chrome/browser/chromeos/policy/policy_cert_service.h - chromium/src - Git at Google

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_
 #define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_

 #include <memory>
 #include <string>
 #include <vector>

 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/weak_ptr.h"
 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
 #include "chromeos/network/policy_certificate_provider.h"
 #include "components/keyed_service/core/keyed_service.h"

 class Profile;

 namespace user_manager {
 class UserManager;
 }

 namespace net {
 class X509Certificate;
 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
 }

 namespace network {
 class CertVerifierWithTrustAnchors;
 class NSSTempCertsCacheChromeOS;
 }

 namespace policy {

 // This service is the counterpart of PolicyCertVerifier on the UI thread. It's
 // responsible for pushing the current list of trust anchors to the CertVerifier
 // and marking the profile's prefs if any of the trust anchors was used.
 // Except for unit tests, PolicyCertVerifier should only be created through this
 // class.
 class PolicyCertService : public KeyedService,
                           public chromeos::PolicyCertificateProvider::Observer {
  public:
   PolicyCertService(Profile* profile,
                     const std::string& user_id,
                     UserNetworkConfigurationUpdater* net_conf_updater,
                     user_manager::UserManager* user_manager);
   ~PolicyCertService() override;

   // Creates an associated PolicyCertVerifier. The returned object must only be
   // used on the IO thread and must outlive this object.
   // This can only be called if the network service is disabled.
   std::unique_ptr<network::CertVerifierWithTrustAnchors>
   CreatePolicyCertVerifier();

   // Start listening for trust anchor changes to push to the network service.
   // This only needs to be called with the network service.
   void StartObservingPolicyCerts();

   // Returns true if the profile that owns this service has used certificates
   // installed via policy to establish a secure connection before. This means
   // that it may have cached content from an untrusted source.
   bool UsedPolicyCertificates() const;

   bool has_policy_certificates() const { return !trust_anchors_.empty(); }

   const net::CertificateList& all_server_and_authority_certs() const {
     return all_server_and_authority_certs_;
   }
   const net::CertificateList& trust_anchors() const { return trust_anchors_; }

   // UserNetworkConfigurationUpdater::PolicyProvidedCertsObserver:
   void OnPolicyProvidedCertsChanged(
       const net::CertificateList& all_server_and_authority_certs,
       const net::CertificateList& trust_anchors) override;

   // KeyedService:
   void Shutdown() override;

   static std::unique_ptr<PolicyCertService> CreateForTesting(
       const std::string& user_id,
       network::CertVerifierWithTrustAnchors* verifier,
       user_manager::UserManager* user_manager);

  private:
   PolicyCertService(const std::string& user_id,
                     network::CertVerifierWithTrustAnchors* verifier,
                     user_manager::UserManager* user_manager);

   void StartObservingPolicyCertsInternal(bool notify);
   void OnPolicyProvidedCertsChangedInternal(
       const net::CertificateList& all_server_and_authority_certs,
       const net::CertificateList& trust_anchors,
       bool notify);

   Profile* profile_ = nullptr;
   network::CertVerifierWithTrustAnchors* cert_verifier_;
   std::string user_id_;
   UserNetworkConfigurationUpdater* net_conf_updater_;
   user_manager::UserManager* user_manager_;
   net::CertificateList all_server_and_authority_certs_;
   net::CertificateList trust_anchors_;

   // Holds all policy-provided server and authority certificates and makes them
   // available to NSS as temp certificates. This is needed so they can be used
   // as intermediates when NSS verifies a certificate.
   std::unique_ptr<network::NSSTempCertsCacheChromeOS>
       temp_policy_provided_certs_;

   // Weak pointers to handle callbacks from PolicyCertVerifier on the IO thread.
   // The factory and the created WeakPtrs must only be used on the UI thread.
   base::WeakPtrFactory<PolicyCertService> weak_ptr_factory_;

   DISALLOW_COPY_AND_ASSIGN(PolicyCertService);
 };

 }  // namespace policy

 #endif  // CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_
	// Copyright 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_
	#define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_

