client_cert_resolver.h revision 58537e28ecd584eab876aee8be7156509866d23a 
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_
6#define CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_
7
8#include <string>
9#include <vector>
10
11#include "base/basictypes.h"
12#include "base/memory/ref_counted.h"
13#include "base/memory/scoped_ptr.h"
14#include "base/memory/weak_ptr.h"
15#include "chromeos/cert_loader.h"
16#include "chromeos/chromeos_export.h"
17#include "chromeos/network/network_policy_observer.h"
18#include "chromeos/network/network_state_handler_observer.h"
19
20namespace base {
21class TaskRunner;
22}
23
24namespace chromeos {
25
26class FavoriteState;
27class NetworkStateHandler;
28class ManagedNetworkConfigurationHandler;
29
30// Observes the known networks. If a network is configured with a client
31// certificate pattern, this class searches for a matching client certificate.
32// Each time it finds a match, it configures the network accordingly.
33class CHROMEOS_EXPORT ClientCertResolver : public NetworkStateHandlerObserver,
34                                           public CertLoader::Observer,
35                                           public NetworkPolicyObserver {
36 public:
37  struct NetworkAndMatchingCert;
38
39  ClientCertResolver();
40  virtual ~ClientCertResolver();
41
42  void Init(NetworkStateHandler* network_state_handler,
43            ManagedNetworkConfigurationHandler* managed_network_config_handler);
44
45  // Sets the task runner that any slow calls will be made from, e.g. calls
46  // to the NSS database. If not set, uses base::WorkerPool.
47  void SetSlowTaskRunnerForTest(
48      const scoped_refptr<base::TaskRunner>& task_runner);
49
50 private:
51  typedef std::vector<const FavoriteState*> FavoriteStateList;
52
53   // NetworkStateHandlerObserver overrides
54  virtual void NetworkListChanged() OVERRIDE;
55
56  // CertLoader::Observer overrides
57  virtual void OnCertificatesLoaded(const net::CertificateList& cert_list,
58                                    bool initial_load) OVERRIDE;
59
60  // NetworkPolicyObserver overrides
61  virtual void PolicyApplied(const std::string& service_path) OVERRIDE;
62
63  // Check which networks of |networks| are configured with a client certificate
64  // pattern. Search for certificates, on the worker thread, and configure the
65  // networks for which a matching cert is found (see ConfigureCertificates).
66  void ResolveNetworks(const FavoriteStateList& networks);
67
68  // |matches| contains networks for which a matching certificate was found.
69  // Configures these networks.
70  void ConfigureCertificates(std::vector<NetworkAndMatchingCert>* matches);
71
72  // The set of networks that were checked/resolved in previous passes. These
73  // networks are skipped in the NetworkListChanged notification.
74  std::set<std::string> resolved_networks_;
75
76  // Unowned associated (global or test) instance.
77  NetworkStateHandler* network_state_handler_;
78
79  // Unowned associated (global or test) instance.
80  ManagedNetworkConfigurationHandler* managed_network_config_handler_;
81
82  // TaskRunner for slow tasks.
83  scoped_refptr<base::TaskRunner> slow_task_runner_for_test_;
84
85  base::WeakPtrFactory<ClientCertResolver> weak_ptr_factory_;
86
87  DISALLOW_COPY_AND_ASSIGN(ClientCertResolver);
88};
89
90}  // namespace chromeos
91
92#endif  // CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_
93