Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(273)

Side by Side Diff: chrome/browser/chromeos/policy/network_configuration_updater.h

Issue 13035003: Added a PolicyCertVerifier that uses the trust anchors from the ONC policies. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Addressed comments Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_NETWORK_CONFIGURATION_UPDATER_H_ 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_NETWORK_CONFIGURATION_UPDATER_H_
6 #define CHROME_BROWSER_CHROMEOS_POLICY_NETWORK_CONFIGURATION_UPDATER_H_ 6 #define CHROME_BROWSER_CHROMEOS_POLICY_NETWORK_CONFIGURATION_UPDATER_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "chrome/browser/chromeos/cros/network_constants.h" 10 #include "chrome/browser/chromeos/cros/network_constants.h"
11 #include "chrome/browser/chromeos/cros/network_library.h" 11 #include "chrome/browser/chromeos/cros/network_library.h"
12 #include "chrome/browser/chromeos/cros/network_ui_data.h" 12 #include "chrome/browser/chromeos/cros/network_ui_data.h"
13 #include "chrome/browser/policy/policy_service.h" 13 #include "chrome/browser/policy/policy_service.h"
14 #include "chromeos/network/onc/onc_constants.h" 14 #include "chromeos/network/onc/onc_constants.h"
15 15
16 namespace base { 16 namespace base {
17 class Value; 17 class Value;
18 } 18 }
19 19
20 namespace net {
21 class CertTrustAnchorProvider;
22 }
23
20 namespace policy { 24 namespace policy {
21 25
22 class PolicyMap; 26 class PolicyMap;
23 27
24 // Keeps track of the network configuration policy settings and Shill's 28 // Keeps track of the network configuration policy settings and Shill's
25 // profiles. Requests the NetworkLibrary to apply the ONC of the network 29 // profiles. Requests the NetworkLibrary to apply the ONC of the network
26 // policies every time one of the relevant policies or Shill's profiles changes 30 // policies every time one of the relevant policies or Shill's profiles changes
27 // or OnUserPolicyInitialized() is called. If the user policy is available, 31 // or OnUserPolicyInitialized() is called. If the user policy is available,
28 // always both the device and the user policy are applied. Otherwise only the 32 // always both the device and the user policy are applied. Otherwise only the
29 // device policy is applied. 33 // device policy is applied.
30 class NetworkConfigurationUpdater 34 class NetworkConfigurationUpdater
31 : public chromeos::NetworkLibrary::NetworkProfileObserver { 35 : public chromeos::NetworkLibrary::NetworkProfileObserver {
32 public: 36 public:
33 NetworkConfigurationUpdater(PolicyService* policy_service, 37 NetworkConfigurationUpdater(PolicyService* policy_service,
34 chromeos::NetworkLibrary* network_library); 38 chromeos::NetworkLibrary* network_library);
35 virtual ~NetworkConfigurationUpdater(); 39 virtual ~NetworkConfigurationUpdater();
36 40
37 // NetworkProfileObserver overrides. 41 // NetworkProfileObserver overrides.
38 virtual void OnProfileListChanged() OVERRIDE; 42 virtual void OnProfileListChanged() OVERRIDE;
39 43
40 // Notifies this updater that the user policy is initialized. Before this 44 // Notifies this updater that the user policy is initialized. Before this
41 // function is called, the user policy is not applied. Afterwards, always both 45 // function is called, the user policy is not applied. Afterwards, always both
42 // device and user policy are applied as described in the class comment. This 46 // device and user policy are applied as described in the class comment. This
43 // function also triggers an immediate policy application of both device and 47 // function also triggers an immediate policy application of both device and
44 // user policy. 48 // user policy.
45 void OnUserPolicyInitialized(); 49 void OnUserPolicyInitialized();
46 50
47 // Web trust isn't given to certificates imported from ONC by default. Setting 51 // Web trust isn't given to certificates imported from ONC by default. Setting
48 // |allow_web_trust| to true allows giving Web trust to the certificates that 52 // |allow| to true allows giving Web trust to the certificates that
49 // request it. 53 // request it.
