| OLD | NEW |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_ | 6 #define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
| 12 #include "base/compiler_specific.h" | 12 #include "base/compiler_specific.h" |
| 13 #include "base/memory/ref_counted.h" | 13 #include "base/memory/ref_counted.h" |
| 14 #include "base/memory/scoped_ptr.h" | 14 #include "base/memory/scoped_ptr.h" |
| 15 #include "base/memory/weak_ptr.h" | 15 #include "base/memory/weak_ptr.h" |
| 16 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" | 16 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" |
| 17 #include "components/keyed_service/core/keyed_service.h" | 17 #include "components/keyed_service/core/keyed_service.h" |
| 18 #include "components/user_manager/user_id.h" |
| 18 | 19 |
| 19 namespace user_manager { | 20 namespace user_manager { |
| 20 class UserManager; | 21 class UserManager; |
| 21 } | 22 } |
| 22 | 23 |
| 23 namespace net { | 24 namespace net { |
| 24 class X509Certificate; | 25 class X509Certificate; |
| 25 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; | 26 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; |
| 26 } | 27 } |
| 27 | 28 |
| 28 namespace policy { | 29 namespace policy { |
| 29 | 30 |
| 30 class PolicyCertVerifier; | 31 class PolicyCertVerifier; |
| 31 | 32 |
| 32 // This service is the counterpart of PolicyCertVerifier on the UI thread. It's | 33 // This service is the counterpart of PolicyCertVerifier on the UI thread. It's |
| 33 // responsible for pushing the current list of trust anchors to the CertVerifier | 34 // responsible for pushing the current list of trust anchors to the CertVerifier |
| 34 // and marking the profile's prefs if any of the trust anchors was used. | 35 // and marking the profile's prefs if any of the trust anchors was used. |
| 35 // Except for unit tests, PolicyCertVerifier should only be created through this | 36 // Except for unit tests, PolicyCertVerifier should only be created through this |
| 36 // class. | 37 // class. |
| 37 class PolicyCertService | 38 class PolicyCertService |
| 38 : public KeyedService, | 39 : public KeyedService, |
| 39 public UserNetworkConfigurationUpdater::WebTrustedCertsObserver { | 40 public UserNetworkConfigurationUpdater::WebTrustedCertsObserver { |
| 40 public: | 41 public: |
| 41 PolicyCertService(const std::string& user_id, | 42 PolicyCertService(const user_manager::UserID& user_id, |
| 42 UserNetworkConfigurationUpdater* net_conf_updater, | 43 UserNetworkConfigurationUpdater* net_conf_updater, |
| 43 user_manager::UserManager* user_manager); | 44 user_manager::UserManager* user_manager); |
| 44 ~PolicyCertService() override; | 45 ~PolicyCertService() override; |
| 45 | 46 |
| 46 // Creates an associated PolicyCertVerifier. The returned object must only be | 47 // Creates an associated PolicyCertVerifier. The returned object must only be |
| 47 // used on the IO thread and must outlive this object. | 48 // used on the IO thread and must outlive this object. |
| 48 scoped_ptr<PolicyCertVerifier> CreatePolicyCertVerifier(); | 49 scoped_ptr<PolicyCertVerifier> CreatePolicyCertVerifier(); |
| 49 | 50 |
| 50 // Returns true if the profile that owns this service has used certificates | 51 // Returns true if the profile that owns this service has used certificates |
| 51 // installed via policy to establish a secure connection before. This means | 52 // installed via policy to establish a secure connection before. This means |
| 52 // that it may have cached content from an untrusted source. | 53 // that it may have cached content from an untrusted source. |
| 53 bool UsedPolicyCertificates() const; | 54 bool UsedPolicyCertificates() const; |
| 54 | 55 |
| 55 bool has_policy_certificates() const { return has_trust_anchors_; } | 56 bool has_policy_certificates() const { return has_trust_anchors_; } |
| 56 | 57 |
| 57 // UserNetworkConfigurationUpdater::WebTrustedCertsObserver: | 58 // UserNetworkConfigurationUpdater::WebTrustedCertsObserver: |
| 58 void OnTrustAnchorsChanged( | 59 void OnTrustAnchorsChanged( |
| 59 const net::CertificateList& trust_anchors) override; | 60 const net::CertificateList& trust_anchors) override; |
| 60 | 61 |
| 61 // KeyedService: | 62 // KeyedService: |
| 62 void Shutdown() override; | 63 void Shutdown() override; |
| 63 | 64 |
| 64 static scoped_ptr<PolicyCertService> CreateForTesting( | 65 static scoped_ptr<PolicyCertService> CreateForTesting( |
| 65 const std::string& user_id, | 66 const user_manager::UserID& user_id, |
| 66 PolicyCertVerifier* verifier, | 67 PolicyCertVerifier* verifier, |
| 67 user_manager::UserManager* user_manager); | 68 user_manager::UserManager* user_manager); |
| 68 | 69 |
| 69 private: | 70 private: |
| 70 PolicyCertService(const std::string& user_id, | 71 PolicyCertService(const user_manager::UserID& user_id, |
| 71 PolicyCertVerifier* verifier, | 72 PolicyCertVerifier* verifier, |
| 72 user_manager::UserManager* user_manager); | 73 user_manager::UserManager* user_manager); |
| 73 | 74 |
| 74 PolicyCertVerifier* cert_verifier_; | 75 PolicyCertVerifier* cert_verifier_; |
| 75 std::string user_id_; | 76 user_manager::UserID user_id_; |
| 76 UserNetworkConfigurationUpdater* net_conf_updater_; | 77 UserNetworkConfigurationUpdater* net_conf_updater_; |
| 77 user_manager::UserManager* user_manager_; | 78 user_manager::UserManager* user_manager_; |
| 78 bool has_trust_anchors_; | 79 bool has_trust_anchors_; |
| 79 | 80 |
| 80 // Weak pointers to handle callbacks from PolicyCertVerifier on the IO thread. | 81 // Weak pointers to handle callbacks from PolicyCertVerifier on the IO thread. |
| 81 // The factory and the created WeakPtrs must only be used on the UI thread. | 82 // The factory and the created WeakPtrs must only be used on the UI thread. |
| 82 base::WeakPtrFactory<PolicyCertService> weak_ptr_factory_; | 83 base::WeakPtrFactory<PolicyCertService> weak_ptr_factory_; |
| 83 | 84 |
| 84 DISALLOW_COPY_AND_ASSIGN(PolicyCertService); | 85 DISALLOW_COPY_AND_ASSIGN(PolicyCertService); |
| 85 }; | 86 }; |
| 86 | 87 |
| 87 } // namespace policy | 88 } // namespace policy |
| 88 | 89 |
| 89 #endif // CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_ | 90 #endif // CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_ |
| OLD | NEW |