1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_
6 #define CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_
10 #include "base/basictypes.h"
11 #include "base/compiler_specific.h"
12 #include "base/memory/ref_counted.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/memory/weak_ptr.h"
15 #include "base/observer_list.h"
16 #include "chrome/browser/chromeos/policy/network_configuration_updater.h"
17 #include "components/keyed_service/core/keyed_service.h"
18 #include "content/public/browser/notification_observer.h"
19 #include "content/public/browser/notification_registrar.h"
27 namespace user_manager {
34 class CertificateImporter;
39 class NSSCertDatabase;
40 class X509Certificate;
41 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
48 // Implements additional special handling of ONC user policies. Namely string
49 // expansion with the user's name (or email address, etc.) and handling of "Web"
50 // trust of certificates.
51 class UserNetworkConfigurationUpdater : public NetworkConfigurationUpdater,
53 public content::NotificationObserver {
55 class WebTrustedCertsObserver {
57 // Is called everytime the list of imported certificates with Web trust is
59 virtual void OnTrustAnchorsChanged(
60 const net::CertificateList& trust_anchors) = 0;
63 virtual ~UserNetworkConfigurationUpdater();
65 // Creates an updater that applies the ONC user policy from |policy_service|
66 // for user |user| once the policy service is completely initialized and on
67 // each policy change. Imported certificates, that request it, are only
68 // granted Web trust if |allow_trusted_certs_from_policy| is true. A reference
69 // to |user| is stored. It must outlive the returned updater.
70 static scoped_ptr<UserNetworkConfigurationUpdater> CreateForUserPolicy(
72 bool allow_trusted_certs_from_policy,
73 const user_manager::User& user,
74 PolicyService* policy_service,
75 chromeos::ManagedNetworkConfigurationHandler* network_config_handler);
77 void AddTrustedCertsObserver(WebTrustedCertsObserver* observer);
78 void RemoveTrustedCertsObserver(WebTrustedCertsObserver* observer);
80 // Sets |certs| to the list of Web trusted server and CA certificates from the
81 // last received policy.
82 void GetWebTrustedCertificates(net::CertificateList* certs) const;
84 // Helper method to expose |SetCertificateImporter| for usage in tests.
85 void SetCertificateImporterForTest(
86 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer);
89 class CrosTrustAnchorProvider;
91 UserNetworkConfigurationUpdater(
93 bool allow_trusted_certs_from_policy,
94 const user_manager::User& user,
95 PolicyService* policy_service,
96 chromeos::ManagedNetworkConfigurationHandler* network_config_handler);
98 // Called by the CertificateImporter when an import finished.
99 void OnCertificatesImported(
101 const net::CertificateList& onc_trusted_certificates);
103 // NetworkConfigurationUpdater:
104 virtual void ImportCertificates(
105 const base::ListValue& certificates_onc) OVERRIDE;
106 virtual void ApplyNetworkPolicy(
107 base::ListValue* network_configs_onc,
108 base::DictionaryValue* global_network_config) OVERRIDE;
110 // content::NotificationObserver implementation. Observes the profile to which
111 // |this| belongs to for PROFILE_ADDED notification.
112 virtual void Observe(int type,
113 const content::NotificationSource& source,
114 const content::NotificationDetails& details) OVERRIDE;
116 // Creates onc::CertImporter with |database| and passes it to
117 // |SetCertificateImporter|.
118 void CreateAndSetCertificateImporter(net::NSSCertDatabase* database);
120 // Sets the certificate importer that should be used to import certificate
121 // policies. If there is |pending_certificates_onc_|, it gets imported.
122 void SetCertificateImporter(
123 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer);
125 void NotifyTrustAnchorsChanged();
127 // Whether Web trust is allowed or not.
128 bool allow_trusted_certificates_from_policy_;
130 // The user for whom the user policy will be applied.
131 const user_manager::User* user_;
133 ObserverList<WebTrustedCertsObserver, true> observer_list_;
135 // Contains the certificates of the last import that requested web trust. Must
136 // be empty if Web trust from policy is not allowed.
137 net::CertificateList web_trust_certs_;
139 // If |ImportCertificates| is called before |SetCertificateImporter|, gets set
140 // to a copy of the policy for which the import was requested.
141 // The policy will be processed when the certificate importer is set.
142 scoped_ptr<base::ListValue> pending_certificates_onc_;
144 // Certificate importer to be used for importing policy defined certificates.
145 // Set by |SetCertificateImporter|.
146 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer_;
148 content::NotificationRegistrar registrar_;
150 base::WeakPtrFactory<UserNetworkConfigurationUpdater> weak_factory_;
152 DISALLOW_COPY_AND_ASSIGN(UserNetworkConfigurationUpdater);
155 } // namespace policy
157 #endif // CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_