	#include <memory>
	#include <string>
	#include <vector>

	#include "base/compiler_specific.h"
	#include "base/macros.h"
	#include "base/memory/ref_counted.h"
	#include "base/memory/weak_ptr.h"
	#include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
	#include "chromeos/network/policy_certificate_provider.h"
	#include "components/keyed_service/core/keyed_service.h"

	class Profile;

	namespace user_manager {
	class UserManager;
	}

	namespace net {
	class X509Certificate;
	typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
	}

	namespace network {
	class CertVerifierWithTrustAnchors;
	class NSSTempCertsCacheChromeOS;
	}

	namespace policy {

	// This service is the counterpart of PolicyCertVerifier on the UI thread. It's
	// responsible for pushing the current list of trust anchors to the CertVerifier
	// and marking the profile's prefs if any of the trust anchors was used.
	// Except for unit tests, PolicyCertVerifier should only be created through this
	// class.
	class PolicyCertService : public KeyedService,
	public chromeos::PolicyCertificateProvider::Observer {
	public:
	PolicyCertService(Profile* profile,
	const std::string& user_id,
	UserNetworkConfigurationUpdater* net_conf_updater,
	user_manager::UserManager* user_manager);
	~PolicyCertService() override;

	// Creates an associated PolicyCertVerifier. The returned object must only be
	// used on the IO thread and must outlive this object.
	// This can only be called if the network service is disabled.
	std::unique_ptr<network::CertVerifierWithTrustAnchors>
	CreatePolicyCertVerifier();

	// Start listening for trust anchor changes to push to the network service.
	// This only needs to be called with the network service.
	void StartObservingPolicyCerts();

	// Returns true if the profile that owns this service has used certificates
	// installed via policy to establish a secure connection before. This means
	// that it may have cached content from an untrusted source.
	bool UsedPolicyCertificates() const;

	bool has_policy_certificates() const { return !trust_anchors_.empty(); }

	const net::CertificateList& all_server_and_authority_certs() const {
	return all_server_and_authority_certs_;
	}
	const net::CertificateList& trust_anchors() const { return trust_anchors_; }

	// UserNetworkConfigurationUpdater::PolicyProvidedCertsObserver:
	void OnPolicyProvidedCertsChanged(
	const net::CertificateList& all_server_and_authority_certs,
	const net::CertificateList& trust_anchors) override;

	// KeyedService:
	void Shutdown() override;

	static std::unique_ptr<PolicyCertService> CreateForTesting(
	const std::string& user_id,
	network::CertVerifierWithTrustAnchors* verifier,
	user_manager::UserManager* user_manager);

	private:
	PolicyCertService(const std::string& user_id,
	network::CertVerifierWithTrustAnchors* verifier,
	user_manager::UserManager* user_manager);

	void StartObservingPolicyCertsInternal(bool notify);
	void OnPolicyProvidedCertsChangedInternal(
	const net::CertificateList& all_server_and_authority_certs,
	const net::CertificateList& trust_anchors,
	bool notify);

	Profile* profile_ = nullptr;
	network::CertVerifierWithTrustAnchors* cert_verifier_;
	std::string user_id_;
	UserNetworkConfigurationUpdater* net_conf_updater_;
	user_manager::UserManager* user_manager_;
	net::CertificateList all_server_and_authority_certs_;
	net::CertificateList trust_anchors_;

	// Holds all policy-provided server and authority certificates and makes them
	// available to NSS as temp certificates. This is needed so they can be used
	// as intermediates when NSS verifies a certificate.
	std::unique_ptr<network::NSSTempCertsCacheChromeOS>
	temp_policy_provided_certs_;

	// Weak pointers to handle callbacks from PolicyCertVerifier on the IO thread.
	// The factory and the created WeakPtrs must only be used on the UI thread.
	base::WeakPtrFactory<PolicyCertService> weak_ptr_factory_;

	DISALLOW_COPY_AND_ASSIGN(PolicyCertService);
	};

	} // namespace policy

	#endif // CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_