OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" | 5 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/values.h" | 10 #include "base/values.h" |
11 #include "chrome/browser/chrome_notification_types.h" | |
12 #include "chrome/browser/chromeos/net/onc_utils.h" | 11 #include "chrome/browser/chromeos/net/onc_utils.h" |
13 #include "chrome/browser/net/nss_context.h" | |
14 #include "chrome/browser/profiles/profile.h" | |
15 #include "chromeos/network/managed_network_configuration_handler.h" | 12 #include "chromeos/network/managed_network_configuration_handler.h" |
16 #include "chromeos/network/onc/onc_certificate_importer_impl.h" | 13 #include "chromeos/network/onc/onc_certificate_importer.h" |
17 #include "components/user_manager/user.h" | 14 #include "components/user_manager/user.h" |
18 #include "content/public/browser/browser_thread.h" | |
19 #include "content/public/browser/notification_source.h" | |
20 #include "net/cert/x509_certificate.h" | 15 #include "net/cert/x509_certificate.h" |
21 #include "policy/policy_constants.h" | 16 #include "policy/policy_constants.h" |
22 | 17 |
23 namespace policy { | 18 namespace policy { |
24 | 19 |
25 UserNetworkConfigurationUpdater::~UserNetworkConfigurationUpdater() {} | 20 UserNetworkConfigurationUpdater::~UserNetworkConfigurationUpdater() {} |
26 | 21 |
27 // static | 22 // static |
28 scoped_ptr<UserNetworkConfigurationUpdater> | 23 scoped_ptr<UserNetworkConfigurationUpdater> |
29 UserNetworkConfigurationUpdater::CreateForUserPolicy( | 24 UserNetworkConfigurationUpdater::CreateForUserPolicy( |
30 Profile* profile, | |
31 bool allow_trusted_certs_from_policy, | 25 bool allow_trusted_certs_from_policy, |
32 const user_manager::User& user, | 26 const user_manager::User& user, |
33 PolicyService* policy_service, | 27 PolicyService* policy_service, |
| 28 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer, |
34 chromeos::ManagedNetworkConfigurationHandler* network_config_handler) { | 29 chromeos::ManagedNetworkConfigurationHandler* network_config_handler) { |
35 scoped_ptr<UserNetworkConfigurationUpdater> updater( | 30 scoped_ptr<UserNetworkConfigurationUpdater> updater( |
36 new UserNetworkConfigurationUpdater(profile, | 31 new UserNetworkConfigurationUpdater(allow_trusted_certs_from_policy, |
37 allow_trusted_certs_from_policy, | |
38 user, | 32 user, |
39 policy_service, | 33 policy_service, |
| 34 certificate_importer.Pass(), |
40 network_config_handler)); | 35 network_config_handler)); |
41 updater->Init(); | 36 updater->Init(); |
42 return updater.Pass(); | 37 return updater.Pass(); |
43 } | 38 } |
44 | 39 |
45 void UserNetworkConfigurationUpdater::AddTrustedCertsObserver( | 40 void UserNetworkConfigurationUpdater::AddTrustedCertsObserver( |
46 WebTrustedCertsObserver* observer) { | 41 WebTrustedCertsObserver* observer) { |
47 observer_list_.AddObserver(observer); | 42 observer_list_.AddObserver(observer); |
48 } | 43 } |
49 | 44 |
50 void UserNetworkConfigurationUpdater::RemoveTrustedCertsObserver( | 45 void UserNetworkConfigurationUpdater::RemoveTrustedCertsObserver( |
51 WebTrustedCertsObserver* observer) { | 46 WebTrustedCertsObserver* observer) { |
52 observer_list_.RemoveObserver(observer); | 47 observer_list_.RemoveObserver(observer); |
53 } | 48 } |
54 | 49 |
55 UserNetworkConfigurationUpdater::UserNetworkConfigurationUpdater( | 50 UserNetworkConfigurationUpdater::UserNetworkConfigurationUpdater( |
56 Profile* profile, | |
57 bool allow_trusted_certs_from_policy, | 51 bool allow_trusted_certs_from_policy, |
58 const user_manager::User& user, | 52 const user_manager::User& user, |
59 PolicyService* policy_service, | 53 PolicyService* policy_service, |
| 54 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer, |
60 chromeos::ManagedNetworkConfigurationHandler* network_config_handler) | 55 chromeos::ManagedNetworkConfigurationHandler* network_config_handler) |
61 : NetworkConfigurationUpdater(onc::ONC_SOURCE_USER_POLICY, | 56 : NetworkConfigurationUpdater(onc::ONC_SOURCE_USER_POLICY, |
62 key::kOpenNetworkConfiguration, | 57 key::kOpenNetworkConfiguration, |
63 policy_service, | 58 policy_service, |
64 network_config_handler), | 59 network_config_handler), |
65 allow_trusted_certificates_from_policy_(allow_trusted_certs_from_policy), | 60 allow_trusted_certificates_from_policy_(allow_trusted_certs_from_policy), |
66 user_(&user), | 61 user_(&user), |
| 62 certificate_importer_(certificate_importer.Pass()), |
67 weak_factory_(this) { | 63 weak_factory_(this) { |
68 // The updater is created with |certificate_importer_| unset and is | 64 CHECK(certificate_importer_); |
69 // responsible for creating it. This requires |GetNSSCertDatabaseForProfile| | |
70 // call, which is not safe before the profile initialization is finalized. | |
71 // Thus, listen for PROFILE_ADDED notification, on which |cert_importer_| | |
72 // creation should start. | |
