Home | History | Annotate | Download | only in policy 
      1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_
      6 #define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_
      7 
      8 #include <vector>
      9 
     10 #include "base/basictypes.h"
     11 #include "base/callback.h"
     12 #include "base/compiler_specific.h"
     13 #include "base/memory/ref_counted.h"
     14 #include "base/memory/scoped_ptr.h"
     15 #include "net/base/completion_callback.h"
     16 #include "net/cert/cert_trust_anchor_provider.h"
     17 #include "net/cert/cert_verifier.h"
     18 
     19 namespace net {
     20 class CertVerifyResult;
     21 class X509Certificate;
     22 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
     23 }
     24 
     25 namespace policy {
     26 
     27 // Wraps a MultiThreadedCertVerifier to make it use the additional trust anchors
     28 // configured by the ONC user policy.
     29 class PolicyCertVerifier : public net::CertVerifier,
     30                            public net::CertTrustAnchorProvider {
     31  public:
     32   // Except for tests, PolicyCertVerifier should only be created by
     33   // PolicyCertService, which is the counterpart of this class on the UI thread.
     34   // Except of the constructor, all methods and the destructor must be called on
     35   // the IO thread. Calls |anchor_used_callback| on the IO thread everytime a
     36   // certificate from the additional trust anchors (set with SetTrustAnchors) is
     37   // used.
     38   explicit PolicyCertVerifier(const base::Closure& anchor_used_callback);
     39   virtual ~PolicyCertVerifier();
     40 
     41   void InitializeOnIOThread();
     42 
     43   // Sets the additional trust anchors.
     44   void SetTrustAnchors(const net::CertificateList& trust_anchors);
     45 
     46   // CertVerifier:
     47   // Note: |callback| can be null.
     48   virtual int Verify(net::X509Certificate* cert,
     49                      const std::string& hostname,
     50                      int flags,
     51                      net::CRLSet* crl_set,
     52                      net::CertVerifyResult* verify_result,
     53                      const net::CompletionCallback& callback,
     54                      RequestHandle* out_req,
     55                      const net::BoundNetLog& net_log) OVERRIDE;
     56 
     57   virtual void CancelRequest(RequestHandle req) OVERRIDE;
     58 
     59   // CertTrustAnchorProvider:
     60   virtual const net::CertificateList& GetAdditionalTrustAnchors() OVERRIDE;
     61 
     62  private:
     63   net::CertificateList trust_anchors_;
     64   base::Closure anchor_used_callback_;
     65   scoped_ptr<CertVerifier> delegate_;
     66 
     67   DISALLOW_COPY_AND_ASSIGN(PolicyCertVerifier);
     68 };
     69 
     70 }  // namespace policy
     71 
     72 #endif  // CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_VERIFIER_H_
     73