Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(107)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chromeos/policy/network_configuration_updater.h

Issue 13035003: Added a PolicyCertVerifier that uses the trust anchors from the ONC policies. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: addressed comments Created 7 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/chromeos/cros/network_library_unittest.cc ('k') | chrome/browser/chromeos/policy/network_configuration_updater.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chromeos/policy/network_configuration_updater.h
diff --git a/chrome/browser/chromeos/policy/network_configuration_updater.h b/chrome/browser/chromeos/policy/network_configuration_updater.h
index bd0bcd94619a928c0df5c7d04a71b36da042947d..5c817a5e4cabfeb959f63429c73c630cbddd30a2 100644
--- a/chrome/browser/chromeos/policy/network_configuration_updater.h
+++ b/chrome/browser/chromeos/policy/network_configuration_updater.h
@@ -17,6 +17,10 @@ namespace base {
class Value;
}
+namespace net {
+class CertTrustAnchorProvider;
+}
+
namespace policy {
class PolicyMap;
@@ -45,9 +49,20 @@ class NetworkConfigurationUpdater
void OnUserPolicyInitialized();
// Web trust isn't given to certificates imported from ONC by default. Setting
- // |allow_web_trust| to true allows giving Web trust to the certificates that
+ // |allow| to true allows giving Web trust to the certificates that
// request it.
- void set_allow_web_trust(bool allow) { allow_web_trust_ = allow; }
+ void set_allow_trusted_certificates_from_policy(bool allow) {
+ allow_trusted_certificates_from_policy_ = allow;
+ }
+
+ // Returns a CertTrustAnchorProvider that provides the list of server and
+ // CA certificates with the Web trust flag set that were retrieved from the
+ // last user ONC policy update.
+ // This getter must be used on the UI thread, and the provider must be used
+ // on the IO thread. It is only valid as long as the
+ // NetworkConfigurationUpdater is valid; the NetworkConfigurationUpdater
+ // outlives all the profiles, and deletes the provider on the IO thread.
+ net::CertTrustAnchorProvider* GetCertTrustAnchorProvider();
private:
// Callback that's called by |policy_service_| if the respective ONC policy
@@ -76,11 +91,15 @@ class NetworkConfigurationUpdater
bool user_policy_initialized_;
// Whether Web trust is allowed or not.
- bool allow_web_trust_;
+ bool allow_trusted_certificates_from_policy_;
// The policy service storing the ONC policies.
PolicyService* policy_service_;
+ // An implementation of CertTrustAnchorProvider. Owned by the updater, but
+ // lives on the IO thread.
+ net::CertTrustAnchorProvider* cert_trust_provider_;
+
DISALLOW_COPY_AND_ASSIGN(NetworkConfigurationUpdater);
};
« no previous file with comments | « chrome/browser/chromeos/cros/network_library_unittest.cc ('k') | chrome/browser/chromeos/policy/network_configuration_updater.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698