Chromium Code Reviews Chromium Code Reviews
Issue 148183013:
Use per-user nssdb in onc certificate importer (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" | 5 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/values.h" | |
| 11 #include "chrome/browser/chrome_notification_types.h" | |
| 10 #include "chrome/browser/chromeos/login/user.h" | 12 #include "chrome/browser/chromeos/login/user.h" |
| 11 #include "chrome/browser/chromeos/net/onc_utils.h" | 13 #include "chrome/browser/chromeos/net/onc_utils.h" |
| 14 #include "chrome/browser/net/nss_context.h" | |
| 15 #include "chrome/browser/profiles/profile.h" | |
| 12 #include "chromeos/network/managed_network_configuration_handler.h" | 16 #include "chromeos/network/managed_network_configuration_handler.h" |
| 13 #include "chromeos/network/onc/onc_certificate_importer.h" | 17 #include "chromeos/network/onc/onc_certificate_importer_impl.h" |
| 14 #include "content/public/browser/browser_thread.h" | 18 #include "content/public/browser/browser_thread.h" |
| 19 #include "content/public/browser/notification_source.h" | |
| 15 #include "net/cert/x509_certificate.h" | 20 #include "net/cert/x509_certificate.h" |
| 16 #include "policy/policy_constants.h" | 21 #include "policy/policy_constants.h" |
| 17 | 22 |
| 23 namespace { | |
| 24 | |
| 25 bool skip_certificate_importer_creation_for_test = false; | |
| 26 | |
| 27 } // namespace | |
| 28 | |
| 18 namespace policy { | 29 namespace policy { |
| 19 | 30 |
| 20 UserNetworkConfigurationUpdater::~UserNetworkConfigurationUpdater() {} | 31 UserNetworkConfigurationUpdater::~UserNetworkConfigurationUpdater() {} |
| 21 | 32 |
| 22 // static | 33 // static |
| 23 scoped_ptr<UserNetworkConfigurationUpdater> | 34 scoped_ptr<UserNetworkConfigurationUpdater> |
| 24 UserNetworkConfigurationUpdater::CreateForUserPolicy( | 35 UserNetworkConfigurationUpdater::CreateForUserPolicy( |
| 36 Profile* profile, | |
| 25 bool allow_trusted_certs_from_policy, | 37 bool allow_trusted_certs_from_policy, |
| 26 const chromeos::User& user, | 38 const chromeos::User& user, |
| 27 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer, | |
| 28 PolicyService* policy_service, | 39 PolicyService* policy_service, |
| 29 chromeos::ManagedNetworkConfigurationHandler* network_config_handler) { | 40 chromeos::ManagedNetworkConfigurationHandler* network_config_handler) { |
| 30 scoped_ptr<UserNetworkConfigurationUpdater> updater( | 41 scoped_ptr<UserNetworkConfigurationUpdater> updater( |
| 31 new UserNetworkConfigurationUpdater(allow_trusted_certs_from_policy, | 42 new UserNetworkConfigurationUpdater(profile, |
| 43 allow_trusted_certs_from_policy, | |
| 32 user, | 44 user, |
| 33 certificate_importer.Pass(), | |
| 34 policy_service, | 45 policy_service, |
| 35 network_config_handler)); | 46 network_config_handler)); |
| 36 updater->Init(); | 47 updater->Init(); |
| 37 return updater.Pass(); | 48 return updater.Pass(); |
| 38 } | 49 } |
| 39 | 50 |
| 40 void UserNetworkConfigurationUpdater::AddTrustedCertsObserver( | 51 void UserNetworkConfigurationUpdater::AddTrustedCertsObserver( |
| 41 WebTrustedCertsObserver* observer) { | 52 WebTrustedCertsObserver* observer) { |
| 42 observer_list_.AddObserver(observer); | 53 observer_list_.AddObserver(observer); |
| 43 } | 54 } |
| 44 | 55 |
| 45 void UserNetworkConfigurationUpdater::RemoveTrustedCertsObserver( | 56 void UserNetworkConfigurationUpdater::RemoveTrustedCertsObserver( |
