtrFactory<ClientCertResolver> weak_ptr_factory_; 94 95 DISALLOW_COPY_AND_ASSIGN(ClientCertResolver); 96}; 97 98} // namespace chromeos 99 100#endif // CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_ 101