chrome/browser/chromeos/policy/system_proxy_manager.h - chromium/src - Git at Google

 // Copyright (c) 2020 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_SYSTEM_PROXY_MANAGER_H_
 #define CHROME_BROWSER_CHROMEOS_POLICY_SYSTEM_PROXY_MANAGER_H_

 #include <memory>
 #include <string>

 #include "base/callback_forward.h"
 #include "base/gtest_prod_util.h"
 #include "base/memory/weak_ptr.h"
 #include "base/optional.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chromeos/dbus/system_proxy/system_proxy_service.pb.h"
 #include "net/base/auth.h"

 namespace system_proxy {
 class SetAuthenticationDetailsResponse;
 class ShutDownResponse;
 }  // namespace system_proxy

 class PrefService;
 class PrefChangeRegistrar;
 class Profile;

 namespace policy {

 // This class observes the device setting |SystemProxySettings|, and controls
 // the availability of System-proxy service and the configuration of the web
 // proxy credentials for system services connecting through System-proxy. It
 // also listens for the |WorkerActive| dbus signal sent by the System-proxy
 // daemon and stores connection information regarding the active worker
 // processes.
 class SystemProxyManager {
  public:
   SystemProxyManager(chromeos::CrosSettings* cros_settings,
                      PrefService* local_state);
   SystemProxyManager(const SystemProxyManager&) = delete;

   SystemProxyManager& operator=(const SystemProxyManager&) = delete;

   ~SystemProxyManager();

   // If System-proxy is enabled by policy, it returns the URL of the local proxy
   // instance that authenticates system services, in PAC format, e.g.
   //     PROXY localhost:3128
   // otherwise it returns an empty string.
   std::string SystemServicesProxyPacString() const;
   void StartObservingPrimaryProfilePrefs(Profile* profile);
   void StopObservingPrimaryProfilePrefs();
   // If System-proxy is enabled, it will send a request via D-Bus to clear the
   // user's proxy credentials cached by the local proxy workers. System-proxy
   // requests proxy credentials from the browser by sending an
   // |AuthenticationRequired| D-Bus signal.
   void ClearUserCredentials();

   void SetSystemProxyEnabledForTest(bool enabled);
   void SetSystemServicesProxyUrlForTest(const std::string& local_proxy_url);

  private:
   void OnSetAuthenticationDetails(
       const system_proxy::SetAuthenticationDetailsResponse& response);
   void OnDaemonShutDown(const system_proxy::ShutDownResponse& response);
   void OnClearUserCredentials(
       const system_proxy::ClearUserCredentialsResponse& response);

   void OnKerberosEnabledChanged();
   void OnKerberosAccountChanged();

   void SendKerberosAuthenticationDetails();

   // Once a trusted set of policies is established, this function calls
   // the System-proxy dbus client to start/shutdown the daemon and, if
   // necessary, to configure the web proxy credentials for system services.
   void OnSystemProxySettingsPolicyChanged();

   // This function is called when the |WorkerActive| dbus signal is received.
   void OnWorkerActive(const system_proxy::WorkerActiveSignalDetails& details);

   // Requests from the NetworkService the user credentials associated with the
   // protection space specified in |details|. This function is called when the
   // |AuthenticationRequired| dbus signal is received.
   void OnAuthenticationRequired(
       const system_proxy::AuthenticationRequiredDetails& details);

   // Forwards the user credentials to System-proxy. |credentials| may be empty
   // indicating the credentials for the specified |protection_space| are not
   // available.
   void LookupProxyAuthCredentialsCallback(
       const system_proxy::ProtectionSpace& protection_space,
       const base::Optional<net::AuthCredentials>& credentials);

   chromeos::CrosSettings* cros_settings_;
   std::unique_ptr<chromeos::CrosSettings::ObserverSubscription>
       system_proxy_subscription_;

   bool system_proxy_enabled_ = false;
   // The authority URI in the format host:port of the local proxy worker for
   // system services.
   std::string system_services_address_;

   // Local state prefs, not owned.
   PrefService* local_state_ = nullptr;

   // Primary profile, not owned.
   Profile* primary_profile_ = nullptr;

   // Observer for Kerberos-related prefs.
   std::unique_ptr<PrefChangeRegistrar> local_state_pref_change_registrar_;
   std::unique_ptr<PrefChangeRegistrar> profile_pref_change_registrar_;

   base::WeakPtrFactory<SystemProxyManager> weak_factory_{this};
 };

