| Index: chrome/browser/chromeos/policy/network_configuration_updater.cc
|
| diff --git a/chrome/browser/chromeos/policy/network_configuration_updater.cc b/chrome/browser/chromeos/policy/network_configuration_updater.cc
|
| index 1eb60290b273a2d042b127c5c2f59bb69ea46064..3aca2a8f62c61b272c747738ed1bcfebc3bbf4b9 100644
|
| --- a/chrome/browser/chromeos/policy/network_configuration_updater.cc
|
| +++ b/chrome/browser/chromeos/policy/network_configuration_updater.cc
|
| @@ -8,14 +8,51 @@
|
|
|
| #include "base/bind.h"
|
| #include "base/bind_helpers.h"
|
| +#include "base/command_line.h"
|
| +#include "base/logging.h"
|
| +#include "base/memory/scoped_ptr.h"
|
| #include "chrome/browser/chromeos/cros/network_library.h"
|
| #include "chrome/browser/policy/policy_map.h"
|
| +#include "chrome/common/chrome_switches.h"
|
| #include "chromeos/network/onc/onc_constants.h"
|
| #include "chromeos/network/onc/onc_utils.h"
|
| +#include "content/public/browser/browser_thread.h"
|
| +#include "net/cert/cert_trust_anchor_provider.h"
|
| +#include "net/cert/x509_certificate.h"
|
| #include "policy/policy_constants.h"
|
|
|
| +using content::BrowserThread;
|
| +
|
| namespace policy {
|
|
|
| +namespace {
|
| +
|
| +// A simple implementation of net::CertTrustAnchorProvider that returns a list
|
| +// of certificates that can be set by the owner of this object.
|
| +class CrosTrustAnchorProvider : public net::CertTrustAnchorProvider {
|
| + public:
|
| + CrosTrustAnchorProvider() {}
|
| + virtual ~CrosTrustAnchorProvider() {}
|
| +
|
| + // CertTrustAnchorProvider overrides.
|
| + virtual const net::CertificateList& GetAdditionalTrustAnchors() OVERRIDE {
|
| + DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
|
| + return trust_anchors_;
|
| + }
|
| +
|
| + void SetTrustAnchors(scoped_ptr<net::CertificateList> trust_anchors) {
|
| + DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
|
| + trust_anchors_.swap(*trust_anchors);
|
| + }
|
| +
|
| + private:
|
| + net::CertificateList trust_anchors_;
|
| +
|
| + DISALLOW_COPY_AND_ASSIGN(CrosTrustAnchorProvider);
|
| +};
|
| +
|
| +} // namespace
|
| +
|
| NetworkConfigurationUpdater::NetworkConfigurationUpdater(
|
| PolicyService* policy_service,
|
| chromeos::NetworkLibrary* network_library)
|
| @@ -23,8 +60,9 @@ NetworkConfigurationUpdater::NetworkConfigurationUpdater(
|
| policy_service, PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())),
|
| network_library_(network_library),
|
| user_policy_initialized_(false),
|
| - allow_web_trust_(false),
|
| - policy_service_(policy_service) {
|
| + allow_trusted_certificates_from_policy_(false),
|
| + policy_service_(policy_service),
|
| + cert_trust_provider_(new CrosTrustAnchorProvider()) {
|
| DCHECK(network_library_);
|
| policy_change_registrar_.Observe(
|
| key::kDeviceOpenNetworkConfiguration,
|
| @@ -45,6 +83,10 @@ NetworkConfigurationUpdater::NetworkConfigurationUpdater(
|
|
|
| NetworkConfigurationUpdater::~NetworkConfigurationUpdater() {
|
| network_library_->RemoveNetworkProfileObserver(this);
|
| + bool posted = BrowserThread::DeleteSoon(
|
| + BrowserThread::IO, FROM_HERE, cert_trust_provider_);
|
| + if (!posted)
|
| + delete cert_trust_provider_;
|
| }
|
|
|
| void NetworkConfigurationUpdater::OnProfileListChanged() {
|
| @@ -58,6 +100,12 @@ void NetworkConfigurationUpdater::OnUserPolicyInitialized() {
|
| ApplyNetworkConfigurations();
|
| }
|
|
|
| +net::CertTrustAnchorProvider*
|
| + NetworkConfigurationUpdater::GetCertTrustAnchorProvider() {
|
| + DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
|
| + return cert_trust_provider_;
|
| +}
|
| +
|
| void NetworkConfigurationUpdater::OnPolicyChanged(
|
| chromeos::onc::ONCSource onc_source,
|
| const base::Value* previous,
|
| @@ -101,10 +149,23 @@ void NetworkConfigurationUpdater::ApplyNetworkConfiguration(
|
| if (new_network_config.empty())
|
| new_network_config = chromeos::onc::kEmptyUnencryptedConfiguration;
|
|
|
| + scoped_ptr<net::CertificateList> web_trust_certs(new net::CertificateList());
|
| if (!network_library_->LoadOncNetworks(new_network_config, "", onc_source,
|
| - allow_web_trust_)) {
|
| + web_trust_certs.get())) {
|
| LOG(ERROR) << "Errors occurred during the ONC policy application.";
|
| }
|
| +
|
| + CommandLine* command_line = CommandLine::ForCurrentProcess();
|
| + if (onc_source == chromeos::onc::ONC_SOURCE_USER_POLICY &&
|
| + allow_trusted_certificates_from_policy_ &&
|
| + command_line->HasSwitch(switches::kEnableWebTrustCerts)) {
|
| + BrowserThread::PostTask(
|
| + BrowserThread::IO, FROM_HERE,
|
| + base::Bind(&CrosTrustAnchorProvider::SetTrustAnchors,
|
| + base::Unretained(static_cast<CrosTrustAnchorProvider*>(
|
| + cert_trust_provider_)),
|
| + base::Passed(&web_trust_certs)));
|
| + }
|
| }
|
|
|
| } // namespace policy
|
|
|
Chromium Code Reviews
Issue 13035003:
Added a PolicyCertVerifier that uses the trust anchors from the ONC policies. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src