| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/network_configuration_updater_impl_cros
.h" | 5 #include "chrome/browser/chromeos/policy/network_configuration_updater_impl_cros
.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/memory/scoped_ptr.h" | 12 #include "base/values.h" |
| 13 #include "chrome/browser/chromeos/cros/network_library.h" | 13 #include "chrome/browser/chromeos/cros/network_library.h" |
| 14 #include "chrome/browser/policy/policy_map.h" | 14 #include "chrome/browser/policy/policy_map.h" |
| 15 #include "chromeos/network/certificate_handler.h" |
| 15 #include "chromeos/network/onc/onc_constants.h" | 16 #include "chromeos/network/onc/onc_constants.h" |
| 16 #include "chromeos/network/onc/onc_utils.h" | 17 #include "chromeos/network/onc/onc_utils.h" |
| 17 #include "content/public/browser/browser_thread.h" | |
| 18 #include "net/cert/cert_trust_anchor_provider.h" | |
| 19 #include "net/cert/x509_certificate.h" | |
| 20 #include "policy/policy_constants.h" | 18 #include "policy/policy_constants.h" |
| 21 | 19 |
| 22 using content::BrowserThread; | |
| 23 | |
| 24 namespace policy { | 20 namespace policy { |
| 25 | 21 |
| 26 namespace { | |
| 27 | |
| 28 // A simple implementation of net::CertTrustAnchorProvider that returns a list | |
| 29 // of certificates that can be set by the owner of this object. | |
| 30 class CrosTrustAnchorProvider : public net::CertTrustAnchorProvider { | |
| 31 public: | |
| 32 CrosTrustAnchorProvider() {} | |
| 33 virtual ~CrosTrustAnchorProvider() {} | |
| 34 | |
| 35 // CertTrustAnchorProvider overrides. | |
| 36 virtual const net::CertificateList& GetAdditionalTrustAnchors() OVERRIDE { | |
| 37 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | |
| 38 return trust_anchors_; | |
| 39 } | |
| 40 | |
| 41 void SetTrustAnchors(scoped_ptr<net::CertificateList> trust_anchors) { | |
| 42 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | |
| 43 trust_anchors_.swap(*trust_anchors); | |
| 44 } | |
| 45 | |
| 46 private: | |
| 47 net::CertificateList trust_anchors_; | |
| 48 | |
| 49 DISALLOW_COPY_AND_ASSIGN(CrosTrustAnchorProvider); | |
| 50 }; | |
| 51 | |
| 52 } // namespace | |
| 53 | |
| 54 NetworkConfigurationUpdaterImplCros::NetworkConfigurationUpdaterImplCros( | 22 NetworkConfigurationUpdaterImplCros::NetworkConfigurationUpdaterImplCros( |
| 55 PolicyService* policy_service, | 23 PolicyService* policy_service, |
| 56 chromeos::NetworkLibrary* network_library) | 24 chromeos::NetworkLibrary* network_library, |
| 25 scoped_ptr<chromeos::CertificateHandler> certificate_handler) |
| 57 : policy_change_registrar_( | 26 : policy_change_registrar_( |
| 58 policy_service, PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())), | 27 policy_service, PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())), |
| 59 network_library_(network_library), | 28 network_library_(network_library), |
| 29 certificate_handler_(certificate_handler.Pass()), |
| 60 user_policy_initialized_(false), | 30 user_policy_initialized_(false), |
| 61 allow_trusted_certificates_from_policy_(false), | 31 policy_service_(policy_service) { |
| 62 policy_service_(policy_service), | |
| 63 cert_trust_provider_(new CrosTrustAnchorProvider()) { | |
| 64 DCHECK(network_library_); | 32 DCHECK(network_library_); |
| 65 policy_change_registrar_.Observe( | 33 policy_change_registrar_.Observe( |
| 66 key::kDeviceOpenNetworkConfiguration, | 34 key::kDeviceOpenNetworkConfiguration, |
| 67 base::Bind(&NetworkConfigurationUpdaterImplCros::OnPolicyChanged, | 35 base::Bind(&NetworkConfigurationUpdaterImplCros::OnPolicyChanged, |
| 68 base::Unretained(this), | 36 base::Unretained(this), |
| 69 chromeos::onc::ONC_SOURCE_DEVICE_POLICY)); | 37 chromeos::onc::ONC_SOURCE_DEVICE_POLICY)); |