| 46 WebTrustedCertsObserver* observer) { | 57 WebTrustedCertsObserver* observer) { |
| 47 observer_list_.RemoveObserver(observer); | 58 observer_list_.RemoveObserver(observer); |
| 48 } | 59 } |
| 49 | 60 |
| 50 UserNetworkConfigurationUpdater::UserNetworkConfigurationUpdater( | 61 UserNetworkConfigurationUpdater::UserNetworkConfigurationUpdater( |
| 62 Profile* profile, | |
| 51 bool allow_trusted_certs_from_policy, | 63 bool allow_trusted_certs_from_policy, |
| 52 const chromeos::User& user, | 64 const chromeos::User& user, |
| 53 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer, | |
| 54 PolicyService* policy_service, | 65 PolicyService* policy_service, |
| 55 chromeos::ManagedNetworkConfigurationHandler* network_config_handler) | 66 chromeos::ManagedNetworkConfigurationHandler* network_config_handler) |
| 56 : NetworkConfigurationUpdater(onc::ONC_SOURCE_USER_POLICY, | 67 : NetworkConfigurationUpdater(onc::ONC_SOURCE_USER_POLICY, |
| 57 key::kOpenNetworkConfiguration, | 68 key::kOpenNetworkConfiguration, |
| 58 certificate_importer.Pass(), | |
| 59 policy_service, | 69 policy_service, |
| 60 network_config_handler), | 70 network_config_handler), |
| 61 allow_trusted_certificates_from_policy_(allow_trusted_certs_from_policy), | 71 allow_trusted_certificates_from_policy_(allow_trusted_certs_from_policy), |
| 62 user_(&user) {} | 72 user_(&user), |
| 73 profile_(profile), | |
|
pneubeck (no reviews)
2014/02/07 08:56:35
please don't store Profile*.
They tend to be misus
| |
| 74 weak_factory_(this) { | |
| 75 // The updater is created with |certificate_importer_| unset and is | |
| 76 // responsible for creating it. This requires |GetNSSCertDatabaseForProfile| | |
| 77 // call, which is not safe before the profile initialization is finalized. | |
| 78 // Thus, listen for PROFILE_ADDED notification, on which |cert_importer_| | |
| 79 // creation should start. This behaviour can be disabled in tests. | |
| 80 if (!skip_certificate_importer_creation_for_test) { | |
| 81 registrar_.Add(this, | |
| 82 chrome::NOTIFICATION_PROFILE_ADDED, | |
| 83 content::Source<Profile>(profile)); | |
| 84 } | |
| 85 } | |
| 86 | |
| 87 void UserNetworkConfigurationUpdater::SetCertificateImporterForTest( | |
| 88 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer) { | |
| 89 SetCertificateImporter(certificate_importer.Pass()); | |
| 90 } | |
| 91 | |
| 92 // static | |
| 93 void UserNetworkConfigurationUpdater:: | |
| 94 SetSkipCertificateImporterCreationForTest(bool skip) { | |
| 95 skip_certificate_importer_creation_for_test = skip; | |
| 96 } | |
| 63 | 97 |
| 64 void UserNetworkConfigurationUpdater::GetWebTrustedCertificates( | 98 void UserNetworkConfigurationUpdater::GetWebTrustedCertificates( |
| 65 net::CertificateList* certs) const { | 99 net::CertificateList* certs) const { |
| 66 *certs = web_trust_certs_; | 100 *certs = web_trust_certs_; |
| 67 } | 101 } |
| 68 | 102 |
| 69 void UserNetworkConfigurationUpdater::ImportCertificates( | 103 void UserNetworkConfigurationUpdater::ImportCertificates( |
| 70 const base::ListValue& certificates_onc) { | 104 const base::ListValue& certificates_onc) { |
| 105 // If certificate importer is not yet set, cache the certificate onc. It will | |
| 106 // be imported when the certificate importer gets set. | |
| 107 if (!certificate_importer_) { | |
