Chromium Code Reviews Chromium Code Reviews
Issue 148183013:
Use per-user nssdb in onc certificate importer (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_ | 6 #define CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_ |
| 7 | 7 |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 11 #include "base/compiler_specific.h" | 11 #include "base/compiler_specific.h" |
| 12 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
| 13 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
| 14 #include "base/observer_list.h" | 14 #include "base/observer_list.h" |
| 15 #include "chrome/browser/chromeos/policy/network_configuration_updater.h" | 15 #include "chrome/browser/chromeos/policy/network_configuration_updater.h" |
| 16 #include "components/browser_context_keyed_service/browser_context_keyed_service .h" | 16 #include "components/browser_context_keyed_service/browser_context_keyed_service .h" |
| 17 | 17 |
| 18 namespace base { | |
| 19 class ListValue; | |
| 20 } | |
| 21 | |
| 18 namespace chromeos { | 22 namespace chromeos { |
| 19 class User; | 23 class User; |
| 24 | |
| 25 namespace onc { | |
| 26 class CertificateImporter; | |
| 27 } | |
| 20 } | 28 } |
| 21 | 29 |
| 22 namespace net { | 30 namespace net { |
| 23 class X509Certificate; | 31 class X509Certificate; |
| 24 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; | 32 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; |
| 25 } | 33 } |
| 26 | 34 |
| 27 namespace policy { | 35 namespace policy { |
| 28 | 36 |
| 29 class PolicyService; | 37 class PolicyService; |
| (...skipping 15 matching lines...) Expand all Loading... | |
| 45 virtual ~UserNetworkConfigurationUpdater(); | 53 virtual ~UserNetworkConfigurationUpdater(); |
| 46 | 54 |
| 47 // Creates an updater that applies the ONC user policy from |policy_service| | 55 // Creates an updater that applies the ONC user policy from |policy_service| |
| 48 // for user |user| once the policy service is completely initialized and on | 56 // for user |user| once the policy service is completely initialized and on |
| 49 // each policy change. Imported certificates, that request it, are only | 57 // each policy change. Imported certificates, that request it, are only |
| 50 // granted Web trust if |allow_trusted_certs_from_policy| is true. A reference | 58 // granted Web trust if |allow_trusted_certs_from_policy| is true. A reference |
| 51 // to |user| is stored. It must outlive the returned updater. | 59 // to |user| is stored. It must outlive the returned updater. |
| 52 static scoped_ptr<UserNetworkConfigurationUpdater> CreateForUserPolicy( | 60 static scoped_ptr<UserNetworkConfigurationUpdater> CreateForUserPolicy( |
| 53 bool allow_trusted_certs_from_policy, | 61 bool allow_trusted_certs_from_policy, |
| 54 const chromeos::User& user, | 62 const chromeos::User& user, |
| 55 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer, | |
| 56 PolicyService* policy_service, | 63 PolicyService* policy_service, |
| 57 chromeos::ManagedNetworkConfigurationHandler* network_config_handler); | 64 chromeos::ManagedNetworkConfigurationHandler* network_config_handler); |
| 58 | 65 |
| 59 void AddTrustedCertsObserver(WebTrustedCertsObserver* observer); | 66 void AddTrustedCertsObserver(WebTrustedCertsObserver* observer); |
| 60 void RemoveTrustedCertsObserver(WebTrustedCertsObserver* observer); | 67 void RemoveTrustedCertsObserver(WebTrustedCertsObserver* observer); |
| 61 | 68 |
| 69 // Sets the certificate importer that should be used to import certificate | |
| 70 // policies. If there is |pending_policy_onc_|, it gets imported. | |
|
pneubeck (no reviews)
2014/02/06 09:37:46
pending_policy_onc_ -> pending_certificates_onc_
tbarzic
2014/02/06 23:02:36
Done.
