Restart the host when the third party auth certificate changes

remoting/host/linux/certificate_watcher.h

Index: remoting/host/linux/certificate_watcher.h
diff --git a/remoting/host/linux/certificate_watcher.h b/remoting/host/linux/certificate_watcher.h
new file mode 100644
index 0000000000000000000000000000000000000000..09ab02ff964f3a94ef98139e0fcc0d7b4b484b4a
--- /dev/null
+++ b/remoting/host/linux/certificate_watcher.h
@@ -0,0 +1,89 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef REMOTING_HOST_LINUX_CERTIFICATE_WATCHER_H_
+#define REMOTING_HOST_LINUX_CERTIFICATE_WATCHER_H_
+
+#include "base/files/file_path.h"
+#include "base/files/file_path_watcher.h"
+#include "base/macros.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/memory/weak_ptr.h"
+#include "base/timer/timer.h"
+#include "remoting/base/auto_thread_task_runner.h"
+#include "remoting/host/host_status_monitor.h"
+#include "remoting/host/host_status_observer.h"
+
+namespace remoting {
+
+// This class watches the NSS database and kills the host when a change of the

[Sergey Ulanov, 2016/03/31 22:36:16]

s/NSS database/certificate database/

[Yuwei, 2016/04/01 23:41:03]

Done.

+// database is detected. The runner script will restart the host when the host
+// is killed then the new host will capture any new changes of the database.
+//
+// Acceptable false positives will be caused by desktop sessions and other
+// external programs.
+//
+// Implements HostStatusObserver to defer restart action when the host is
+// connected to a client.
+class CertificateWatcher : public remoting::HostStatusObserver {
+ public:
+  CertificateWatcher(base::WeakPtr<HostStatusMonitor> monitor,
+                     const base::Closure& restart_action);
+
+  ~CertificateWatcher() override;
+
+  // Starts at current thread.
+  void Start();
+
+  // HostStatusObserver interface.
+

[Sergey Ulanov, 2016/03/31 22:36:16]

removw this empty line.

[Yuwei, 2016/04/01 23:41:03]

Done.

+  void OnClientConnected(const std::string& jid) override;
+  void OnClientDisconnected(const std::string& jid) override;
+
+  // Changes the |inhibit_restart_scheduled_| flag
+  void SetInhibit(bool inhibit);
+
+  // Used for tests. No change will be made if the watcher has already started

[Sergey Ulanov, 2016/03/31 22:36:15]

use ForTests suffix for test-only methods please. Also add DCHECK() to enforce
that these methods are called only in proper state.

[Yuwei, 2016/04/01 23:41:03]

Done.

+  void SetDelay(const base::TimeDelta& delay);
+  void SetWatchPath(const base::FilePath& watch_path);
+  void SetRestartDeferredAction(const base::Closure& restart_action);
+
+ private:
+  // Callback passed to |file_watcher_|.
+  void OnCertDirectoryChanged(const base::FilePath& path, bool error);
+
+  // Called by |restart_timer_| when it's time to reset the host.
+  // It will defer restart if |inhibit_restart_scheduled_| flag is set to true.
+  void OnTimer();
+
+  bool inhibit_mode_ = false;

[Sergey Ulanov, 2016/03/31 22:36:15]

move this below. Normally the values passed to the constructor should proceed
everything else.

[Yuwei, 2016/04/01 23:41:03]

Done.

+
+  // Reference to the monitor
+  base::WeakPtr<HostStatusMonitor> monitor_;
+
+  // Path of the NSS files/directories.
+  base::FilePath nss_watch_path_;
+
+  // The file watcher to watch changes inside the certificate folder.
+  scoped_ptr<base::FilePathWatcher> file_watcher_;
+
+  // The time to wait to restart when it is scheduled.
+  base::TimeDelta delay_;
+
+  // Timer to delay the restart action.
+  scoped_ptr<base::DelayTimer> restart_timer_;
+
+  // Called when a restart is scheduled.
+  base::Closure restart_action_;

[Sergey Ulanov, 2016/03/31 22:36:16]

move this after monitor_.

[Yuwei, 2016/04/01 23:41:03]

Done.

+
+  // Called when the certificate is updated during inhibit mode.
+  // This is just for notification and it shouldn't restart the host.
+  base::Closure restart_deferred_action_;
+
+  DISALLOW_COPY_AND_ASSIGN(CertificateWatcher);
+};
+
+}  // namespace remoting
+
+#endif  // REMOTING_HOST_LINUX_CERTIFICATE_WATCHER_H_