src/chromeos/network/client_cert_resolver.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_
   6 #define CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_
   7
   8 #include <set>
   9 #include <string>
  10 #include <vector>
  11
  12 #include "base/basictypes.h"
  13 #include "base/macros.h"
  14 #include "base/memory/ref_counted.h"
  15 #include "base/memory/scoped_ptr.h"
  16 #include "base/memory/weak_ptr.h"
  17 #include "base/observer_list.h"
  18 #include "chromeos/cert_loader.h"
  19 #include "chromeos/chromeos_export.h"
  20 #include "chromeos/network/client_cert_util.h"
  21 #include "chromeos/network/network_policy_observer.h"
  22 #include "chromeos/network/network_state_handler.h"
  23 #include "chromeos/network/network_state_handler_observer.h"
  24
  25 namespace base {
  26 class TaskRunner;
  27 }
  28
  29 namespace chromeos {
  30
  31 class NetworkState;
  32 class ManagedNetworkConfigurationHandler;
  33
  34 // Observes the known networks. If a network is configured with a client
  35 // certificate pattern, this class searches for a matching client certificate.
  36 // Each time it finds a match, it configures the network accordingly.
  37 class CHROMEOS_EXPORT ClientCertResolver : public NetworkStateHandlerObserver,
  38                                            public CertLoader::Observer,
  39                                            public NetworkPolicyObserver {
  40  public:
  41   struct NetworkAndMatchingCert;
  42
  43   class Observer {
  44    public:
  45     // Called every time resolving of client certificate patterns finishes,
  46     // no resolve requests are pending and no tasks are running.
  47     // |network_properties_changed| will be true if any network properties were
  48     // changed by this resolver since the last notification.
  49     virtual void ResolveRequestCompleted(bool network_properties_changed) = 0;
  50
  51    protected:
  52     virtual ~Observer() {}
  53
  54    private:
  55     DISALLOW_ASSIGN(Observer);
  56   };
  57
  58   ClientCertResolver();
  59   ~ClientCertResolver() override;
  60
  61   void Init(NetworkStateHandler* network_state_handler,
  62             ManagedNetworkConfigurationHandler* managed_network_config_handler);
  63
  64   // Sets the task runner that any slow calls will be made from, e.g. calls
  65   // to the NSS database. If not set, uses base::WorkerPool.
  66   void SetSlowTaskRunnerForTest(
  67       const scoped_refptr<base::TaskRunner>& task_runner);
  68
  69   void AddObserver(Observer* observer);
  70   void RemoveObserver(Observer* observer);
  71
  72   // Returns true if any resolve tasks are running. Every time a task finishes
  73   // and no further requests are pending, a notification is sent, see
  74   // |Observer|.
  75   bool IsAnyResolveTaskRunning() const;
  76
  77   // Returns true and sets the Shill properties that have to be configured in
  78   // |shill_properties| if the certificate pattern |pattern| could be resolved.
  79   // Returns false otherwise and sets empty Shill properties to clear the
  80   // certificate configuration.
  81   static bool ResolveCertificatePatternSync(
  82       const client_cert::ConfigType client_cert_type,
  83       const CertificatePattern& pattern,
  84       base::DictionaryValue* shill_properties);
  85
  86  private:
  87   // NetworkStateHandlerObserver overrides
  88   void NetworkListChanged() override;
  89
  90   // CertLoader::Observer overrides
  91   void OnCertificatesLoaded(const net::CertificateList& cert_list,
  92                             bool initial_load) override;
  93
  94   // NetworkPolicyObserver overrides
  95   void PolicyAppliedToNetwork(const std::string& service_path) override;
  96
  97   // Check which networks of |networks| are configured with a client certificate
  98   // pattern. Search for certificates, on the worker thread, and configure the
  99   // networks for which a matching cert is found (see ConfigureCertificates).
 100   void ResolveNetworks(const NetworkStateHandler::NetworkStateList& networks);
 101
 102   // Resolves certificates for the pending networks. This will always trigger a
 103   // ResolveRequestCompleted notification, even if the queue is empty.
 104   void ResolvePendingNetworks();
 105
 106   // |matches| contains networks for which a matching certificate was found.
 107   // Configures these networks.
 108   void ConfigureCertificates(std::vector<NetworkAndMatchingCert>* matches);
 109
 110   // Trigger a ResolveRequestCompleted event on all observers.
 111   void NotifyResolveRequestCompleted();
 112
 113   ObserverList<Observer> observers_;
 114
 115   // The set of networks that were checked/resolved in previous passes. These
 116   // networks are skipped in the NetworkListChanged notification.
 117   std::set<std::string> resolved_networks_;
 118
 119   // The list of network paths that still have to be resolved.
 120   std::set<std::string> queued_networks_to_resolve_;
 121
 122   // True if currently a resolve task is running.
 123   bool resolve_task_running_;
 124
 125   // True if any network properties were changed since the last notification to
 126   // observers.
 127   bool network_properties_changed_;
 128
 129   // Unowned associated (global or test) instance.
 130   NetworkStateHandler* network_state_handler_;
 131
 132   // Unowned associated (global or test) instance.
 133   ManagedNetworkConfigurationHandler* managed_network_config_handler_;
 134
 135   // TaskRunner for slow tasks.
 136   scoped_refptr<base::TaskRunner> slow_task_runner_for_test_;
 137
 138   base::WeakPtrFactory<ClientCertResolver> weak_ptr_factory_;
 139
 140   DISALLOW_COPY_AND_ASSIGN(ClientCertResolver);
 141 };
 142
 143 }  // namespace chromeos
 144
 145 #endif  // CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_