Automatically resolve ClientCertificatePatterns.

chromeos/network/client_cert_resolver.h

Index: chromeos/network/client_cert_resolver.h
diff --git a/chromeos/network/client_cert_resolver.h b/chromeos/network/client_cert_resolver.h
new file mode 100644
index 0000000000000000000000000000000000000000..a47ceec8e32147fe3b2f614b09ff253e65224e46
--- /dev/null
+++ b/chromeos/network/client_cert_resolver.h
@@ -0,0 +1,83 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_
+#define CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_
+
+#include <string>
+#include <vector>
+
+#include "base/basictypes.h"
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/memory/weak_ptr.h"
+#include "chromeos/cert_loader.h"
+#include "chromeos/chromeos_export.h"
+#include "chromeos/network/network_policy_observer.h"
+#include "chromeos/network/network_state_handler_observer.h"
+
+namespace base {
+class TaskRunner;
+}
+
+namespace chromeos {
+
+class NetworkState;
+class NetworkStateHandler;
+class ManagedNetworkConfigurationHandler;
+
+// Resolve client certificate patterns.
+class CHROMEOS_EXPORT ClientCertResolver : public NetworkStateHandlerObserver,
+                                           public CertLoader::Observer,
+                                           public NetworkPolicyObserver {
+ public:
+  struct NetworkAndMatchingCert;

[stevenjb, 2013/08/07 19:04:51]

Should be private?

[pneubeck (no reviews), 2013/08/08 12:41:03]

it's public so that FindCertificateMatches (in the unnamed namespace of the .cc)
can create matches.

not ideal, I know, but the c'tor/d'tor are still not public. So no harm done.

[stevenjb, 2013/08/08 16:35:11]

Yeah, it's a bit confusing. Maybe add a comment. Otherwise maybe
FindCertificateMatches would be better off as a member of NetworkAndMatchingCert
which could then be private? Just a thought.

+
+  ClientCertResolver();
+  virtual ~ClientCertResolver();

[stevenjb, 2013/08/07 19:04:51]

WS

[pneubeck (no reviews), 2013/08/08 12:41:03]

Done.

+  void Init(NetworkStateHandler* network_state_handler,
+            ManagedNetworkConfigurationHandler* managed_network_config_handler);
+
+  // Sets the task runner that any slow calls will be made from, e.g. calls
+  // to the NSS database. If not set, uses base::WorkerPool.
+  void SetSlowTaskRunnerForTest(
+      const scoped_refptr<base::TaskRunner>& task_runner);
+
+ private:
+  typedef std::vector<const NetworkState*> NetworkStateList;
+
+   // NetworkStateHandlerObserver overrides
+  virtual void NetworkListChanged() OVERRIDE;
+
+  // CertLoader::Observer overrides
+  virtual void OnCertificatesLoaded(const net::CertificateList& cert_list,
+                                    bool initial_load) OVERRIDE;
+
+  // NetworkPolicyObserver overrides
+  virtual void PolicyApplied(const std::string& service_path) OVERRIDE;
+
+  void ResolveNetworks(const NetworkStateList& networks);
+  void ConfigureCertificates(std::vector<NetworkAndMatchingCert>* matches);
+
+  // The set of networks that were checked/resolved in previous passes. These
+  // networks are skipped in the NetworkListChanged notification.
+  std::set<std::string> resolved_networks_;
+
+  // Unowned associated (global or test) instance.
+  NetworkStateHandler* network_state_handler_;
+
+  // Unowned associated (global or test) instance.
+  ManagedNetworkConfigurationHandler* managed_network_config_handler_;
+
+  // TaskRunner for slow tasks.
+  scoped_refptr<base::TaskRunner> slow_task_runner_for_test_;
+
+  base::WeakPtrFactory<ClientCertResolver> weak_ptr_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(ClientCertResolver);
+};
+
+}  // namespace chromeos
+
+#endif  // CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_