chrome/browser/chromeos/policy/policy_cert_service.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_
   6 #define CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/basictypes.h"
  12 #include "base/compiler_specific.h"
  13 #include "base/memory/ref_counted.h"
  14 #include "base/memory/scoped_ptr.h"
  15 #include "base/memory/weak_ptr.h"
  16 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
  17 #include "components/keyed_service/core/keyed_service.h"
  18
  19 namespace user_manager {
  20 class UserManager;
  21 }
  22
  23 namespace net {
  24 class X509Certificate;
  25 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
  26 }
  27
  28 namespace policy {
  29
  30 class PolicyCertVerifier;
  31
  32 // This service is the counterpart of PolicyCertVerifier on the UI thread. It's
  33 // responsible for pushing the current list of trust anchors to the CertVerifier
  34 // and marking the profile's prefs if any of the trust anchors was used.
  35 // Except for unit tests, PolicyCertVerifier should only be created through this
  36 // class.
  37 class PolicyCertService
  38     : public KeyedService,
  39       public UserNetworkConfigurationUpdater::WebTrustedCertsObserver {
  40  public:
  41   PolicyCertService(const std::string& user_id,
  42                     UserNetworkConfigurationUpdater* net_conf_updater,
  43                     user_manager::UserManager* user_manager);
  44   ~PolicyCertService() override;
  45
  46   // Creates an associated PolicyCertVerifier. The returned object must only be
  47   // used on the IO thread and must outlive this object.
  48   scoped_ptr<PolicyCertVerifier> CreatePolicyCertVerifier();
  49
  50   // Returns true if the profile that owns this service has used certificates
  51   // installed via policy to establish a secure connection before. This means
  52   // that it may have cached content from an untrusted source.
  53   bool UsedPolicyCertificates() const;
  54
  55   bool has_policy_certificates() const { return has_trust_anchors_; }
  56
  57   // UserNetworkConfigurationUpdater::WebTrustedCertsObserver:
  58   void OnTrustAnchorsChanged(
  59       const net::CertificateList& trust_anchors) override;
  60
  61   // KeyedService:
  62   void Shutdown() override;
  63
  64   static scoped_ptr<PolicyCertService> CreateForTesting(
  65       const std::string& user_id,
  66       PolicyCertVerifier* verifier,
  67       user_manager::UserManager* user_manager);
  68
  69  private:
  70   PolicyCertService(const std::string& user_id,
  71                     PolicyCertVerifier* verifier,
  72                     user_manager::UserManager* user_manager);
  73
  74   PolicyCertVerifier* cert_verifier_;
  75   std::string user_id_;
  76   UserNetworkConfigurationUpdater* net_conf_updater_;
  77   user_manager::UserManager* user_manager_;
  78   bool has_trust_anchors_;
  79
  80   // Weak pointers to handle callbacks from PolicyCertVerifier on the IO thread.
  81   // The factory and the created WeakPtrs must only be used on the UI thread.
  82   base::WeakPtrFactory<PolicyCertService> weak_ptr_factory_;
  83
  84   DISALLOW_COPY_AND_ASSIGN(PolicyCertService);
  85 };
  86
  87 }  // namespace policy
  88
  89 #endif  // CHROME_BROWSER_CHROMEOS_POLICY_POLICY_CERT_SERVICE_H_