Chromium Code Reviews Chromium Code Reviews
Issue 2828713002:
Enable client certificate patterns in device ONC policy (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROMEOS_CERT_LOADER_H_ | 5 #ifndef CHROMEOS_CERT_LOADER_H_ |
| 6 #define CHROMEOS_CERT_LOADER_H_ | 6 #define CHROMEOS_CERT_LOADER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 28 // This class is responsible for loading certificates once the TPM is | 28 // This class is responsible for loading certificates once the TPM is |
| 29 // initialized. It is expected to be constructed on the UI thread and public | 29 // initialized. It is expected to be constructed on the UI thread and public |
| 30 // methods should all be called from the UI thread. | 30 // methods should all be called from the UI thread. |
| 31 // When certificates have been loaded (after login completes and tpm token is | 31 // When certificates have been loaded (after login completes and tpm token is |
| 32 // initialized), or the cert database changes, observers are called with | 32 // initialized), or the cert database changes, observers are called with |
| 33 // OnCertificatesLoaded(). | 33 // OnCertificatesLoaded(). |
| 34 class CHROMEOS_EXPORT CertLoader : public net::CertDatabase::Observer { | 34 class CHROMEOS_EXPORT CertLoader : public net::CertDatabase::Observer { |
| 35 public: | 35 public: |
| 36 class Observer { | 36 class Observer { |
| 37 public: | 37 public: |
| 38 // Called when the certificates, passed for convenience as |cert_list|, | 38 // Called when the certificates, passed for convenience as |all_certs|, |
| 39 // have completed loading. |initial_load| is true the first time this | 39 // have completed loading. |initial_load| is true the first time this |
| 40 // is called. | 40 // is called. |
| 41 virtual void OnCertificatesLoaded(const net::CertificateList& cert_list, | 41 virtual void OnCertificatesLoaded(const net::CertificateList& all_certs, |
| 42 bool initial_load) = 0; | 42 bool initial_load) = 0; |
| 43 | 43 |
| 44 protected: | 44 protected: |
| 45 virtual ~Observer() {} | 45 virtual ~Observer() {} |
| 46 }; | 46 }; |
| 47 | 47 |
| 48 // Sets the global instance. Must be called before any calls to Get(). | 48 // Sets the global instance. Must be called before any calls to Get(). |
| 49 static void Initialize(); | 49 static void Initialize(); |
| 50 | 50 |
| 51 // Destroys the global instance. | 51 // Destroys the global instance. |
| (...skipping 24 matching lines...) Expand all Loading... | |
| 76 | 76 |
| 77 // Returns true if |cert| is hardware backed. See also | 77 // Returns true if |cert| is hardware backed. See also |
| 78 // ForceHardwareBackedForTesting(). | 78 // ForceHardwareBackedForTesting(). |
| 79 static bool IsCertificateHardwareBacked(const net::X509Certificate* cert); | 79 static bool IsCertificateHardwareBacked(const net::X509Certificate* cert); |
| 80 | 80 |
| 81 // Returns true when the certificate list has been requested but not loaded. | 81 // Returns true when the certificate list has been requested but not loaded. |
| 82 bool CertificatesLoading() const; | 82 bool CertificatesLoading() const; |
| 83 | 83 |
| 84 bool certificates_loaded() const { return certificates_loaded_; } | 84 bool certificates_loaded() const { return certificates_loaded_; } |
| 85 | 85 |
| 86 // This will be empty until certificates_loaded() is true. | 86 // Returns all certificates. This will be empty until certificates_loaded() is |
| 87 const net::CertificateList& cert_list() const { return *cert_list_; } | 87 // true. |
| 88 const net::CertificateList& all_certs() const { return *all_certs_; } | |
|
fdoray
2017/04/26 13:11:36
DCHECK(thread_checker_.CalledOnValidThread());
pmarko
2017/04/27 08:51:56
Done.
| |
| 89 | |
| 90 // Returns certificates from the system token. This will be empty until | |
| 91 // certificates_loaded() is true. | |
| 92 const net::CertificateList& system_certs() const { return *system_certs_; } | |
|
fdoray
2017/04/26 13:11:36
DCHECK(thread_checker_.CalledOnValidThread());
pmarko
2017/04/27 08:51:56
Done.
