• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_
6 #define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_
7 
8 #include <string>
9 #include <vector>
10 
11 #include "base/basictypes.h"
12 #include "base/compiler_specific.h"
13 #include "base/memory/ref_counted.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "base/memory/weak_ptr.h"
16 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
17 #include "components/browser_context_keyed_service/browser_context_keyed_service.h"
18 
19 namespace chromeos {
20 class UserManager;
21 }
22 
23 namespace net {
24 class X509Certificate;
25 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
26 }
27 
28 namespace policy {
29 
30 class PolicyCertVerifier;
31 
32 // This service is the counterpart of PolicyCertVerifier on the UI thread. It's
33 // responsible for pushing the current list of trust anchors to the CertVerifier
34 // and marking the profile's prefs if any of the trust anchors was used.
35 // Except for unit tests, PolicyCertVerifier should only be created through this
36 // class.
37 class PolicyCertService
38     : public BrowserContextKeyedService,
39       public UserNetworkConfigurationUpdater::WebTrustedCertsObserver {
40  public:
41   PolicyCertService(const std::string& user_id,
42                     UserNetworkConfigurationUpdater* net_conf_updater,
43                     chromeos::UserManager* user_manager);
44   virtual ~PolicyCertService();
45 
46   // Creates an associated PolicyCertVerifier. The returned object must only be
47   // used on the IO thread and must outlive this object.
48   scoped_ptr<PolicyCertVerifier> CreatePolicyCertVerifier();
49 
50   // Returns true if the profile that owns this service has used certificates
51   // installed via policy to establish a secure connection before. This means
52   // that it may have cached content from an untrusted source.
53   bool UsedPolicyCertificates() const;
54 
has_policy_certificates()55   bool has_policy_certificates() const { return has_trust_anchors_; }
56 
57   // UserNetworkConfigurationUpdater::WebTrustedCertsObserver:
58   virtual void OnTrustAnchorsChanged(const net::CertificateList& trust_anchors)
59       OVERRIDE;
60 
61   // BrowserContextKeyedService:
62   virtual void Shutdown() OVERRIDE;
63 
64   static scoped_ptr<PolicyCertService> CreateForTesting(
65       const std::string& user_id,
66       PolicyCertVerifier* verifier,
67       chromeos::UserManager* user_manager);
68 
69  private:
70   PolicyCertService(const std::string& user_id,
71                     PolicyCertVerifier* verifier,
72                     chromeos::UserManager* user_manager);
73 
74   PolicyCertVerifier* cert_verifier_;
75   std::string user_id_;
76   UserNetworkConfigurationUpdater* net_conf_updater_;
77   chromeos::UserManager* user_manager_;
78   bool has_trust_anchors_;
79 
80   // Weak pointers to handle callbacks from PolicyCertVerifier on the IO thread.
81   // The factory and the created WeakPtrs must only be used on the UI thread.
82   base::WeakPtrFactory<PolicyCertService> weak_ptr_factory_;
83 
84   DISALLOW_COPY_AND_ASSIGN(PolicyCertService);
85 };
86 
87 }  // namespace policy
88 
89 #endif  // CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_
90