1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/chromeos/policy/network_configuration_updater.h" 6 #include "chromeos/network/onc/onc_constants.h" 7 #include "content/public/browser/browser_thread.h" 8 #include "net/cert/cert_trust_anchor_provider.h" 9 10 using content::BrowserThread; 11 12 namespace policy { 13 14 namespace { 15 16 // A simple implementation of net::CertTrustAnchorProvider that returns a list 17 // of certificates that can be set by the owner of this object. 18 class CrosTrustAnchorProvider : public net::CertTrustAnchorProvider { 19 public: 20 CrosTrustAnchorProvider() 21 : trust_anchors_(new net::CertificateList) { 22 } 23 24 virtual ~CrosTrustAnchorProvider() { 25 } 26 27 // CertTrustAnchorProvider overrides. 28 virtual const net::CertificateList& GetAdditionalTrustAnchors() OVERRIDE { 29 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); 30 return *trust_anchors_; 31 } 32 33 void SetTrustAnchors(scoped_ptr<net::CertificateList> trust_anchors) { 34 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); 35 trust_anchors_ = trust_anchors.Pass(); 36 } 37 38 private: 39 scoped_ptr<net::CertificateList> trust_anchors_; 40 41 DISALLOW_COPY_AND_ASSIGN(CrosTrustAnchorProvider); 42 }; 43 44 } // namespace 45 46 NetworkConfigurationUpdater::NetworkConfigurationUpdater() 47 : allow_trusted_certificates_from_policy_(false), 48 cert_trust_provider_(new CrosTrustAnchorProvider()) { 49 } 50 51 NetworkConfigurationUpdater::~NetworkConfigurationUpdater() { 52 bool posted = BrowserThread::DeleteSoon( 53 BrowserThread::IO, FROM_HERE, cert_trust_provider_); 54 if (!posted) 55 delete cert_trust_provider_; 56 } 57 58 net::CertTrustAnchorProvider* 59 NetworkConfigurationUpdater::GetCertTrustAnchorProvider() { 60 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); 61 return cert_trust_provider_; 62 } 63 64 void NetworkConfigurationUpdater::SetAllowTrustedCertsFromPolicy() { 65 allow_trusted_certificates_from_policy_ = true; 66 } 67 68 void NetworkConfigurationUpdater::SetTrustAnchors( 69 scoped_ptr<net::CertificateList> web_trust_certs) { 70 if (allow_trusted_certificates_from_policy_) { 71 BrowserThread::PostTask( 72 BrowserThread::IO, FROM_HERE, 73 base::Bind(&CrosTrustAnchorProvider::SetTrustAnchors, 74 base::Unretained(static_cast<CrosTrustAnchorProvider*>( 75 cert_trust_provider_)), 76 base::Passed(&web_trust_certs))); 77 } 78 } 79 80 } // namespace policy 81