| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef COMPONENTS_CERTIFICATE_TRANSPARENCY_CT_POLICY_MANAGER_H_ |
| 6 #define COMPONENTS_CERTIFICATE_TRANSPARENCY_CT_POLICY_MANAGER_H_ |
| 7 |
| 8 #include <memory> |
| 9 |
| 10 #include "base/macros.h" |
| 11 #include "base/memory/ref_counted.h" |
| 12 #include "base/memory/weak_ptr.h" |
| 13 #include "components/prefs/pref_change_registrar.h" |
| 14 #include "net/http/transport_security_state.h" |
| 15 |
| 16 namespace base { |
| 17 class SequencedTaskRunner; |
| 18 } // base |
| 19 |
| 20 class PrefRegistrySimple; |
| 21 |
| 22 namespace certificate_transparency { |
| 23 |
| 24 // CTPolicyManager serves as the bridge between the Certificate Transparency |
| 25 // preferences (see pref_names.h) and the actual implementation, by exposing |
| 26 // a TransportSecurityState::RequireCTDelegate that can be used to query for |
| 27 // CT-related policies. |
| 28 class CTPolicyManager { |
| 29 public: |
| 30 // Registers the preferences related to Certificate Transparency policy |
| 31 // in the given pref registry. |
| 32 static void RegisterPrefs(PrefRegistrySimple* registry); |
| 33 |
| 34 // Creates a CTPolicyManager that will monitor the preferences on |
| 35 // |pref_service| and make them available to a RequireCTDelegate that |
| 36 // can be used on |network_task_runner|. |
| 37 // |
| 38 // The CTPolicyManager should be constructed on the same task runner |
| 39 // associated with the |pref_service|, but can be destructed on any |
| 40 // task runner, provided that Shutdown() has been called. |
| 41 CTPolicyManager(PrefService* pref_service, |
| 42 scoped_refptr<base::SequencedTaskRunner> network_task_runner); |
| 43 ~CTPolicyManager(); |
| 44 |
| 45 // Unregisters the CTPolicyManager from the preference subsystem. This |
| 46 // should be called on the same task runner that the pref service |
| 47 // it was constructed with lives on. |
| 48 void Shutdown(); |
| 49 |
| 50 // Returns a RequireCTDelegate() that responds based on the policies set |
| 51 // via preferences. |
| 52 // |
| 53 // The order of priority of the preferences is that: |
| 54 // - Specific hosts are preferred over those that match subdomains. |
| 55 // - The most specific host is preferred. |
| 56 // - Requiring CT is preferred over excluding CT |
| 57 // |
| 58 // This object MUST only be used on the network task runner supplied during |
| 59 // construction, MAY be used after Shutdown() is called (at which point, |
| 60 // it will reflect the last status before Shutdown() was called), and |
| 61 // MUST NOT be used after this object has been deleted. |
| 62 net::TransportSecurityState::RequireCTDelegate* GetDelegate(); |
| 63 |
| 64 private: |
| 65 class CTDelegate; |
| 66 |
| 67 // Schedules an update of the CTPolicyDelegate. As it's possible that |
| 68 // multiple preferences may be updated at the same time, this exists to |
| 69 // schedule only a single update. |
| 70 void ScheduleUpdate(); |
| 71 |
| 72 // Performs the actual update of the CTPolicyDelegate once preference |
| 73 // changes have quiesced. |
| 74 void Update(); |
| 75 |
| 76 PrefChangeRegistrar pref_change_registrar_; |
| 77 std::unique_ptr<CTDelegate> delegate_; |
| 78 |
| 79 base::WeakPtrFactory<CTPolicyManager> weak_factory_; |
| 80 |
| 81 DISALLOW_COPY_AND_ASSIGN(CTPolicyManager); |
| 82 }; |
| 83 |
| 84 } // namespace certificate_transparency |
| 85 |
| 86 #endif // COMPONENTS_CERTIFICATE_TRANSPARENCY_CT_POLICY_MANAGER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2102783003:
Add enterprise policy to exempt hosts from Certificate Transparency (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@enterprise_ct