| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROMEOS_CERT_LOADER_H_ | 5 #ifndef CHROMEOS_CERT_LOADER_H_ |
| 6 #define CHROMEOS_CERT_LOADER_H_ | 6 #define CHROMEOS_CERT_LOADER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 17 matching lines...) Expand all Loading... |
| 28 // This class is responsible for loading certificates once the TPM is | 28 // This class is responsible for loading certificates once the TPM is |
| 29 // initialized. It is expected to be constructed on the UI thread and public | 29 // initialized. It is expected to be constructed on the UI thread and public |
| 30 // methods should all be called from the UI thread. | 30 // methods should all be called from the UI thread. |
| 31 // When certificates have been loaded (after login completes and tpm token is | 31 // When certificates have been loaded (after login completes and tpm token is |
| 32 // initialized), or the cert database changes, observers are called with | 32 // initialized), or the cert database changes, observers are called with |
| 33 // OnCertificatesLoaded(). | 33 // OnCertificatesLoaded(). |
| 34 class CHROMEOS_EXPORT CertLoader : public net::CertDatabase::Observer { | 34 class CHROMEOS_EXPORT CertLoader : public net::CertDatabase::Observer { |
| 35 public: | 35 public: |
| 36 class Observer { | 36 class Observer { |
| 37 public: | 37 public: |
| 38 // Called when the certificates, passed for convenience as |cert_list|, | 38 // Called when the certificates, passed for convenience as |all_certs|, |
| 39 // have completed loading. |initial_load| is true the first time this | 39 // have completed loading. |initial_load| is true the first time this |
| 40 // is called. | 40 // is called. |
| 41 virtual void OnCertificatesLoaded(const net::CertificateList& cert_list, | 41 virtual void OnCertificatesLoaded(const net::CertificateList& all_certs, |
| 42 bool initial_load) = 0; | 42 bool initial_load) = 0; |
| 43 | 43 |
| 44 protected: | 44 protected: |
| 45 virtual ~Observer() {} | 45 virtual ~Observer() {} |
| 46 }; | 46 }; |
| 47 | 47 |
| 48 // Sets the global instance. Must be called before any calls to Get(). | 48 // Sets the global instance. Must be called before any calls to Get(). |
| 49 static void Initialize(); | 49 static void Initialize(); |
| 50 | 50 |
| 51 // Destroys the global instance. | 51 // Destroys the global instance. |
| (...skipping 24 matching lines...) Expand all Loading... |
| 76 | 76 |
| 77 // Returns true if |cert| is hardware backed. See also | 77 // Returns true if |cert| is hardware backed. See also |
| 78 // ForceHardwareBackedForTesting(). | 78 // ForceHardwareBackedForTesting(). |
| 79 static bool IsCertificateHardwareBacked(const net::X509Certificate* cert); | 79 static bool IsCertificateHardwareBacked(const net::X509Certificate* cert); |
| 80 | 80 |
| 81 // Returns true when the certificate list has been requested but not loaded. | 81 // Returns true when the certificate list has been requested but not loaded. |
| 82 bool CertificatesLoading() const; | 82 bool CertificatesLoading() const; |
| 83 | 83 |
| 84 bool certificates_loaded() const { return certificates_loaded_; } | 84 bool certificates_loaded() const { return certificates_loaded_; } |
| 85 | 85 |
| 86 // This will be empty until certificates_loaded() is true. | 86 // Returns all certificates. This will be empty until certificates_loaded() is |
| 87 const net::CertificateList& cert_list() const { return *cert_list_; } | 87 // true. |
| 88 const net::CertificateList& all_certs() const { |
| 89 DCHECK(thread_checker_.CalledOnValidThread()); |
| 90 return *all_certs_; |
| 91 } |
| 92 |
| 93 // Returns certificates from the system token. This will be empty until |
