Chromium Code Reviews Chromium Code Reviews
Issue 2828713002:
Enable client certificate patterns in device ONC policy (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROMEOS_CERT_LOADER_H_ | 5 #ifndef CHROMEOS_CERT_LOADER_H_ |
| 6 #define CHROMEOS_CERT_LOADER_H_ | 6 #define CHROMEOS_CERT_LOADER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 76 | 76 |
| 77 // Returns true if |cert| is hardware backed. See also | 77 // Returns true if |cert| is hardware backed. See also |
| 78 // ForceHardwareBackedForTesting(). | 78 // ForceHardwareBackedForTesting(). |
| 79 static bool IsCertificateHardwareBacked(const net::X509Certificate* cert); | 79 static bool IsCertificateHardwareBacked(const net::X509Certificate* cert); |
| 80 | 80 |
| 81 // Returns true when the certificate list has been requested but not loaded. | 81 // Returns true when the certificate list has been requested but not loaded. |
| 82 bool CertificatesLoading() const; | 82 bool CertificatesLoading() const; |
| 83 | 83 |
| 84 bool certificates_loaded() const { return certificates_loaded_; } | 84 bool certificates_loaded() const { return certificates_loaded_; } |
| 85 | 85 |
| 86 // This will be empty until certificates_loaded() is true. | 86 // Returns certificates from the system token. This will be empty until |
|
emaxx
2017/04/20 20:10:39
nit: Maybe move this method to be after cert_list,
pmarko
2017/04/24 14:49:55
Done.
| |
| 87 // certificates_loaded() is true. | |
| 88 const net::CertificateList& system_cert_list() const { | |
| 89 return system_cert_list_; | |
| 90 } | |
| 91 | |
| 92 // Returns all certificates. This will be empty until certificates_loaded() is | |
| 93 // true. | |
| 87 const net::CertificateList& cert_list() const { return *cert_list_; } | 94 const net::CertificateList& cert_list() const { return *cert_list_; } |
| 88 | 95 |
| 89 // Called in tests if |IsCertificateHardwareBacked()| should always return | 96 // Called in tests if |IsCertificateHardwareBacked()| should always return |
| 90 // true. | 97 // true. |
| 91 static void ForceHardwareBackedForTesting(); | 98 static void ForceHardwareBackedForTesting(); |
| 92 | 99 |
| 93 private: | 100 private: |
| 94 CertLoader(); | 101 CertLoader(); |
| 95 ~CertLoader() override; | 102 ~CertLoader() override; |
| 96 | 103 |
| 97 // Trigger a certificate load. If a certificate loading task is already in | 104 // Trigger a certificate load. If a certificate loading task is already in |
| 98 // progress, will start a reload once the current task is finished. | 105 // progress, will start a reload once the current task is finished. |
| 99 void LoadCertificates(); | 106 void LoadCertificates(); |
| 100 | 107 |
| 101 // Called if a certificate load task is finished. | 108 // Called if a certificate load task is finished. |
| 102 void UpdateCertificates(std::unique_ptr<net::CertificateList> cert_list); | 109 void UpdateCertificates(std::unique_ptr<net::CertificateList> cert_list); |
| 103 | 110 |
| 104 void NotifyCertificatesLoaded(bool initial_load); | 111 void NotifyCertificatesLoaded(bool initial_load); |
| 105 | 112 |
| 106 // net::CertDatabase::Observer | 113 // net::CertDatabase::Observer |
| 107 void OnCertDBChanged() override; | 114 void OnCertDBChanged() override; |
| 108 | 115 |
| 116 // Retruns true if |cert| is in the system token. | |
|
emaxx
2017/04/20 20:10:39
nit: Typo in "Returns".
pmarko
2017/04/24 14:49:55
Done.
| |
| 117 bool IsCertificateInSystemToken(const net::X509Certificate* cert); | |
| 118 | |
| 109 base::ObserverList<Observer> observers_; | 119 base::ObserverList<Observer> observers_; |
| 110 | 120 |
| 111 // Flags describing current CertLoader state. | 121 // Flags describing current CertLoader state. |
| 112 bool certificates_loaded_; | 122 bool certificates_loaded_; |
| 113 bool certificates_update_required_; | 123 bool certificates_update_required_; |
| 114 bool certificates_update_running_; | 124 bool certificates_update_running_; |
| 115 | 125 |
| 116 // The user-specific NSS certificate database from which the certificates | 126 // The user-specific NSS certificate database from which the certificates |
| 117 // should be loaded. | 127 // should be loaded. |
| 118 net::NSSCertDatabase* database_; | 128 net::NSSCertDatabase* database_; |
| 119 | 129 |
| 120 // Cached Certificates loaded from the database. | 130 // Cached Certificates loaded from the database. |
| 121 std::unique_ptr<net::CertificateList> cert_list_; | 131 std::unique_ptr<net::CertificateList> cert_list_; |
| 122 | 132 |
| 133 // Cached Certifictes from system token. Currently this is a sublist of | |
| 134 // cert_list_. | |
|
emaxx
2017/04/20 20:10:39
nit: s/cert_list_/|cert_list_|/
pmarko
2017/04/24 14:49:55
Done.
| |
| 135 net::CertificateList system_cert_list_; | |
| 136 | |
| 123 base::ThreadChecker thread_checker_; | 137 base::ThreadChecker thread_checker_; |
| 124 | 138 |
| 125 base::WeakPtrFactory<CertLoader> weak_factory_; | 139 base::WeakPtrFactory<CertLoader> weak_factory_; |
| 126 | 140 |
| 127 DISALLOW_COPY_AND_ASSIGN(CertLoader); | 141 DISALLOW_COPY_AND_ASSIGN(CertLoader); |
| 128 }; | 142 }; |
| 129 | 143 |
| 130 } // namespace chromeos | 144 } // namespace chromeos |
| 131 | 145 |
| 132 #endif // CHROMEOS_CERT_LOADER_H_ | 146 #endif // CHROMEOS_CERT_LOADER_H_ |
| OLD | NEW |