73 registrar_.Add(this, | |
74 chrome::NOTIFICATION_PROFILE_ADDED, | |
75 content::Source<Profile>(profile)); | |
76 } | |
77 | |
78 void UserNetworkConfigurationUpdater::SetCertificateImporterForTest( | |
79 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer) { | |
80 SetCertificateImporter(certificate_importer.Pass()); | |
81 } | 65 } |
82 | 66 |
83 void UserNetworkConfigurationUpdater::GetWebTrustedCertificates( | 67 void UserNetworkConfigurationUpdater::GetWebTrustedCertificates( |
84 net::CertificateList* certs) const { | 68 net::CertificateList* certs) const { |
85 *certs = web_trust_certs_; | 69 *certs = web_trust_certs_; |
86 } | 70 } |
87 | 71 |
88 void UserNetworkConfigurationUpdater::OnCertificatesImported( | 72 void UserNetworkConfigurationUpdater::OnCertificatesImported( |
89 bool /* unused success */, | 73 bool /* unused success */, |
90 const net::CertificateList& onc_trusted_certificates) { | 74 const net::CertificateList& onc_trusted_certificates) { |
91 web_trust_certs_.clear(); | 75 web_trust_certs_.clear(); |
92 if (allow_trusted_certificates_from_policy_) | 76 if (allow_trusted_certificates_from_policy_) |
93 web_trust_certs_ = onc_trusted_certificates; | 77 web_trust_certs_ = onc_trusted_certificates; |
94 NotifyTrustAnchorsChanged(); | 78 NotifyTrustAnchorsChanged(); |
95 } | 79 } |
96 | 80 |
97 void UserNetworkConfigurationUpdater::ImportCertificates( | 81 void UserNetworkConfigurationUpdater::ImportCertificates( |
98 const base::ListValue& certificates_onc) { | 82 const base::ListValue& certificates_onc) { |
99 // If certificate importer is not yet set, cache the certificate onc. It will | |
100 // be imported when the certificate importer gets set. | |
101 if (!certificate_importer_) { | |
102 pending_certificates_onc_.reset(certificates_onc.DeepCopy()); | |
103 return; | |
104 } | |
105 | |
106 certificate_importer_->ImportCertificates( | 83 certificate_importer_->ImportCertificates( |
107 certificates_onc, | 84 certificates_onc, |
108 onc_source_, | 85 onc_source_, |
109 base::Bind(&UserNetworkConfigurationUpdater::OnCertificatesImported, | 86 base::Bind(&UserNetworkConfigurationUpdater::OnCertificatesImported, |
110 base::Unretained(this))); | 87 base::Unretained(this))); |
111 } | 88 } |
112 | 89 |
113 void UserNetworkConfigurationUpdater::ApplyNetworkPolicy( | 90 void UserNetworkConfigurationUpdater::ApplyNetworkPolicy( |
114 base::ListValue* network_configs_onc, | 91 base::ListValue* network_configs_onc, |
115 base::DictionaryValue* global_network_config) { | 92 base::DictionaryValue* global_network_config) { |
116 DCHECK(user_); | 93 DCHECK(user_); |
117 chromeos::onc::ExpandStringPlaceholdersInNetworksForUser(user_, | 94 chromeos::onc::ExpandStringPlaceholdersInNetworksForUser(user_, |
118 network_configs_onc); | 95 network_configs_onc); |
119 network_config_handler_->SetPolicy(onc_source_, | 96 network_config_handler_->SetPolicy(onc_source_, |
120 user_->username_hash(), | 97 user_->username_hash(), |
121 *network_configs_onc, | 98 *network_configs_onc, |
122 *global_network_config); | 99 *global_network_config); |
123 } | 100 } |
124 | 101 |
125 void UserNetworkConfigurationUpdater::Observe( | |
126 int type, | |
127 const content::NotificationSource& source, | |
128 const content::NotificationDetails& details) { | |
129 DCHECK_EQ(type, chrome::NOTIFICATION_PROFILE_ADDED); | |
130 Profile* profile = content::Source<Profile>(source).ptr(); | |
131 | |
132 GetNSSCertDatabaseForProfile( | |
133 profile, | |
134 base::Bind( | |
135 &UserNetworkConfigurationUpdater::CreateAndSetCertificateImporter, | |
136 weak_factory_.GetWeakPtr())); | |
137 } | |
138 | |
139 void UserNetworkConfigurationUpdater::CreateAndSetCertificateImporter( | |
140 net::NSSCertDatabase* database) { | |
141 DCHECK(database); | |
142 SetCertificateImporter(scoped_ptr<chromeos::onc::CertificateImporter>( | |
143 new chromeos::onc::CertificateImporterImpl( | |
144 content::BrowserThread::GetMessageLoopProxyForThread( | |
145 content::BrowserThread::IO), | |
146 database))); | |
147 } | |
148 | |
149 void UserNetworkConfigurationUpdater::SetCertificateImporter( | |
150 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer) { | |
151 certificate_importer_ = certificate_importer.Pass(); | |
152 | |
153 if (pending_certificates_onc_) | |
154 ImportCertificates(*pending_certificates_onc_); | |
155 pending_certificates_onc_.reset(); | |
156 } | |
157 | |
158 void UserNetworkConfigurationUpdater::NotifyTrustAnchorsChanged() { | 102 void UserNetworkConfigurationUpdater::NotifyTrustAnchorsChanged() { |
159 FOR_EACH_OBSERVER(WebTrustedCertsObserver, | 103 FOR_EACH_OBSERVER(WebTrustedCertsObserver, |
160 observer_list_, | 104 observer_list_, |
161 OnTrustAnchorsChanged(web_trust_certs_)); | 105 OnTrustAnchorsChanged(web_trust_certs_)); |
162 } | 106 } |
163 | 107 |
164 } // namespace policy | 108 } // namespace policy |
OLD | NEW |