| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" | 5 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/memory/ref_counted.h" | |
| 9 #include "chrome/browser/browser_process.h" | 8 #include "chrome/browser/browser_process.h" |
| 10 #include "content/public/browser/browser_thread.h" | 9 #include "content/public/browser/browser_thread.h" |
| 11 #include "net/base/net_errors.h" | 10 #include "net/base/net_errors.h" |
| 12 #include "net/cert/cert_verify_proc.h" | 11 #include "net/cert/cert_verify_proc.h" |
| 13 #include "net/cert/multi_threaded_cert_verifier.h" | 12 #include "net/cert/multi_threaded_cert_verifier.h" |
| 14 | 13 |
| 15 namespace policy { | 14 namespace policy { |
| 16 | 15 |
| 17 namespace { | |
| 18 | |
| 19 void MaybeSignalAnchorUse(int error, | |
| 20 const base::Closure& anchor_used_callback, | |
| 21 const net::CertVerifyResult& verify_result) { | |
| 22 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); | |
| 23 if (error != net::OK || !verify_result.is_issued_by_additional_trust_anchor || | |
| 24 anchor_used_callback.is_null()) { | |
| 25 return; | |
| 26 } | |
| 27 anchor_used_callback.Run(); | |
| 28 } | |
| 29 | |
| 30 void CompleteAndSignalAnchorUse( | |
| 31 const base::Closure& anchor_used_callback, | |
| 32 const net::CompletionCallback& completion_callback, | |
| 33 const net::CertVerifyResult* verify_result, | |
| 34 int error) { | |
| 35 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); | |
| 36 MaybeSignalAnchorUse(error, anchor_used_callback, *verify_result); | |
| 37 if (!completion_callback.is_null()) | |
| 38 completion_callback.Run(error); | |
| 39 } | |
| 40 | |
| 41 } // namespace | |
| 42 | |
| 43 PolicyCertVerifier::PolicyCertVerifier( | 16 PolicyCertVerifier::PolicyCertVerifier( |
| 44 const base::Closure& anchor_used_callback) | 17 const base::Closure& anchor_used_callback) |
| 45 : anchor_used_callback_(anchor_used_callback) { | 18 : anchor_used_callback_(anchor_used_callback), |
| 19 weak_ptr_factory_(this), |
| 20 weak_ptr_(weak_ptr_factory_.GetWeakPtr()) { |
| 46 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 21 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 47 } | 22 } |
| 48 | 23 |
| 49 PolicyCertVerifier::~PolicyCertVerifier() { | 24 PolicyCertVerifier::~PolicyCertVerifier() { |
| 50 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); | 25 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
| 26 DCHECK(!weak_ptr_factory_.HasWeakPtrs()) |
| 27 << "UnsetTrustAnchorUsedCallback must be called before d'tor. " << this; |
| 51 } | 28 } |
| 52 | 29 |
| 53 void PolicyCertVerifier::InitializeOnIOThread() { | 30 void PolicyCertVerifier::InitializeOnIOThread() { |
| 54 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); | 31 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
| 55 scoped_refptr<net::CertVerifyProc> verify_proc = | 32 scoped_refptr<net::CertVerifyProc> verify_proc = |
| 56 net::CertVerifyProc::CreateDefault(); | 33 net::CertVerifyProc::CreateDefault(); |
| 57 if (!verify_proc->SupportsAdditionalTrustAnchors()) { | 34 if (!verify_proc->SupportsAdditionalTrustAnchors()) { |
| 58 LOG(WARNING) | 35 LOG(WARNING) |
| 59 << "Additional trust anchors not supported in the current platform!"; | 36 << "Additional trust anchors not supported on the current platform!"; |
| 60 } | 37 } |
| 61 net::MultiThreadedCertVerifier* verifier = | 38 net::MultiThreadedCertVerifier* verifier = |
| 62 new net::MultiThreadedCertVerifier(verify_proc.get()); | 39 new net::MultiThreadedCertVerifier(verify_proc.get()); |
| 63 verifier->SetCertTrustAnchorProvider(this); | 40 verifier->SetCertTrustAnchorProvider(this); |
| 64 delegate_.reset(verifier); | 41 delegate_.reset(verifier); |
| 65 } | 42 } |
| 66 | 43 |
| 44 void PolicyCertVerifier::UnsetTrustAnchorUsedCallback() { |
| 45 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 46 anchor_used_callback_.Reset(); |
| 47 weak_ptr_factory_.InvalidateWeakPtrs(); |
| 48 } |
| 49 |
| 67 void PolicyCertVerifier::SetTrustAnchors( | 50 void PolicyCertVerifier::SetTrustAnchors( |