| 70 policy_change_registrar_.Observe( | 38 policy_change_registrar_.Observe( |
| 71 key::kOpenNetworkConfiguration, | 39 key::kOpenNetworkConfiguration, |
| 72 base::Bind(&NetworkConfigurationUpdaterImplCros::OnPolicyChanged, | 40 base::Bind(&NetworkConfigurationUpdaterImplCros::OnPolicyChanged, |
| 73 base::Unretained(this), | 41 base::Unretained(this), |
| 74 chromeos::onc::ONC_SOURCE_USER_POLICY)); | 42 chromeos::onc::ONC_SOURCE_USER_POLICY)); |
| 75 | 43 |
| 76 network_library_->AddNetworkProfileObserver(this); | 44 network_library_->AddNetworkProfileObserver(this); |
| 77 | 45 |
| 78 // Apply the current policies immediately. | 46 // Apply the current policies immediately. |
| 79 ApplyNetworkConfigurations(); | 47 ApplyNetworkConfigurations(); |
| 80 } | 48 } |
| 81 | 49 |
| 82 NetworkConfigurationUpdaterImplCros::~NetworkConfigurationUpdaterImplCros() { | 50 NetworkConfigurationUpdaterImplCros::~NetworkConfigurationUpdaterImplCros() { |
| 83 network_library_->RemoveNetworkProfileObserver(this); | 51 network_library_->RemoveNetworkProfileObserver(this); |
| 84 bool posted = BrowserThread::DeleteSoon( | |
| 85 BrowserThread::IO, FROM_HERE, cert_trust_provider_); | |
| 86 if (!posted) | |
| 87 delete cert_trust_provider_; | |
| 88 } | 52 } |
| 89 | 53 |
| 90 void NetworkConfigurationUpdaterImplCros::OnProfileListChanged() { | 54 void NetworkConfigurationUpdaterImplCros::OnProfileListChanged() { |
| 91 VLOG(1) << "Network profile list changed, applying policies."; | 55 VLOG(1) << "Network profile list changed, applying policies."; |
| 92 ApplyNetworkConfigurations(); | 56 ApplyNetworkConfigurations(); |
| 93 } | 57 } |
| 94 | 58 |
| 95 void NetworkConfigurationUpdaterImplCros::OnUserPolicyInitialized() { | 59 void NetworkConfigurationUpdaterImplCros::OnUserPolicyInitialized() { |
| 96 VLOG(1) << "User policy initialized, applying policies."; | 60 VLOG(1) << "User policy initialized, applying policies."; |
| 97 user_policy_initialized_ = true; | 61 user_policy_initialized_ = true; |
| 98 ApplyNetworkConfigurations(); | 62 ApplyNetworkConfigurations(); |
| 99 } | 63 } |
| 100 | 64 |
| 101 void NetworkConfigurationUpdaterImplCros:: | |
| 102 set_allow_trusted_certificates_from_policy(bool allow) { | |
| 103 allow_trusted_certificates_from_policy_ = allow; | |
| 104 } | |
| 105 | |
| 106 net::CertTrustAnchorProvider* | |
| 107 NetworkConfigurationUpdaterImplCros::GetCertTrustAnchorProvider() { | |
| 108 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 109 return cert_trust_provider_; | |
| 110 } | |
| 111 | |
| 112 void NetworkConfigurationUpdaterImplCros::OnPolicyChanged( | 65 void NetworkConfigurationUpdaterImplCros::OnPolicyChanged( |
| 113 chromeos::onc::ONCSource onc_source, | 66 chromeos::onc::ONCSource onc_source, |
| 114 const base::Value* previous, | 67 const base::Value* previous, |
| 115 const base::Value* current) { | 68 const base::Value* current) { |
| 116 VLOG(1) << "Policy for ONC source " | 69 VLOG(1) << "Policy for ONC source " |
| 117 << chromeos::onc::GetSourceAsString(onc_source) << " changed."; | 70 << chromeos::onc::GetSourceAsString(onc_source) << " changed."; |
| 118 ApplyNetworkConfigurations(); | 71 ApplyNetworkConfigurations(); |
| 119 } | 72 } |
| 120 | 73 |
| 121 void NetworkConfigurationUpdaterImplCros::ApplyNetworkConfigurations() { | 74 void NetworkConfigurationUpdaterImplCros::ApplyNetworkConfigurations() { |
| 122 ApplyNetworkConfiguration(key::kDeviceOpenNetworkConfiguration, | 75 ApplyNetworkConfiguration(key::kDeviceOpenNetworkConfiguration, |
| 123 chromeos::onc::ONC_SOURCE_DEVICE_POLICY); | 76 chromeos::onc::ONC_SOURCE_DEVICE_POLICY); |
| 124 if (user_policy_initialized_) { | 77 if (user_policy_initialized_) { |
