blob: 32b6b5d2cbc762a916da49222d1b546fd33b0f84 [file] [log] [blame]
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROMEOS_POLICY_CERTIFICATE_PROVIDER_H_
#define CHROMEOS_POLICY_CERTIFICATE_PROVIDER_H_
#include <vector>
#include "base/macros.h"
#include "base/memory/ref_counted.h"
namespace net {
class X509Certificate;
using CertificateList = std::vector<scoped_refptr<X509Certificate>>;
} // namespace net
namespace chromeos {
// An interface for a class which makes server and authority certificates
// available from enterprise policy. Clients of this interface can register as
// |Observer|s to receive update notifications.
class PolicyCertificateProvider {
public:
virtual ~PolicyCertificateProvider() {}
class Observer {
public:
virtual ~Observer() = default;
// Is called every time the list of policy-set server and authority
// certificates changes.
virtual void OnPolicyProvidedCertsChanged(
const net::CertificateList& all_server_and_authority_certs,
const net::CertificateList& trust_anchors) = 0;
};
virtual void AddPolicyProvidedCertsObserver(Observer* observer) = 0;
virtual void RemovePolicyProvidedCertsObserver(Observer* observer) = 0;
// Returns all server and authority certificates successfully parsed from ONC,
// independent of their trust bits.
virtual net::CertificateList GetAllServerAndAuthorityCertificates() const = 0;
// Returns all authority certificates successfully parsed from ONC,
// independent of their trust bits.
virtual net::CertificateList GetAllAuthorityCertificates() const = 0;
// Returns the server and authority certificates which were successfully
// parsed from ONC and were granted web trust. This means that the
// certificates had the "Web" trust bit set, and this
// UserNetworkConfigurationUpdater instance was created with
// |allow_trusted_certs_from_policy| = true.
virtual net::CertificateList GetWebTrustedCertificates() const = 0;
// Returns the server and authority certificates which were successfully
// parsed from ONC and did not request or were not granted web trust.
// This is equivalent to calling |GetAllServerAndAuthorityCertificates| and
// then removing all certificates returned by |GetWebTrustedCertificates| from
// the result.
virtual net::CertificateList GetCertificatesWithoutWebTrust() const = 0;
};
} // namespace chromeos
#endif // CHROMEOS_POLICY_CERTIFICATE_PROVIDER_H_