Elim cr-checkbox
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / user_network_configuration_updater.cc
blob3221bf1074be2be57df59f2d4b2506e6e9023020
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
7 #include "base/bind.h"
8 #include "base/bind_helpers.h"
9 #include "base/logging.h"
10 #include "base/values.h"
11 #include "chrome/browser/chrome_notification_types.h"
12 #include "chrome/browser/chromeos/net/onc_utils.h"
13 #include "chrome/browser/net/nss_context.h"
14 #include "chrome/browser/profiles/profile.h"
15 #include "chromeos/network/managed_network_configuration_handler.h"
16 #include "chromeos/network/onc/onc_certificate_importer_impl.h"
17 #include "components/user_manager/user.h"
18 #include "content/public/browser/browser_thread.h"
19 #include "content/public/browser/notification_source.h"
20 #include "net/cert/x509_certificate.h"
21 #include "policy/policy_constants.h"
23 namespace policy {
25 UserNetworkConfigurationUpdater::~UserNetworkConfigurationUpdater() {}
27 // static
28 scoped_ptr<UserNetworkConfigurationUpdater>
29 UserNetworkConfigurationUpdater::CreateForUserPolicy(
30 Profile* profile,
31 bool allow_trusted_certs_from_policy,
32 const user_manager::User& user,
33 PolicyService* policy_service,
34 chromeos::ManagedNetworkConfigurationHandler* network_config_handler) {
35 scoped_ptr<UserNetworkConfigurationUpdater> updater(
36 new UserNetworkConfigurationUpdater(profile,
37 allow_trusted_certs_from_policy,
38 user,
39 policy_service,
40 network_config_handler));
41 updater->Init();
42 return updater.Pass();
45 void UserNetworkConfigurationUpdater::AddTrustedCertsObserver(
46 WebTrustedCertsObserver* observer) {
47 observer_list_.AddObserver(observer);
50 void UserNetworkConfigurationUpdater::RemoveTrustedCertsObserver(
51 WebTrustedCertsObserver* observer) {
52 observer_list_.RemoveObserver(observer);
55 UserNetworkConfigurationUpdater::UserNetworkConfigurationUpdater(
56 Profile* profile,
57 bool allow_trusted_certs_from_policy,
58 const user_manager::User& user,
59 PolicyService* policy_service,
60 chromeos::ManagedNetworkConfigurationHandler* network_config_handler)
61 : NetworkConfigurationUpdater(onc::ONC_SOURCE_USER_POLICY,
62 key::kOpenNetworkConfiguration,
63 policy_service,
64 network_config_handler),
65 allow_trusted_certificates_from_policy_(allow_trusted_certs_from_policy),
66 user_(&user),
67 weak_factory_(this) {
68 // The updater is created with |certificate_importer_| unset and is
69 // responsible for creating it. This requires |GetNSSCertDatabaseForProfile|
70 // call, which is not safe before the profile initialization is finalized.
71 // Thus, listen for PROFILE_ADDED notification, on which |cert_importer_|
72 // creation should start.
73 registrar_.Add(this,
74 chrome::NOTIFICATION_PROFILE_ADDED,
75 content::Source<Profile>(profile));
78 void UserNetworkConfigurationUpdater::SetCertificateImporterForTest(
79 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer) {
80 SetCertificateImporter(certificate_importer.Pass());
83 void UserNetworkConfigurationUpdater::GetWebTrustedCertificates(
84 net::CertificateList* certs) const {
85 *certs = web_trust_certs_;
88 void UserNetworkConfigurationUpdater::OnCertificatesImported(
89 bool /* unused success */,
90 const net::CertificateList& onc_trusted_certificates) {
91 web_trust_certs_.clear();
92 if (allow_trusted_certificates_from_policy_)
93 web_trust_certs_ = onc_trusted_certificates;
94 NotifyTrustAnchorsChanged();
97 void UserNetworkConfigurationUpdater::ImportCertificates(
98 const base::ListValue& certificates_onc) {
99 // If certificate importer is not yet set, cache the certificate onc. It will
100 // be imported when the certificate importer gets set.
101 if (!certificate_importer_) {
102 pending_certificates_onc_.reset(certificates_onc.DeepCopy());
103 return;
106 certificate_importer_->ImportCertificates(
107 certificates_onc,
108 onc_source_,
109 base::Bind(&UserNetworkConfigurationUpdater::OnCertificatesImported,
110 base::Unretained(this)));
113 void UserNetworkConfigurationUpdater::ApplyNetworkPolicy(
114 base::ListValue* network_configs_onc,
115 base::DictionaryValue* global_network_config) {
116 DCHECK(user_);
117 chromeos::onc::ExpandStringPlaceholdersInNetworksForUser(user_,
118 network_configs_onc);
119 network_config_handler_->SetPolicy(onc_source_,
120 user_->username_hash(),
121 *network_configs_onc,
122 *global_network_config);
125 void UserNetworkConfigurationUpdater::Observe(
126 int type,
127 const content::NotificationSource& source,
128 const content::NotificationDetails& details) {
129 DCHECK_EQ(type, chrome::NOTIFICATION_PROFILE_ADDED);
130 Profile* profile = content::Source<Profile>(source).ptr();
132 GetNSSCertDatabaseForProfile(
133 profile,
134 base::Bind(
135 &UserNetworkConfigurationUpdater::CreateAndSetCertificateImporter,
136 weak_factory_.GetWeakPtr()));
139 void UserNetworkConfigurationUpdater::CreateAndSetCertificateImporter(
140 net::NSSCertDatabase* database) {
141 DCHECK(database);
142 SetCertificateImporter(scoped_ptr<chromeos::onc::CertificateImporter>(
143 new chromeos::onc::CertificateImporterImpl(
144 content::BrowserThread::GetMessageLoopProxyForThread(
145 content::BrowserThread::IO),
146 database)));
149 void UserNetworkConfigurationUpdater::SetCertificateImporter(
150 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer) {
151 certificate_importer_ = certificate_importer.Pass();
153 if (pending_certificates_onc_)
154 ImportCertificates(*pending_certificates_onc_);
155 pending_certificates_onc_.reset();
158 void UserNetworkConfigurationUpdater::NotifyTrustAnchorsChanged() {
159 FOR_EACH_OBSERVER(WebTrustedCertsObserver,
160 observer_list_,
161 OnTrustAnchorsChanged(web_trust_certs_));
164 } // namespace policy