1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_
6#define CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_
7
8#include <string>
9#include <vector>
10
11#include "base/basictypes.h"
12#include "base/memory/ref_counted.h"
13#include "base/memory/scoped_ptr.h"
14#include "base/memory/weak_ptr.h"
15#include "chromeos/cert_loader.h"
16#include "chromeos/chromeos_export.h"
17#include "chromeos/network/client_cert_util.h"
18#include "chromeos/network/network_policy_observer.h"
19#include "chromeos/network/network_state_handler.h"
20#include "chromeos/network/network_state_handler_observer.h"
21
22namespace base {
23class TaskRunner;
24}
25
26namespace chromeos {
27
28class NetworkState;
29class ManagedNetworkConfigurationHandler;
30
31// Observes the known networks. If a network is configured with a client
32// certificate pattern, this class searches for a matching client certificate.
33// Each time it finds a match, it configures the network accordingly.
34class CHROMEOS_EXPORT ClientCertResolver : public NetworkStateHandlerObserver,
35                                           public CertLoader::Observer,
36                                           public NetworkPolicyObserver {
37 public:
38  struct NetworkAndMatchingCert;
39
40  ClientCertResolver();
41  virtual ~ClientCertResolver();
42
43  void Init(NetworkStateHandler* network_state_handler,
44            ManagedNetworkConfigurationHandler* managed_network_config_handler);
45
46  // Sets the task runner that any slow calls will be made from, e.g. calls
47  // to the NSS database. If not set, uses base::WorkerPool.
48  void SetSlowTaskRunnerForTest(
49      const scoped_refptr<base::TaskRunner>& task_runner);
50
51  // Returns true and sets the Shill properties that have to be configured in
52  // |shill_properties| if the certificate pattern |pattern| could be resolved.
53  // Returns false otherwise and sets empty Shill properties to clear the
54  // certificate configuration.
55  static bool ResolveCertificatePatternSync(
56      const client_cert::ConfigType client_cert_type,
57      const CertificatePattern& pattern,
58      base::DictionaryValue* shill_properties);
59
60 private:
61   // NetworkStateHandlerObserver overrides
62  virtual void NetworkListChanged() OVERRIDE;
63
64  // CertLoader::Observer overrides
65  virtual void OnCertificatesLoaded(const net::CertificateList& cert_list,
66                                    bool initial_load) OVERRIDE;
67
68  // NetworkPolicyObserver overrides
69  virtual void PolicyApplied(const std::string& service_path) OVERRIDE;
70
71  // Check which networks of |networks| are configured with a client certificate
72  // pattern. Search for certificates, on the worker thread, and configure the
73  // networks for which a matching cert is found (see ConfigureCertificates).
74  void ResolveNetworks(const NetworkStateHandler::NetworkStateList& networks);
75
76  // |matches| contains networks for which a matching certificate was found.
77  // Configures these networks.
78  void ConfigureCertificates(std::vector<NetworkAndMatchingCert>* matches);
79
80  // The set of networks that were checked/resolved in previous passes. These
81  // networks are skipped in the NetworkListChanged notification.
82  std::set<std::string> resolved_networks_;
83
84  // Unowned associated (global or test) instance.
85  NetworkStateHandler* network_state_handler_;
86
87  // Unowned associated (global or test) instance.
88  ManagedNetworkConfigurationHandler* managed_network_config_handler_;
89
90  // TaskRunner for slow tasks.
91  scoped_refptr<base::TaskRunner> slow_task_runner_for_test_;
92
93  base::WeakPtrFactory<ClientCertResolver> weak_ptr_factory_;
94
95  DISALLOW_COPY_AND_ASSIGN(ClientCertResolver);
96};
97
98}  // namespace chromeos
99
100#endif  // CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_
101