src/chrome/browser/chromeos/policy/user_network_configuration_updater.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
   6
   7 #include "base/bind.h"
   8 #include "base/bind_helpers.h"
   9 #include "base/logging.h"
  10 #include "base/values.h"
  11 #include "chrome/browser/chrome_notification_types.h"
  12 #include "chrome/browser/chromeos/net/onc_utils.h"
  13 #include "chrome/browser/net/nss_context.h"
  14 #include "chrome/browser/profiles/profile.h"
  15 #include "chromeos/network/managed_network_configuration_handler.h"
  16 #include "chromeos/network/onc/onc_certificate_importer_impl.h"
  17 #include "components/user_manager/user.h"
  18 #include "content/public/browser/browser_thread.h"
  19 #include "content/public/browser/notification_source.h"
  20 #include "net/cert/x509_certificate.h"
  21 #include "policy/policy_constants.h"
  22
  23 namespace policy {
  24
  25 UserNetworkConfigurationUpdater::~UserNetworkConfigurationUpdater() {}
  26
  27 // static
  28 scoped_ptr<UserNetworkConfigurationUpdater>
  29 UserNetworkConfigurationUpdater::CreateForUserPolicy(
  30     Profile* profile,
  31     bool allow_trusted_certs_from_policy,
  32     const user_manager::User& user,
  33     PolicyService* policy_service,
  34     chromeos::ManagedNetworkConfigurationHandler* network_config_handler) {
  35   scoped_ptr<UserNetworkConfigurationUpdater> updater(
  36       new UserNetworkConfigurationUpdater(profile,
  37                                           allow_trusted_certs_from_policy,
  38                                           user,
  39                                           policy_service,
  40                                           network_config_handler));
  41   updater->Init();
  42   return updater.Pass();
  43 }
  44
  45 void UserNetworkConfigurationUpdater::AddTrustedCertsObserver(
  46     WebTrustedCertsObserver* observer) {
  47   observer_list_.AddObserver(observer);
  48 }
  49
  50 void UserNetworkConfigurationUpdater::RemoveTrustedCertsObserver(
  51     WebTrustedCertsObserver* observer) {
  52   observer_list_.RemoveObserver(observer);
  53 }
  54
  55 UserNetworkConfigurationUpdater::UserNetworkConfigurationUpdater(
  56     Profile* profile,
  57     bool allow_trusted_certs_from_policy,
  58     const user_manager::User& user,
  59     PolicyService* policy_service,
  60     chromeos::ManagedNetworkConfigurationHandler* network_config_handler)
  61     : NetworkConfigurationUpdater(onc::ONC_SOURCE_USER_POLICY,
  62                                   key::kOpenNetworkConfiguration,
  63                                   policy_service,
  64                                   network_config_handler),
  65       allow_trusted_certificates_from_policy_(allow_trusted_certs_from_policy),
  66       user_(&user),
  67       weak_factory_(this) {
  68   // The updater is created with |certificate_importer_| unset and is
  69   // responsible for creating it. This requires |GetNSSCertDatabaseForProfile|
  70   // call, which is not safe before the profile initialization is finalized.
  71   // Thus, listen for PROFILE_ADDED notification, on which |cert_importer_|
  72   // creation should start.
  73   registrar_.Add(this,
  74                  chrome::NOTIFICATION_PROFILE_ADDED,
  75                  content::Source<Profile>(profile));
  76 }
  77
  78 void UserNetworkConfigurationUpdater::SetCertificateImporterForTest(
  79     scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer) {
  80   SetCertificateImporter(certificate_importer.Pass());
  81 }
  82
  83 void UserNetworkConfigurationUpdater::GetWebTrustedCertificates(
  84     net::CertificateList* certs) const {
  85   *certs = web_trust_certs_;
  86 }
  87
  88 void UserNetworkConfigurationUpdater::OnCertificatesImported(
  89     bool /* unused success */,
  90     const net::CertificateList& onc_trusted_certificates) {
  91   web_trust_certs_.clear();
  92   if (allow_trusted_certificates_from_policy_)
  93     web_trust_certs_ = onc_trusted_certificates;
  94   NotifyTrustAnchorsChanged();
  95 }
  96
  97 void UserNetworkConfigurationUpdater::ImportCertificates(
  98     const base::ListValue& certificates_onc) {
  99   // If certificate importer is not yet set, cache the certificate onc. It will
 100   // be imported when the certificate importer gets set.
 101   if (!certificate_importer_) {
 102     pending_certificates_onc_.reset(certificates_onc.DeepCopy());
 103     return;
 104   }
 105
 106   certificate_importer_->ImportCertificates(
 107       certificates_onc,
 108       onc_source_,
 109       base::Bind(&UserNetworkConfigurationUpdater::OnCertificatesImported,
 110                  base::Unretained(this)));
 111 }
 112
 113 void UserNetworkConfigurationUpdater::ApplyNetworkPolicy(
 114     base::ListValue* network_configs_onc,
 115     base::DictionaryValue* global_network_config) {
 116   DCHECK(user_);
 117   chromeos::onc::ExpandStringPlaceholdersInNetworksForUser(user_,
 118                                                            network_configs_onc);
 119   network_config_handler_->SetPolicy(onc_source_,
 120                                      user_->username_hash(),
 121                                      *network_configs_onc,
 122                                      *global_network_config);
 123 }
 124
 125 void UserNetworkConfigurationUpdater::Observe(
 126     int type,
 127     const content::NotificationSource& source,
 128     const content::NotificationDetails& details) {
 129   DCHECK_EQ(type, chrome::NOTIFICATION_PROFILE_ADDED);
 130   Profile* profile = content::Source<Profile>(source).ptr();
 131
 132   GetNSSCertDatabaseForProfile(
 133       profile,
 134       base::Bind(
 135           &UserNetworkConfigurationUpdater::CreateAndSetCertificateImporter,
 136           weak_factory_.GetWeakPtr()));
 137 }
 138
 139 void UserNetworkConfigurationUpdater::CreateAndSetCertificateImporter(
 140     net::NSSCertDatabase* database) {
 141   DCHECK(database);
 142   SetCertificateImporter(scoped_ptr<chromeos::onc::CertificateImporter>(
 143       new chromeos::onc::CertificateImporterImpl(
 144           content::BrowserThread::GetMessageLoopProxyForThread(
 145               content::BrowserThread::IO),
 146           database)));
 147 }
 148
 149 void UserNetworkConfigurationUpdater::SetCertificateImporter(
 150     scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer) {
 151   certificate_importer_ = certificate_importer.Pass();
 152
 153   if (pending_certificates_onc_)
 154     ImportCertificates(*pending_certificates_onc_);
 155   pending_certificates_onc_.reset();
 156 }
 157
 158 void UserNetworkConfigurationUpdater::NotifyTrustAnchorsChanged() {
 159   FOR_EACH_OBSERVER(WebTrustedCertsObserver,
 160                     observer_list_,
 161                     OnTrustAnchorsChanged(web_trust_certs_));
 162 }
 163
 164 }  // namespace policy