1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_ 6 #define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "base/basictypes.h" 12 #include "base/compiler_specific.h" 13 #include "base/memory/ref_counted.h" 14 #include "base/memory/scoped_ptr.h" 15 #include "base/memory/weak_ptr.h" 16 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" 17 #include "components/browser_context_keyed_service/browser_context_keyed_service.h" 18 19 namespace chromeos { 20 class UserManager; 21 } 22 23 namespace net { 24 class X509Certificate; 25 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; 26 } 27 28 namespace policy { 29 30 class PolicyCertVerifier; 31 32 // This service is the counterpart of PolicyCertVerifier on the UI thread. It's 33 // responsible for pushing the current list of trust anchors to the CertVerifier 34 // and marking the profile's prefs if any of the trust anchors was used. 35 // Except for unit tests, PolicyCertVerifier should only be created through this 36 // class. 37 class PolicyCertService 38 : public BrowserContextKeyedService, 39 public UserNetworkConfigurationUpdater::WebTrustedCertsObserver { 40 public: 41 PolicyCertService(const std::string& user_id, 42 UserNetworkConfigurationUpdater* net_conf_updater, 43 chromeos::UserManager* user_manager); 44 virtual ~PolicyCertService(); 45 46 // Creates an associated PolicyCertVerifier. The returned object must only be 47 // used on the IO thread and must outlive this object. 48 scoped_ptr<PolicyCertVerifier> CreatePolicyCertVerifier(); 49 50 // Returns true if the profile that owns this service has used certificates 51 // installed via policy to establish a secure connection before. This means 52 // that it may have cached content from an untrusted source. 53 bool UsedPolicyCertificates() const; 54 has_policy_certificates()55 bool has_policy_certificates() const { return has_trust_anchors_; } 56 57 // UserNetworkConfigurationUpdater::WebTrustedCertsObserver: 58 virtual void OnTrustAnchorsChanged(const net::CertificateList& trust_anchors) 59 OVERRIDE; 60 61 // BrowserContextKeyedService: 62 virtual void Shutdown() OVERRIDE; 63 64 static scoped_ptr<PolicyCertService> CreateForTesting( 65 const std::string& user_id, 66 PolicyCertVerifier* verifier, 67 chromeos::UserManager* user_manager); 68 69 private: 70 PolicyCertService(const std::string& user_id, 71 PolicyCertVerifier* verifier, 72 chromeos::UserManager* user_manager); 73 74 PolicyCertVerifier* cert_verifier_; 75 std::string user_id_; 76 UserNetworkConfigurationUpdater* net_conf_updater_; 77 chromeos::UserManager* user_manager_; 78 bool has_trust_anchors_; 79 80 // Weak pointers to handle callbacks from PolicyCertVerifier on the IO thread. 81 // The factory and the created WeakPtrs must only be used on the UI thread. 82 base::WeakPtrFactory<PolicyCertService> weak_ptr_factory_; 83 84 DISALLOW_COPY_AND_ASSIGN(PolicyCertService); 85 }; 86 87 } // namespace policy 88 89 #endif // CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_ 90