| 94 // certificates_loaded() is true. |
| 95 const net::CertificateList& system_certs() const { |
| 96 DCHECK(thread_checker_.CalledOnValidThread()); |
| 97 return *system_certs_; |
| 98 } |
| 88 | 99 |
| 89 // Called in tests if |IsCertificateHardwareBacked()| should always return | 100 // Called in tests if |IsCertificateHardwareBacked()| should always return |
| 90 // true. | 101 // true. |
| 91 static void ForceHardwareBackedForTesting(); | 102 static void ForceHardwareBackedForTesting(); |
| 92 | 103 |
| 93 private: | 104 private: |
| 94 CertLoader(); | 105 CertLoader(); |
| 95 ~CertLoader() override; | 106 ~CertLoader() override; |
| 96 | 107 |
| 97 // Trigger a certificate load. If a certificate loading task is already in | 108 // Trigger a certificate load. If a certificate loading task is already in |
| 98 // progress, will start a reload once the current task is finished. | 109 // progress, will start a reload once the current task is finished. |
| 99 void LoadCertificates(); | 110 void LoadCertificates(); |
| 100 | 111 |
| 112 // Called when the underlying NSS database finished loading certificates. |
| 113 void CertificatesLoaded(std::unique_ptr<net::CertificateList> all_certs); |
| 114 |
| 101 // Called if a certificate load task is finished. | 115 // Called if a certificate load task is finished. |
| 102 void UpdateCertificates(std::unique_ptr<net::CertificateList> cert_list); | 116 void UpdateCertificates(std::unique_ptr<net::CertificateList> all_certs, |
| 117 std::unique_ptr<net::CertificateList> system_certs); |
| 103 | 118 |
| 104 void NotifyCertificatesLoaded(bool initial_load); | 119 void NotifyCertificatesLoaded(bool initial_load); |
| 105 | 120 |
| 106 // net::CertDatabase::Observer | 121 // net::CertDatabase::Observer |
| 107 void OnCertDBChanged() override; | 122 void OnCertDBChanged() override; |
| 108 | 123 |
| 109 base::ObserverList<Observer> observers_; | 124 base::ObserverList<Observer> observers_; |
| 110 | 125 |
| 111 // Flags describing current CertLoader state. | 126 // Flags describing current CertLoader state. |
| 112 bool certificates_loaded_; | 127 bool certificates_loaded_; |
| 113 bool certificates_update_required_; | 128 bool certificates_update_required_; |
| 114 bool certificates_update_running_; | 129 bool certificates_update_running_; |
| 115 | 130 |
| 116 // The user-specific NSS certificate database from which the certificates | 131 // The user-specific NSS certificate database from which the certificates |
| 117 // should be loaded. | 132 // should be loaded. |
| 118 net::NSSCertDatabase* database_; | 133 net::NSSCertDatabase* database_; |
| 119 | 134 |
| 120 // Cached Certificates loaded from the database. | 135 // Cached certificates loaded from the database. |
| 121 std::unique_ptr<net::CertificateList> cert_list_; | 136 std::unique_ptr<net::CertificateList> all_certs_; |
| 137 |
| 138 // Cached certificates from system token. Currently this is a sublist of |
| 139 // |all_certs_|. |
| 140 std::unique_ptr<net::CertificateList> system_certs_; |
| 122 | 141 |
| 123 base::ThreadChecker thread_checker_; | 142 base::ThreadChecker thread_checker_; |
| 124 | 143 |
| 125 base::WeakPtrFactory<CertLoader> weak_factory_; | 144 base::WeakPtrFactory<CertLoader> weak_factory_; |
| 126 | 145 |
| 127 DISALLOW_COPY_AND_ASSIGN(CertLoader); | 146 DISALLOW_COPY_AND_ASSIGN(CertLoader); |
| 128 }; | 147 }; |
| 129 | 148 |
| 130 } // namespace chromeos | 149 } // namespace chromeos |
| 131 | 150 |
| 132 #endif // CHROMEOS_CERT_LOADER_H_ | 151 #endif // CHROMEOS_CERT_LOADER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2828713002:
Enable client certificate patterns in device ONC policy (Closed)
