Home | History | Annotate | Download | only in policy 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_
      6 #define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "base/basictypes.h"
     12 #include "base/compiler_specific.h"
     13 #include "base/memory/ref_counted.h"
     14 #include "base/memory/scoped_ptr.h"
     15 #include "base/memory/weak_ptr.h"
     16 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
     17 #include "components/keyed_service/core/keyed_service.h"
     18 
     19 namespace chromeos {
     20 class UserManager;
     21 }
     22 
     23 namespace net {
     24 class X509Certificate;
     25 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
     26 }
     27 
     28 namespace policy {
     29 
     30 class PolicyCertVerifier;
     31 
     32 // This service is the counterpart of PolicyCertVerifier on the UI thread. It's
     33 // responsible for pushing the current list of trust anchors to the CertVerifier
     34 // and marking the profile's prefs if any of the trust anchors was used.
     35 // Except for unit tests, PolicyCertVerifier should only be created through this
     36 // class.
     37 class PolicyCertService
     38     : public KeyedService,
     39       public UserNetworkConfigurationUpdater::WebTrustedCertsObserver {
     40  public:
     41   PolicyCertService(const std::string& user_id,
     42                     UserNetworkConfigurationUpdater* net_conf_updater,
     43                     chromeos::UserManager* user_manager);
     44   virtual ~PolicyCertService();
     45 
     46   // Creates an associated PolicyCertVerifier. The returned object must only be
     47   // used on the IO thread and must outlive this object.
     48   scoped_ptr<PolicyCertVerifier> CreatePolicyCertVerifier();
     49 
     50   // Returns true if the profile that owns this service has used certificates
     51   // installed via policy to establish a secure connection before. This means
     52   // that it may have cached content from an untrusted source.
     53   bool UsedPolicyCertificates() const;
     54 
     55   bool has_policy_certificates() const { return has_trust_anchors_; }
     56 
     57   // UserNetworkConfigurationUpdater::WebTrustedCertsObserver:
     58   virtual void OnTrustAnchorsChanged(const net::CertificateList& trust_anchors)
     59       OVERRIDE;
     60 
     61   // KeyedService:
     62   virtual void Shutdown() OVERRIDE;
     63 
     64   static scoped_ptr<PolicyCertService> CreateForTesting(
     65       const std::string& user_id,
     66       PolicyCertVerifier* verifier,
     67       chromeos::UserManager* user_manager);
     68 
     69  private:
     70   PolicyCertService(const std::string& user_id,
     71                     PolicyCertVerifier* verifier,
     72                     chromeos::UserManager* user_manager);
     73 
     74   PolicyCertVerifier* cert_verifier_;
     75   std::string user_id_;
     76   UserNetworkConfigurationUpdater* net_conf_updater_;
     77   chromeos::UserManager* user_manager_;
     78   bool has_trust_anchors_;
     79 
     80   // Weak pointers to handle callbacks from PolicyCertVerifier on the IO thread.
     81   // The factory and the created WeakPtrs must only be used on the UI thread.
     82   base::WeakPtrFactory<PolicyCertService> weak_ptr_factory_;
     83 
     84   DISALLOW_COPY_AND_ASSIGN(PolicyCertService);
     85 };
     86 
     87 }  // namespace policy
     88 
     89 #endif  // CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_
     90