50 void set_allow_web_trust(bool allow) { allow_web_trust_ = allow; } 54 void set_allow_trusted_certificates_from_policy(bool allow) {
55 allow_trusted_certificates_from_policy_ = allow;
56 }
57
58 // Returns a CertTrustAnchorProvider that provides the list of server and
59 // CA certificates with the Web trust flag set that were retrieved from the
60 // last user ONC policy update.
61 // This getter must be used on UI, and the provider must be used on IO. It
Greg Spencer (Chromium) 2013/04/01 16:03:42 "on UI" --> "on the UI thread" (same with IO)
Joao da Silva 2013/04/03 15:24:39 Done.
62 // is only valid as long as the NetworkConfigurationUpdater is valid; the
63 // NetworkConfigurationUpdater outlives all the profiles, and deletes the
64 // provider on the IO thread.
65 net::CertTrustAnchorProvider* GetCertTrustAnchorProvider();
51 66
52 private: 67 private:
53 // Callback that's called by |policy_service_| if the respective ONC policy 68 // Callback that's called by |policy_service_| if the respective ONC policy
54 // changed. 69 // changed.
55 void OnPolicyChanged(chromeos::onc::ONCSource onc_source, 70 void OnPolicyChanged(chromeos::onc::ONCSource onc_source,
56 const base::Value* previous, 71 const base::Value* previous,
57 const base::Value* current); 72 const base::Value* current);
58 73
59 // Retrieves the ONC policies from |policy_service_| and pushes the 74 // Retrieves the ONC policies from |policy_service_| and pushes the
60 // configurations to |network_library_|. Ensures that a device policy is 75 // configurations to |network_library_|. Ensures that a device policy is
61 // always overwritten by a user policy. 76 // always overwritten by a user policy.
62 void ApplyNetworkConfigurations(); 77 void ApplyNetworkConfigurations();
63 78
64 // Push the policy stored at |policy_key| for |onc_source| to 79 // Push the policy stored at |policy_key| for |onc_source| to
65 // |network_library_|. 80 // |network_library_|.
66 void ApplyNetworkConfiguration(const std::string& policy_key, 81 void ApplyNetworkConfiguration(const std::string& policy_key,
67 chromeos::onc::ONCSource onc_source); 82 chromeos::onc::ONCSource onc_source);
68 83
69 // Wraps the policy service we read network configuration from. 84 // Wraps the policy service we read network configuration from.
70 PolicyChangeRegistrar policy_change_registrar_; 85 PolicyChangeRegistrar policy_change_registrar_;
71 86
72 // Network library to write network configuration to. 87 // Network library to write network configuration to.
73 chromeos::NetworkLibrary* network_library_; 88 chromeos::NetworkLibrary* network_library_;
74 89
75 // Whether the user policy is already available. 90 // Whether the user policy is already available.
76 bool user_policy_initialized_; 91 bool user_policy_initialized_;
77 92
78 // Whether Web trust is allowed or not. 93 // Whether Web trust is allowed or not.
79 bool allow_web_trust_; 94 bool allow_trusted_certificates_from_policy_;
80 95
81 // The policy service storing the ONC policies. 96 // The policy service storing the ONC policies.
82 PolicyService* policy_service_; 97 PolicyService* policy_service_;
83 98
99 // An implementation of CertTrustAnchorProvider. Owned by the updater, but
100 // lives on the IO thread.
101 net::CertTrustAnchorProvider* cert_trust_provider_;
102
84 DISALLOW_COPY_AND_ASSIGN(NetworkConfigurationUpdater); 103 DISALLOW_COPY_AND_ASSIGN(NetworkConfigurationUpdater);
85 }; 104 };
86 105
87 } // namespace policy 106 } // namespace policy
88 107
89 #endif // CHROME_BROWSER_CHROMEOS_POLICY_NETWORK_CONFIGURATION_UPDATER_H_ 108 #endif // CHROME_BROWSER_CHROMEOS_POLICY_NETWORK_CONFIGURATION_UPDATER_H_
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698