1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_
6 #define CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_
10 #include "base/basictypes.h"
11 #include "base/compiler_specific.h"
12 #include "base/memory/ref_counted.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "chrome/browser/chromeos/policy/network_configuration_updater.h"
21 class X509Certificate;
22 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
27 class PolicyCertVerifier;
30 // Implements additional special handling of ONC user policies. Namely string
31 // expansion with the user's name (or email address, etc.) and handling of "Web"
32 // trust of certificates. Web trusted certificates are pushed to the
33 // PolicyCertVerifier if set.
34 class UserNetworkConfigurationUpdater : public NetworkConfigurationUpdater {
36 virtual ~UserNetworkConfigurationUpdater();
38 // Creates an updater that applies the ONC user policy from |policy_service|
39 // for user |user| once the policy service is completely initialized and on
40 // each policy change. Imported certificates, that request it, are only
41 // granted Web trust if |allow_trusted_certs_from_policy| is true. A reference
42 // to |user| is stored. It must outlive the returned updater.
43 static scoped_ptr<UserNetworkConfigurationUpdater> CreateForUserPolicy(
44 bool allow_trusted_certs_from_policy,
45 const chromeos::User& user,
46 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer,
47 PolicyService* policy_service,
48 chromeos::ManagedNetworkConfigurationHandler* network_config_handler);
50 // Sets the CertVerifier on which the current list of Web trusted server and
51 // CA certificates will be set. Policy updates will trigger further calls to
52 // |cert_verifier| later. |cert_verifier| must be valid until
53 // SetPolicyCertVerifier is called again (with another CertVerifier or NULL)
54 // or until this Updater is destructed. |cert_verifier|'s methods are only
55 // called on the IO thread. This function must be called on the UI thread.
56 void SetPolicyCertVerifier(PolicyCertVerifier* cert_verifier);
58 // Sets |certs| to the list of Web trusted server and CA certificates from the
59 // last received policy.
60 void GetWebTrustedCertificates(net::CertificateList* certs) const;
63 class CrosTrustAnchorProvider;
65 UserNetworkConfigurationUpdater(
66 bool allow_trusted_certs_from_policy,
67 const chromeos::User& user,
68 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer,
69 PolicyService* policy_service,
70 chromeos::ManagedNetworkConfigurationHandler* network_config_handler);
72 virtual void ImportCertificates(
73 const base::ListValue& certificates_onc) OVERRIDE;
75 virtual void ApplyNetworkPolicy(
76 base::ListValue* network_configs_onc,
77 base::DictionaryValue* global_network_config) OVERRIDE;
79 // Push |web_trust_certs_| to |cert_verifier_| if necessary.
80 void SetTrustAnchors();
82 // Whether Web trust is allowed or not. Only relevant for user policies.
83 bool allow_trusted_certificates_from_policy_;
85 // The user for whom the user policy will be applied. Is NULL if this Updater
86 // is used for device policy.
87 const chromeos::User* user_;
89 // Calls to this object are only allowed on the IO Thread.
90 PolicyCertVerifier* cert_verifier_;
92 // Contains the certificates of the last import that requested web trust. Must
93 // be empty if Web trust from policy is not allowed.
94 net::CertificateList web_trust_certs_;
96 DISALLOW_COPY_AND_ASSIGN(UserNetworkConfigurationUpdater);
101 #endif // CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_