1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_ 6 #define CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_ 7 8 #include <vector> 9 10 #include "base/basictypes.h" 11 #include "base/compiler_specific.h" 12 #include "base/memory/ref_counted.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "base/memory/weak_ptr.h" 15 #include "base/observer_list.h" 16 #include "chrome/browser/chromeos/policy/network_configuration_updater.h" 17 #include "components/keyed_service/core/keyed_service.h" 18 #include "content/public/browser/notification_observer.h" 19 #include "content/public/browser/notification_registrar.h" 20 21 class Profile; 22 23 namespace base { 24 class ListValue; 25 } 26 27 namespace user_manager { 28 class User; 29 } 30 31 namespace chromeos { 32 33 namespace onc { 34 class CertificateImporter; 35 } 36 } 37 38 namespace net { 39 class NSSCertDatabase; 40 class X509Certificate; 41 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; 42 } 43 44 namespace policy { 45 46 class PolicyService; 47 48 // Implements additional special handling of ONC user policies. Namely string 49 // expansion with the user's name (or email address, etc.) and handling of "Web" 50 // trust of certificates. 51 class UserNetworkConfigurationUpdater : public NetworkConfigurationUpdater, 52 public KeyedService, 53 public content::NotificationObserver { 54 public: 55 class WebTrustedCertsObserver { 56 public: 57 // Is called everytime the list of imported certificates with Web trust is 58 // changed. 59 virtual void OnTrustAnchorsChanged( 60 const net::CertificateList& trust_anchors) = 0; 61 }; 62 63 virtual ~UserNetworkConfigurationUpdater(); 64 65 // Creates an updater that applies the ONC user policy from |policy_service| 66 // for user |user| once the policy service is completely initialized and on 67 // each policy change. Imported certificates, that request it, are only 68 // granted Web trust if |allow_trusted_certs_from_policy| is true. A reference 69 // to |user| is stored. It must outlive the returned updater. 70 static scoped_ptr<UserNetworkConfigurationUpdater> CreateForUserPolicy( 71 Profile* profile, 72 bool allow_trusted_certs_from_policy, 73 const user_manager::User& user, 74 PolicyService* policy_service, 75 chromeos::ManagedNetworkConfigurationHandler* network_config_handler); 76 77 void AddTrustedCertsObserver(WebTrustedCertsObserver* observer); 78 void RemoveTrustedCertsObserver(WebTrustedCertsObserver* observer); 79 80 // Sets |certs| to the list of Web trusted server and CA certificates from the 81 // last received policy. 82 void GetWebTrustedCertificates(net::CertificateList* certs) const; 83 84 // Helper method to expose |SetCertificateImporter| for usage in tests. 85 void SetCertificateImporterForTest( 86 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer); 87 88 private: 89 class CrosTrustAnchorProvider; 90 91 UserNetworkConfigurationUpdater( 92 Profile* profile, 93 bool allow_trusted_certs_from_policy, 94 const user_manager::User& user, 95 PolicyService* policy_service, 96 chromeos::ManagedNetworkConfigurationHandler* network_config_handler); 97 98 // Called by the CertificateImporter when an import finished. 99 void OnCertificatesImported( 100 bool success, 101 const net::CertificateList& onc_trusted_certificates); 102 103 // NetworkConfigurationUpdater: 104 virtual void ImportCertificates( 105 const base::ListValue& certificates_onc) OVERRIDE; 106 virtual void ApplyNetworkPolicy( 107 base::ListValue* network_configs_onc, 108 base::DictionaryValue* global_network_config) OVERRIDE; 109 110 // content::NotificationObserver implementation. Observes the profile to which 111 // |this| belongs to for PROFILE_ADDED notification. 112 virtual void Observe(int type, 113 const content::NotificationSource& source, 114 const content::NotificationDetails& details) OVERRIDE; 115 116 // Creates onc::CertImporter with |database| and passes it to 117 // |SetCertificateImporter|. 118 void CreateAndSetCertificateImporter(net::NSSCertDatabase* database); 119 120 // Sets the certificate importer that should be used to import certificate 121 // policies. If there is |pending_certificates_onc_|, it gets imported. 122 void SetCertificateImporter( 123 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer); 124 125 void NotifyTrustAnchorsChanged(); 126 127 // Whether Web trust is allowed or not. 128 bool allow_trusted_certificates_from_policy_; 129 130 // The user for whom the user policy will be applied. 131 const user_manager::User* user_; 132 133 ObserverList<WebTrustedCertsObserver, true> observer_list_; 134 135 // Contains the certificates of the last import that requested web trust. Must 136 // be empty if Web trust from policy is not allowed. 137 net::CertificateList web_trust_certs_; 138 139 // If |ImportCertificates| is called before |SetCertificateImporter|, gets set 140 // to a copy of the policy for which the import was requested. 141 // The policy will be processed when the certificate importer is set. 142 scoped_ptr<base::ListValue> pending_certificates_onc_; 143 144 // Certificate importer to be used for importing policy defined certificates. 145 // Set by |SetCertificateImporter|. 146 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer_; 147 148 content::NotificationRegistrar registrar_; 149 150 base::WeakPtrFactory<UserNetworkConfigurationUpdater> weak_factory_; 151 152 DISALLOW_COPY_AND_ASSIGN(UserNetworkConfigurationUpdater); 153 }; 154 155 } // namespace policy 156 157 #endif // CHROME_BROWSER_CHROMEOS_POLICY_USER_NETWORK_CONFIGURATION_UPDATER_H_ 158