| 125 ApplyNetworkConfiguration(key::kOpenNetworkConfiguration, | 78 ApplyNetworkConfiguration(key::kOpenNetworkConfiguration, |
| 126 chromeos::onc::ONC_SOURCE_USER_POLICY); | 79 chromeos::onc::ONC_SOURCE_USER_POLICY); |
| 127 } | 80 } |
| 128 } | 81 } |
| 129 | 82 |
| 130 void NetworkConfigurationUpdaterImplCros::ApplyNetworkConfiguration( | 83 void NetworkConfigurationUpdaterImplCros::ApplyNetworkConfiguration( |
| 131 const std::string& policy_key, | 84 const std::string& policy_key, |
| 132 chromeos::onc::ONCSource onc_source) { | 85 chromeos::onc::ONCSource onc_source) { |
| 133 VLOG(1) << "Apply policy for ONC source " | 86 VLOG(1) << "Apply policy for ONC source " |
| 134 << chromeos::onc::GetSourceAsString(onc_source); | 87 << chromeos::onc::GetSourceAsString(onc_source); |
| 135 const PolicyMap& policies = policy_service_->GetPolicies( | 88 const PolicyMap& policies = policy_service_->GetPolicies( |
| 136 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())); | 89 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())); |
| 137 const base::Value* policy_value = policies.GetValue(policy_key); | 90 const base::Value* policy_value = policies.GetValue(policy_key); |
| 138 | 91 |
| 139 std::string new_network_config; | 92 std::string onc_blob; |
| 140 if (policy_value != NULL) { | 93 if (policy_value != NULL) { |
| 141 // If the policy is not a string, we issue a warning, but still clear the | 94 // If the policy is not a string, we issue a warning, but still clear the |
| 142 // network configuration. | 95 // network configuration. |
| 143 if (!policy_value->GetAsString(&new_network_config)) { | 96 if (!policy_value->GetAsString(&onc_blob)) { |
| 144 LOG(WARNING) << "ONC policy for source " | 97 LOG(WARNING) << "ONC policy for source " |
| 145 << chromeos::onc::GetSourceAsString(onc_source) | 98 << chromeos::onc::GetSourceAsString(onc_source) |
| 146 << " is not a string value."; | 99 << " is not a string value."; |
| 147 } | 100 } |
| 148 } | 101 } |
| 149 | 102 |
| 150 // An empty string is not a valid ONC and generates warnings and | 103 base::ListValue network_configs; |
| 151 // errors. Replace by a valid empty configuration. | 104 base::ListValue certificates; |
| 152 if (new_network_config.empty()) | 105 ParseAndValidateOncForImport( |
| 153 new_network_config = chromeos::onc::kEmptyUnencryptedConfiguration; | 106 onc_blob, onc_source, "", &network_configs, &certificates); |
| 154 | 107 |
| 155 scoped_ptr<net::CertificateList> web_trust_certs(new net::CertificateList()); | 108 network_library_->LoadOncNetworks(network_configs, onc_source); |
| 156 if (!network_library_->LoadOncNetworks(new_network_config, "", onc_source, | |
| 157 web_trust_certs.get())) { | |
| 158 LOG(ERROR) << "Errors occurred during the ONC policy application."; | |
| 159 } | |
| 160 | 109 |
| 161 if (onc_source == chromeos::onc::ONC_SOURCE_USER_POLICY && | 110 scoped_ptr<net::CertificateList> web_trust_certs(new net::CertificateList); |
| 162 allow_trusted_certificates_from_policy_) { | 111 certificate_handler_->ImportCertificates( |
| 163 BrowserThread::PostTask( | 112 certificates, onc_source, web_trust_certs.get()); |
| 164 BrowserThread::IO, FROM_HERE, | 113 |
| 165 base::Bind(&CrosTrustAnchorProvider::SetTrustAnchors, | 114 if (onc_source == chromeos::onc::ONC_SOURCE_USER_POLICY) |
| 166 base::Unretained(static_cast<CrosTrustAnchorProvider*>( | 115 SetTrustAnchors(web_trust_certs.Pass()); |
| 167 cert_trust_provider_)), | |
| 168 base::Passed(&web_trust_certs))); | |
| 169 } | |
| 170 } | 116 } |
| 171 | 117 |
| 172 } // namespace policy | 118 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14192017:
Extract certificate policy application from NetworkLibrary. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src