| |
| 88 | 93 |
| 89 // Called in tests if |IsCertificateHardwareBacked()| should always return | 94 // Called in tests if |IsCertificateHardwareBacked()| should always return |
| 90 // true. | 95 // true. |
| 91 static void ForceHardwareBackedForTesting(); | 96 static void ForceHardwareBackedForTesting(); |
| 92 | 97 |
| 93 private: | 98 private: |
| 94 CertLoader(); | 99 CertLoader(); |
| 95 ~CertLoader() override; | 100 ~CertLoader() override; |
| 96 | 101 |
| 97 // Trigger a certificate load. If a certificate loading task is already in | 102 // Trigger a certificate load. If a certificate loading task is already in |
| 98 // progress, will start a reload once the current task is finished. | 103 // progress, will start a reload once the current task is finished. |
| 99 void LoadCertificates(); | 104 void LoadCertificates(); |
| 100 | 105 |
| 106 // Called when the underlying NSS database finished loading certificates. | |
| 107 void CertificatesLoaded(std::unique_ptr<net::CertificateList> all_certs); | |
| 108 | |
| 101 // Called if a certificate load task is finished. | 109 // Called if a certificate load task is finished. |
| 102 void UpdateCertificates(std::unique_ptr<net::CertificateList> cert_list); | 110 void UpdateCertificates(std::unique_ptr<net::CertificateList> all_certs, |
| 111 std::unique_ptr<net::CertificateList> system_certs); | |
| 103 | 112 |
| 104 void NotifyCertificatesLoaded(bool initial_load); | 113 void NotifyCertificatesLoaded(bool initial_load); |
| 105 | 114 |
| 106 // net::CertDatabase::Observer | 115 // net::CertDatabase::Observer |
| 107 void OnCertDBChanged() override; | 116 void OnCertDBChanged() override; |
| 108 | 117 |
| 109 base::ObserverList<Observer> observers_; | 118 base::ObserverList<Observer> observers_; |
| 110 | 119 |
| 111 // Flags describing current CertLoader state. | 120 // Flags describing current CertLoader state. |
| 112 bool certificates_loaded_; | 121 bool certificates_loaded_; |
| 113 bool certificates_update_required_; | 122 bool certificates_update_required_; |
| 114 bool certificates_update_running_; | 123 bool certificates_update_running_; |
| 115 | 124 |
| 116 // The user-specific NSS certificate database from which the certificates | 125 // The user-specific NSS certificate database from which the certificates |
| 117 // should be loaded. | 126 // should be loaded. |
| 118 net::NSSCertDatabase* database_; | 127 net::NSSCertDatabase* database_; |
| 119 | 128 |
| 120 // Cached Certificates loaded from the database. | 129 // Cached certificates loaded from the database. |
| 121 std::unique_ptr<net::CertificateList> cert_list_; | 130 std::unique_ptr<net::CertificateList> all_certs_; |
| 131 | |
| 132 // Cached certificates from system token. Currently this is a sublist of | |
| 133 // |all_certs_|. | |
| 134 std::unique_ptr<net::CertificateList> system_certs_; | |
| 122 | 135 |
| 123 base::ThreadChecker thread_checker_; | 136 base::ThreadChecker thread_checker_; |
| 124 | 137 |
| 125 base::WeakPtrFactory<CertLoader> weak_factory_; | 138 base::WeakPtrFactory<CertLoader> weak_factory_; |
| 126 | 139 |
| 127 DISALLOW_COPY_AND_ASSIGN(CertLoader); | 140 DISALLOW_COPY_AND_ASSIGN(CertLoader); |
| 128 }; | 141 }; |
| 129 | 142 |
| 130 } // namespace chromeos | 143 } // namespace chromeos |
| 131 | 144 |
| 132 #endif // CHROMEOS_CERT_LOADER_H_ | 145 #endif // CHROMEOS_CERT_LOADER_H_ |
| OLD | NEW |
