1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_POLICY_PROFILE_POLICY_CONNECTOR_H_
6 #define CHROME_BROWSER_POLICY_PROFILE_POLICY_CONNECTOR_H_
11 #include "base/basictypes.h"
12 #include "base/callback.h"
13 #include "base/memory/ref_counted.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "base/memory/weak_ptr.h"
16 #include "components/browser_context_keyed_service/browser_context_keyed_service.h"
21 class CertTrustAnchorProvider;
25 class X509Certificate;
26 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
35 class CloudPolicyManager;
36 class ConfigurationPolicyProvider;
37 class UserNetworkConfigurationUpdater;
39 class PolicyCertVerifier;
41 // A BrowserContextKeyedService that creates and manages the per-Profile policy
43 class ProfilePolicyConnector : public BrowserContextKeyedService {
45 explicit ProfilePolicyConnector(Profile* profile);
46 virtual ~ProfilePolicyConnector();
48 // If |force_immediate_load| then disk caches will be loaded synchronously.
49 void Init(bool force_immediate_load,
50 #if defined(OS_CHROMEOS)
51 const chromeos::User* user,
53 CloudPolicyManager* user_cloud_policy_manager);
55 void InitForTesting(scoped_ptr<PolicyService> service);
57 // BrowserContextKeyedService:
58 virtual void Shutdown() OVERRIDE;
60 // This is never NULL.
61 PolicyService* policy_service() const { return policy_service_.get(); }
63 #if defined(OS_CHROMEOS)
64 // Sets the CertVerifier on which the current list of Web trusted server and
65 // CA certificates will be set. Policy updates will trigger further calls to
66 // |cert_verifier| later. |cert_verifier| must be valid until
67 // SetPolicyCertVerifier is called again (with another CertVerifier or NULL)
68 // or until this Connector is destructed. |cert_verifier|'s methods are only
69 // called on the IO thread. This function must be called on the UI thread.
70 void SetPolicyCertVerifier(PolicyCertVerifier* cert_verifier);
72 // Returns a callback that should be called if a policy installed certificate
73 // was trusted for the associated profile. The closure can be safely used (on
74 // the UI thread) even after this Connector is destructed.
75 base::Closure GetPolicyCertTrustedCallback();
77 // Sets |certs| to the list of Web trusted server and CA certificates from the
78 // last received ONC user policy.
79 void GetWebTrustedCertificates(net::CertificateList* certs) const;
82 // Returns true if |profile()| has used certificates installed via policy
83 // to establish a secure connection before. This means that it may have
84 // cached content from an untrusted source.
85 bool UsedPolicyCertificates();
88 #if defined(ENABLE_CONFIGURATION_POLICY)
90 #if defined(OS_CHROMEOS)
91 void SetUsedPolicyCertificatesOnce();
92 void InitializeDeviceLocalAccountPolicyProvider(const std::string& username);
95 #if defined(OS_CHROMEOS)
96 // Some of the user policy configuration affects browser global state, and
97 // can only come from one Profile. |is_primary_user_| is true if this
98 // connector belongs to the first signed-in Profile, and in that case that
99 // Profile's policy is the one that affects global policy settings in
101 bool is_primary_user_;
103 scoped_ptr<ConfigurationPolicyProvider> special_user_policy_provider_;
104 scoped_ptr<UserNetworkConfigurationUpdater> network_configuration_updater_;
106 base::WeakPtrFactory<ProfilePolicyConnector> weak_ptr_factory_;
111 #endif // ENABLE_CONFIGURATION_POLICY
113 scoped_ptr<PolicyService> policy_service_;
115 DISALLOW_COPY_AND_ASSIGN(ProfilePolicyConnector);
118 } // namespace policy
120 #endif // CHROME_BROWSER_POLICY_PROFILE_POLICY_CONNECTOR_H_