| 108 pending_certificates_onc_.reset(certificates_onc.DeepCopy()); | |
| 109 return; | |
| 110 } | |
| 111 | |
| 71 web_trust_certs_.clear(); | 112 web_trust_certs_.clear(); |
| 72 certificate_importer_->ImportCertificates( | 113 certificate_importer_->ImportCertificates( |
| 73 certificates_onc, | 114 certificates_onc, |
| 74 onc_source_, | 115 onc_source_, |
| 75 allow_trusted_certificates_from_policy_ ? &web_trust_certs_ : NULL); | 116 allow_trusted_certificates_from_policy_ ? &web_trust_certs_ : NULL); |
| 76 | 117 |
| 77 NotifyTrustAnchorsChanged(); | 118 NotifyTrustAnchorsChanged(); |
| 78 } | 119 } |
| 79 | 120 |
| 80 void UserNetworkConfigurationUpdater::ApplyNetworkPolicy( | 121 void UserNetworkConfigurationUpdater::ApplyNetworkPolicy( |
| 81 base::ListValue* network_configs_onc, | 122 base::ListValue* network_configs_onc, |
| 82 base::DictionaryValue* global_network_config) { | 123 base::DictionaryValue* global_network_config) { |
| 83 DCHECK(user_); | 124 DCHECK(user_); |
| 84 chromeos::onc::ExpandStringPlaceholdersInNetworksForUser(user_, | 125 chromeos::onc::ExpandStringPlaceholdersInNetworksForUser(user_, |
| 85 network_configs_onc); | 126 network_configs_onc); |
| 86 network_config_handler_->SetPolicy(onc_source_, | 127 network_config_handler_->SetPolicy(onc_source_, |
| 87 user_->username_hash(), | 128 user_->username_hash(), |
| 88 *network_configs_onc, | 129 *network_configs_onc, |
| 89 *global_network_config); | 130 *global_network_config); |
| 90 } | 131 } |
| 91 | 132 |
| 133 void UserNetworkConfigurationUpdater::Observe( | |
| 134 int type, | |
| 135 const content::NotificationSource& source, | |
| 136 const content::NotificationDetails& details) { | |
| 137 DCHECK_EQ(type, chrome::NOTIFICATION_PROFILE_ADDED); | |
| 138 Profile* profile = content::Source<Profile>(source).ptr(); | |
| 139 DCHECK_EQ(profile_, profile); | |
| 140 | |
| 141 if (skip_certificate_importer_creation_for_test) | |
| 142 return; | |
| 143 | |
| 144 GetNSSCertDatabaseForProfile( | |
| 145 profile, | |
| 146 base::Bind( | |
| 147 &UserNetworkConfigurationUpdater::CreateAndSetCertificateImporter, | |
| 148 weak_factory_.GetWeakPtr())); | |
| 149 } | |
| 150 | |
| 151 void UserNetworkConfigurationUpdater::CreateAndSetCertificateImporter( | |
| 152 net::NSSCertDatabase* database) { | |
| 153 DCHECK(database); | |
| 154 SetCertificateImporter(scoped_ptr<chromeos::onc::CertificateImporter>( | |
| 155 new chromeos::onc::CertificateImporterImpl(database))); | |
| 156 } | |
| 157 | |
| 158 void UserNetworkConfigurationUpdater::SetCertificateImporter( | |
| 159 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer) { | |
| 160 certificate_importer_ = certificate_importer.Pass(); | |
| 161 | |
| 162 if (pending_certificates_onc_) | |
| 163 ImportCertificates(*pending_certificates_onc_); | |
| 164 pending_certificates_onc_.reset(); | |
| 165 } | |
| 166 | |
| 92 void UserNetworkConfigurationUpdater::NotifyTrustAnchorsChanged() { | 167 void UserNetworkConfigurationUpdater::NotifyTrustAnchorsChanged() { |
| 93 FOR_EACH_OBSERVER(WebTrustedCertsObserver, | 168 FOR_EACH_OBSERVER(WebTrustedCertsObserver, |
| 94 observer_list_, | 169 observer_list_, |
| 95 OnTrustAnchorsChanged(web_trust_certs_)); | 170 OnTrustAnchorsChanged(web_trust_certs_)); |
| 96 } | 171 } |
| 97 | 172 |
| 98 } // namespace policy | 173 } // namespace policy |
| OLD | NEW |
