1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
8 #include "base/bind_helpers.h"
9 #include "base/logging.h"
10 #include "base/values.h"
11 #include "chrome/browser/chrome_notification_types.h"
12 #include "chrome/browser/chromeos/login/users/user.h"
13 #include "chrome/browser/chromeos/net/onc_utils.h"
14 #include "chrome/browser/net/nss_context.h"
15 #include "chrome/browser/profiles/profile.h"
16 #include "chromeos/network/managed_network_configuration_handler.h"
17 #include "chromeos/network/onc/onc_certificate_importer_impl.h"
18 #include "content/public/browser/notification_source.h"
19 #include "net/cert/x509_certificate.h"
20 #include "policy/policy_constants.h"
24 bool skip_certificate_importer_creation_for_test = false;
30 UserNetworkConfigurationUpdater::~UserNetworkConfigurationUpdater() {}
33 scoped_ptr<UserNetworkConfigurationUpdater>
34 UserNetworkConfigurationUpdater::CreateForUserPolicy(
36 bool allow_trusted_certs_from_policy,
37 const chromeos::User& user,
38 PolicyService* policy_service,
39 chromeos::ManagedNetworkConfigurationHandler* network_config_handler) {
40 scoped_ptr<UserNetworkConfigurationUpdater> updater(
41 new UserNetworkConfigurationUpdater(profile,
42 allow_trusted_certs_from_policy,
45 network_config_handler));
47 return updater.Pass();
50 void UserNetworkConfigurationUpdater::AddTrustedCertsObserver(
51 WebTrustedCertsObserver* observer) {
52 observer_list_.AddObserver(observer);
55 void UserNetworkConfigurationUpdater::RemoveTrustedCertsObserver(
56 WebTrustedCertsObserver* observer) {
57 observer_list_.RemoveObserver(observer);
60 UserNetworkConfigurationUpdater::UserNetworkConfigurationUpdater(
62 bool allow_trusted_certs_from_policy,
63 const chromeos::User& user,
64 PolicyService* policy_service,
65 chromeos::ManagedNetworkConfigurationHandler* network_config_handler)
66 : NetworkConfigurationUpdater(onc::ONC_SOURCE_USER_POLICY,
67 key::kOpenNetworkConfiguration,
69 network_config_handler),
70 allow_trusted_certificates_from_policy_(allow_trusted_certs_from_policy),
73 // The updater is created with |certificate_importer_| unset and is
74 // responsible for creating it. This requires |GetNSSCertDatabaseForProfile|
75 // call, which is not safe before the profile initialization is finalized.
76 // Thus, listen for PROFILE_ADDED notification, on which |cert_importer_|
77 // creation should start. This behaviour can be disabled in tests.
78 if (!skip_certificate_importer_creation_for_test) {
80 chrome::NOTIFICATION_PROFILE_ADDED,
81 content::Source<Profile>(profile));
85 void UserNetworkConfigurationUpdater::SetCertificateImporterForTest(
86 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer) {
87 SetCertificateImporter(certificate_importer.Pass());
91 void UserNetworkConfigurationUpdater::
92 SetSkipCertificateImporterCreationForTest(bool skip) {
93 skip_certificate_importer_creation_for_test = skip;
96 void UserNetworkConfigurationUpdater::GetWebTrustedCertificates(
97 net::CertificateList* certs) const {
98 *certs = web_trust_certs_;
101 void UserNetworkConfigurationUpdater::ImportCertificates(
102 const base::ListValue& certificates_onc) {
103 // If certificate importer is not yet set, cache the certificate onc. It will
104 // be imported when the certificate importer gets set.
105 if (!certificate_importer_) {
106 pending_certificates_onc_.reset(certificates_onc.DeepCopy());
110 web_trust_certs_.clear();
111 certificate_importer_->ImportCertificates(
114 allow_trusted_certificates_from_policy_ ? &web_trust_certs_ : NULL);
116 NotifyTrustAnchorsChanged();
119 void UserNetworkConfigurationUpdater::ApplyNetworkPolicy(
120 base::ListValue* network_configs_onc,
121 base::DictionaryValue* global_network_config) {
123 chromeos::onc::ExpandStringPlaceholdersInNetworksForUser(user_,
124 network_configs_onc);
125 network_config_handler_->SetPolicy(onc_source_,
126 user_->username_hash(),
127 *network_configs_onc,
128 *global_network_config);
131 void UserNetworkConfigurationUpdater::Observe(
133 const content::NotificationSource& source,
134 const content::NotificationDetails& details) {
135 DCHECK_EQ(type, chrome::NOTIFICATION_PROFILE_ADDED);
136 Profile* profile = content::Source<Profile>(source).ptr();
138 if (skip_certificate_importer_creation_for_test)
141 GetNSSCertDatabaseForProfile(
144 &UserNetworkConfigurationUpdater::CreateAndSetCertificateImporter,
145 weak_factory_.GetWeakPtr()));
148 void UserNetworkConfigurationUpdater::CreateAndSetCertificateImporter(
149 net::NSSCertDatabase* database) {
151 SetCertificateImporter(scoped_ptr<chromeos::onc::CertificateImporter>(
152 new chromeos::onc::CertificateImporterImpl(database)));
155 void UserNetworkConfigurationUpdater::SetCertificateImporter(
156 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer) {
157 certificate_importer_ = certificate_importer.Pass();
159 if (pending_certificates_onc_)
160 ImportCertificates(*pending_certificates_onc_);
161 pending_certificates_onc_.reset();
164 void UserNetworkConfigurationUpdater::NotifyTrustAnchorsChanged() {
165 FOR_EACH_OBSERVER(WebTrustedCertsObserver,
167 OnTrustAnchorsChanged(web_trust_certs_));
170 } // namespace policy