File: network_configuration_updater.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (136 lines) | stat: -rw-r--r-- 5,429 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_POLICY_NETWORKING_NETWORK_CONFIGURATION_UPDATER_H_
#define CHROME_BROWSER_POLICY_NETWORKING_NETWORK_CONFIGURATION_UPDATER_H_

#include <memory>
#include <set>
#include <string>
#include <vector>

#include "base/memory/raw_ptr.h"
#include "base/observer_list.h"
#include "base/sequence_checker.h"
#include "base/values.h"
#include "chromeos/ash/components/network/policy_certificate_provider.h"
#include "chromeos/components/onc/certificate_scope.h"
#include "chromeos/components/onc/onc_parsed_certificates.h"
#include "components/onc/onc_constants.h"
#include "components/policy/core/common/policy_service.h"

namespace policy {

class PolicyMap;

// Implements the common part of tracking the OpenNetworkConfiguration device
// and user policy. Implements the handling of server and authority certificates
// (that will be propagated to the network service). Provides entry points for
// handling client certificates and network configurations in subclasses.
// Does not handle proxy settings.
class NetworkConfigurationUpdater : public ash::PolicyCertificateProvider,
                                    public PolicyService::Observer {
 public:
  NetworkConfigurationUpdater(const NetworkConfigurationUpdater&) = delete;
  NetworkConfigurationUpdater& operator=(const NetworkConfigurationUpdater&) =
      delete;

  ~NetworkConfigurationUpdater() override;

  // PolicyService::Observer overrides
  void OnPolicyUpdated(const PolicyNamespace& ns,
                       const PolicyMap& previous,
                       const PolicyMap& current) override;
  void OnPolicyServiceInitialized(PolicyDomain domain) override;

  // The observer interface sends notifications about changes in server and
  // authority certificates.
  // ash::PolicyCertificateProvider:
  void AddPolicyProvidedCertsObserver(
      ash::PolicyCertificateProvider::Observer* observer) override;
  void RemovePolicyProvidedCertsObserver(
      ash::PolicyCertificateProvider::Observer* observer) override;
  net::CertificateList GetAllServerAndAuthorityCertificates(
      const chromeos::onc::CertificateScope& scope) const override;
  net::CertificateList GetAllAuthorityCertificates(
      const chromeos::onc::CertificateScope& scope) const override;
  net::CertificateList GetWebTrustedCertificates(
      const chromeos::onc::CertificateScope& scope) const override;
  net::CertificateList GetCertificatesWithoutWebTrust(
      const chromeos::onc::CertificateScope& scope) const override;

  const std::set<std::string>& GetExtensionIdsWithPolicyCertificates()
      const override;

 protected:
  NetworkConfigurationUpdater(onc::ONCSource onc_source,
                              std::string policy_key,
                              PolicyService* policy_service);

  virtual void Init();

  // Called in the subclass to import client certificates provided by the ONC
  // policy. The client certificates to be imported can be obtained using
  // |GetClientcertificates()|.
  virtual void ImportClientCertificates() = 0;

  // Parses the incoming policy, applies server and authority certificates.
  // Calls the specialized methods from subclasses to handle client certificates
  // and network configs.
  virtual void ApplyNetworkPolicy(
      const base::Value::List& network_configs_onc,
      const base::Value::Dict& global_network_config) = 0;

  // Parses the current value of the ONC policy. Clears |network_configs|,
  // |global_network_config| and |certificates| and fills them with the
  // validated NetworkConfigurations, GlobalNetworkConfiguration and
  // Certificates of the current policy. Callers can pass nullptr to any of
  // |network_configs|, |global_network_config|, |certificates| if they don't
  // need that specific part of the ONC policy.
  void ParseCurrentPolicy(base::Value::List* network_configs,
                          base::Value::Dict* global_network_config,
                          base::Value::List* certificates);

  const std::vector<chromeos::onc::OncParsedCertificates::ClientCertificate>&
  GetClientCertificates() const;

  onc::ONCSource onc_source_;

  SEQUENCE_CHECKER(sequence_checker_);

 private:
  // Called if the ONC policy changed.
  void OnPolicyChanged(const base::Value* previous, const base::Value* current);

  // Apply the observed policy, i.e. both networks and certificates.
  void ApplyPolicy();

  std::string LogHeader() const;

  // Imports the certificates part of the policy.
  void ImportCertificates(base::Value::List certificates_onc);

  void NotifyPolicyProvidedCertsChanged();

  std::string policy_key_;

  // Used to register for notifications from the |policy_service_|.
  PolicyChangeRegistrar policy_change_registrar_;

  // Used to retrieve the policies.
  raw_ptr<PolicyService> policy_service_;

  // Holds certificates from the last parsed ONC policy.
  std::unique_ptr<chromeos::onc::OncParsedCertificates> certs_;
  std::set<std::string> extension_ids_with_policy_certificates_;

  // Observer list for notifying about ONC-provided server and CA certificate
  // changes.
  base::ObserverList<ash::PolicyCertificateProvider::Observer, true>::Unchecked
      observer_list_;
};

}  // namespace policy

#endif  // CHROME_BROWSER_POLICY_NETWORKING_NETWORK_CONFIGURATION_UPDATER_H_