 }  // namespace policy

 #endif  // CHROME_BROWSER_CHROMEOS_POLICY_SYSTEM_PROXY_MANAGER_H_
	// Copyright (c) 2020 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROME_BROWSER_CHROMEOS_POLICY_SYSTEM_PROXY_MANAGER_H_
	#define CHROME_BROWSER_CHROMEOS_POLICY_SYSTEM_PROXY_MANAGER_H_

	#include <memory>
	#include <string>

	#include "base/callback_forward.h"
	#include "base/gtest_prod_util.h"
	#include "base/memory/weak_ptr.h"
	#include "base/optional.h"
	#include "chrome/browser/chromeos/settings/cros_settings.h"
	#include "chromeos/dbus/system_proxy/system_proxy_service.pb.h"
	#include "net/base/auth.h"

	namespace system_proxy {
	class SetAuthenticationDetailsResponse;
	class ShutDownResponse;
	} // namespace system_proxy

	class PrefService;
	class PrefChangeRegistrar;
	class Profile;

	namespace policy {

	// This class observes the device setting \|SystemProxySettings\|, and controls
	// the availability of System-proxy service and the configuration of the web
	// proxy credentials for system services connecting through System-proxy. It
	// also listens for the \|WorkerActive\| dbus signal sent by the System-proxy
	// daemon and stores connection information regarding the active worker
	// processes.
	class SystemProxyManager {
	public:
	SystemProxyManager(chromeos::CrosSettings* cros_settings,
	PrefService* local_state);
	SystemProxyManager(const SystemProxyManager&) = delete;

	SystemProxyManager& operator=(const SystemProxyManager&) = delete;

	~SystemProxyManager();

	// If System-proxy is enabled by policy, it returns the URL of the local proxy
	// instance that authenticates system services, in PAC format, e.g.
	// PROXY localhost:3128
	// otherwise it returns an empty string.
	std::string SystemServicesProxyPacString() const;
	void StartObservingPrimaryProfilePrefs(Profile* profile);
	void StopObservingPrimaryProfilePrefs();
	// If System-proxy is enabled, it will send a request via D-Bus to clear the
	// user's proxy credentials cached by the local proxy workers. System-proxy
	// requests proxy credentials from the browser by sending an
	// \|AuthenticationRequired\| D-Bus signal.
	void ClearUserCredentials();

	void SetSystemProxyEnabledForTest(bool enabled);
	void SetSystemServicesProxyUrlForTest(const std::string& local_proxy_url);

	private:
	void OnSetAuthenticationDetails(
	const system_proxy::SetAuthenticationDetailsResponse& response);
	void OnDaemonShutDown(const system_proxy::ShutDownResponse& response);
	void OnClearUserCredentials(
	const system_proxy::ClearUserCredentialsResponse& response);

	void OnKerberosEnabledChanged();
	void OnKerberosAccountChanged();

	void SendKerberosAuthenticationDetails();

	// Once a trusted set of policies is established, this function calls
	// the System-proxy dbus client to start/shutdown the daemon and, if
	// necessary, to configure the web proxy credentials for system services.
	void OnSystemProxySettingsPolicyChanged();

	// This function is called when the \|WorkerActive\| dbus signal is received.
	void OnWorkerActive(const system_proxy::WorkerActiveSignalDetails& details);

	// Requests from the NetworkService the user credentials associated with the
	// protection space specified in \|details\|. This function is called when the
	// \|AuthenticationRequired\| dbus signal is received.
	void OnAuthenticationRequired(
	const system_proxy::AuthenticationRequiredDetails& details);

	// Forwards the user credentials to System-proxy. \|credentials\| may be empty
	// indicating the credentials for the specified \|protection_space\| are not
	// available.
	void LookupProxyAuthCredentialsCallback(
	const system_proxy::ProtectionSpace& protection_space,
	const base::Optional<net::AuthCredentials>& credentials);

	chromeos::CrosSettings* cros_settings_;
	std::unique_ptr<chromeos::CrosSettings::ObserverSubscription>
	system_proxy_subscription_;

	bool system_proxy_enabled_ = false;
	// The authority URI in the format host:port of the local proxy worker for
	// system services.
	std::string system_services_address_;

	// Local state prefs, not owned.
	PrefService* local_state_ = nullptr;

	// Primary profile, not owned.
	Profile* primary_profile_ = nullptr;

	// Observer for Kerberos-related prefs.
	std::unique_ptr<PrefChangeRegistrar> local_state_pref_change_registrar_;
	std::unique_ptr<PrefChangeRegistrar> profile_pref_change_registrar_;

	base::WeakPtrFactory<SystemProxyManager> weak_factory_{this};
	};

	} // namespace policy

	#endif // CHROME_BROWSER_CHROMEOS_POLICY_SYSTEM_PROXY_MANAGER_H_