| 68 const net::CertificateList& trust_anchors) { | 51 const net::CertificateList& trust_anchors) { |
| 69 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); | 52 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
| 70 trust_anchors_ = trust_anchors; | 53 trust_anchors_ = trust_anchors; |
| 71 } | 54 } |
| 72 | 55 |
| 73 int PolicyCertVerifier::Verify( | 56 int PolicyCertVerifier::Verify( |
| 74 net::X509Certificate* cert, | 57 net::X509Certificate* cert, |
| 75 const std::string& hostname, | 58 const std::string& hostname, |
| 76 int flags, | 59 int flags, |
| 77 net::CRLSet* crl_set, | 60 net::CRLSet* crl_set, |
| 78 net::CertVerifyResult* verify_result, | 61 net::CertVerifyResult* verify_result, |
| 79 const net::CompletionCallback& completion_callback, | 62 const net::CompletionCallback& completion_callback, |
| 80 RequestHandle* out_req, | 63 RequestHandle* out_req, |
| 81 const net::BoundNetLog& net_log) { | 64 const net::BoundNetLog& net_log) { |
| 82 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); | 65 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
| 83 DCHECK(delegate_); | 66 DCHECK(delegate_); |
| 84 net::CompletionCallback wrapped_callback = | 67 net::CompletionCallback wrapped_callback = |
| 85 base::Bind(&CompleteAndSignalAnchorUse, | 68 base::Bind(&PolicyCertVerifier::CompleteAndSignalAnchorUse, |
| 86 anchor_used_callback_, | |
| 87 completion_callback, | 69 completion_callback, |
| 88 verify_result); | 70 verify_result, |
| 71 weak_ptr_); |
| 89 int error = delegate_->Verify(cert, hostname, flags, crl_set, verify_result, | 72 int error = delegate_->Verify(cert, hostname, flags, crl_set, verify_result, |
| 90 wrapped_callback, out_req, net_log); | 73 wrapped_callback, out_req, net_log); |
| 91 MaybeSignalAnchorUse(error, anchor_used_callback_, *verify_result); | 74 MaybeSignalAnchorUse(error, *verify_result, weak_ptr_); |
| 92 return error; | 75 return error; |
| 93 } | 76 } |
| 94 | 77 |
| 95 void PolicyCertVerifier::CancelRequest(RequestHandle req) { | 78 void PolicyCertVerifier::CancelRequest(RequestHandle req) { |
| 96 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); | 79 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
| 97 delegate_->CancelRequest(req); | 80 delegate_->CancelRequest(req); |
| 98 } | 81 } |
| 99 | 82 |
| 100 const net::CertificateList& PolicyCertVerifier::GetAdditionalTrustAnchors() { | 83 const net::CertificateList& PolicyCertVerifier::GetAdditionalTrustAnchors() { |
| 101 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); | 84 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
| 102 return trust_anchors_; | 85 return trust_anchors_; |
| 103 } | 86 } |
| 104 | 87 |
| 88 void PolicyCertVerifier::NotifyOnUI() { |
| 89 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 90 if (!anchor_used_callback_.is_null()) |
| 91 anchor_used_callback_.Run(); |
| 92 } |
| 93 |
| 94 // static |
| 95 void PolicyCertVerifier::MaybeSignalAnchorUse( |
| 96 int error, |
| 97 const net::CertVerifyResult& verify_result, |
| 98 const base::WeakPtr<PolicyCertVerifier>& weak_ptr) { |
| 99 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
| 100 if (error != net::OK || !verify_result.is_issued_by_additional_trust_anchor) |
| 101 return; |
| 102 |
| 103 content::BrowserThread::PostTask( |
| 104 content::BrowserThread::UI, |
| 105 FROM_HERE, |
| 106 base::Bind(&PolicyCertVerifier::NotifyOnUI, weak_ptr)); |
| 107 } |
| 108 |
| 109 // static |
| 110 void PolicyCertVerifier::CompleteAndSignalAnchorUse( |
| 111 const net::CompletionCallback& completion_callback, |
| 112 const net::CertVerifyResult* verify_result, |
| 113 const base::WeakPtr<PolicyCertVerifier>& weak_ptr, |
| 114 int error) { |
| 115 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
| 116 MaybeSignalAnchorUse(error, *verify_result, weak_ptr); |
| 117 if (!completion_callback.is_null()) |
| 118 completion_callback.Run(error); |
| 119 } |
| 120 |
| 105 } // namespace policy | 121 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 24153012:
Fix cyclic dependency between ProfilePolicyConnector and PrefService. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src