| |
| 71 void SetCertificateImporter( | |
| 72 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer); | |
| 73 | |
| 62 // Sets |certs| to the list of Web trusted server and CA certificates from the | 74 // Sets |certs| to the list of Web trusted server and CA certificates from the |
| 63 // last received policy. | 75 // last received policy. |
| 64 void GetWebTrustedCertificates(net::CertificateList* certs) const; | 76 void GetWebTrustedCertificates(net::CertificateList* certs) const; |
| 65 | 77 |
| 66 private: | 78 private: |
| 67 class CrosTrustAnchorProvider; | 79 class CrosTrustAnchorProvider; |
| 68 | 80 |
| 69 UserNetworkConfigurationUpdater( | 81 UserNetworkConfigurationUpdater( |
| 70 bool allow_trusted_certs_from_policy, | 82 bool allow_trusted_certs_from_policy, |
| 71 const chromeos::User& user, | 83 const chromeos::User& user, |
| 72 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer, | |
| 73 PolicyService* policy_service, | 84 PolicyService* policy_service, |
| 74 chromeos::ManagedNetworkConfigurationHandler* network_config_handler); | 85 chromeos::ManagedNetworkConfigurationHandler* network_config_handler); |
| 75 | 86 |
| 76 virtual void ImportCertificates( | 87 virtual void ImportCertificates( |
| 77 const base::ListValue& certificates_onc) OVERRIDE; | 88 const base::ListValue& certificates_onc) OVERRIDE; |
| 78 | 89 |
| 79 virtual void ApplyNetworkPolicy( | 90 virtual void ApplyNetworkPolicy( |
| 80 base::ListValue* network_configs_onc, | 91 base::ListValue* network_configs_onc, |
| 81 base::DictionaryValue* global_network_config) OVERRIDE; | 92 base::DictionaryValue* global_network_config) OVERRIDE; |
| 82 | 93 |
| 83 void NotifyTrustAnchorsChanged(); | 94 void NotifyTrustAnchorsChanged(); |
| 84 | 95 |
| 85 // Whether Web trust is allowed or not. Only relevant for user policies. | 96 // Whether Web trust is allowed or not. Only relevant for user policies. |
| 86 bool allow_trusted_certificates_from_policy_; | 97 bool allow_trusted_certificates_from_policy_; |
| 87 | 98 |
| 88 // The user for whom the user policy will be applied. Is NULL if this Updater | 99 // The user for whom the user policy will be applied. Is NULL if this Updater |
| 89 // is used for device policy. | 100 // is used for device policy. |
| 90 const chromeos::User* user_; | 101 const chromeos::User* user_; |
| 91 | 102 |
| 92 ObserverList<WebTrustedCertsObserver, true> observer_list_; | 103 ObserverList<WebTrustedCertsObserver, true> observer_list_; |
| 93 | 104 |
| 94 // Contains the certificates of the last import that requested web trust. Must | 105 // Contains the certificates of the last import that requested web trust. Must |
| 95 // be empty if Web trust from policy is not allowed. | 106 // be empty if Web trust from policy is not allowed. |
| 96 net::CertificateList web_trust_certs_; | 107 net::CertificateList web_trust_certs_; |
| 97 | 108 |
| 109 // If |ImportCertificates| is called before |certificate_importer_|, gets set | |
|
pneubeck (no reviews)
2014/02/06 09:37:46
... is called before |SetCertificateImporter|...
tbarzic
2014/02/06 23:02:36
Done.
| |
| 110 // to a copy of the policy for which the import was requested. | |
| 111 // The policy will be processed when the certificate importer is set. | |
| 112 scoped_ptr<base::ListValue> pending_certificates_onc_; | |
| 113 | |
| 114 // Certificate importer to be used for importing policy defined certificates. | |
| 115 // Set by |SetCertificateImporter|. | |
| 116 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer_; | |
| 117 | |
| 98 DISALLOW_COPY_AND_ASSIGN(UserNetworkConfigurationUpdater); | 118 DISALLOW_COPY_AND_ASSIGN(UserNetworkConfigurationUpdater); |
| 99 }; | 119 }; |
| 100 | 120 |
| 101 } // namespace policy | 121 } // namespace policy |
| 102 | 122 |
| 103 #endif // CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_ | 123 #endif // CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_ |
| OLD | NEW |
