1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131
|
// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_POLICY_NETWORKING_USER_NETWORK_CONFIGURATION_UPDATER_ASH_H_
#define CHROME_BROWSER_POLICY_NETWORKING_USER_NETWORK_CONFIGURATION_UPDATER_ASH_H_
#include <memory>
#include <vector>
#include "base/memory/raw_ptr.h"
#include "base/memory/scoped_refptr.h"
#include "base/memory/weak_ptr.h"
#include "base/scoped_observation.h"
#include "chrome/browser/policy/networking/user_network_configuration_updater.h"
#include "chrome/browser/profiles/profile_observer.h"
#include "net/cert/scoped_nss_types.h"
class Profile;
namespace ash {
class ManagedNetworkConfigurationHandler;
namespace onc {
class CertificateImporter;
} // namespace onc
} // namespace ash
namespace base {
class Value;
}
namespace user_manager {
class User;
}
namespace net {
class NSSCertDatabase;
class X509Certificate;
typedef std::vector<scoped_refptr<X509Certificate>> CertificateList;
} // namespace net
namespace policy {
class PolicyMap;
class PolicyService;
// Implements additional special handling of ONC user policies. Namely string
// expansion with the user's name (or email address, etc.) and handling of "Web"
// trust of certificates.
class UserNetworkConfigurationUpdaterAsh
: public UserNetworkConfigurationUpdater,
public ProfileObserver {
public:
UserNetworkConfigurationUpdaterAsh(
const UserNetworkConfigurationUpdaterAsh&) = delete;
UserNetworkConfigurationUpdaterAsh& operator=(
const UserNetworkConfigurationUpdaterAsh&) = delete;
~UserNetworkConfigurationUpdaterAsh() override;
void Shutdown() override;
// Creates an updater that applies the ONC user policy from |policy_service|
// for user |user| once the policy service is completely initialized and on
// each policy change. A reference to |user| is stored. It must outlive the
// returned updater.
static std::unique_ptr<UserNetworkConfigurationUpdaterAsh>
CreateForUserPolicy(
Profile* profile,
const user_manager::User& user,
PolicyService* policy_service,
ash::ManagedNetworkConfigurationHandler* network_config_handler);
// Helper method to expose |SetClientCertificateImporter| for usage in tests.
// Note that the CertificateImporter is only used for importing client
// certificates.
void SetClientCertificateImporterForTest(
std::unique_ptr<ash::onc::CertificateImporter> certificate_importer);
// Determines if |policy_map| contains a OpenNetworkConfiguration policy that
// mandates that at least one additional certificate should be used and
// assigned 'Web' trust.
static bool PolicyHasWebTrustedAuthorityCertificate(
const PolicyMap& policy_map);
private:
class CrosTrustAnchorProvider;
UserNetworkConfigurationUpdaterAsh(
Profile* profile,
const user_manager::User& user,
PolicyService* policy_service,
ash::ManagedNetworkConfigurationHandler* network_config_handler);
// NetworkConfigurationUpdater:
void ImportClientCertificates() override;
void ApplyNetworkPolicy(
const base::Value::List& network_configs_onc,
const base::Value::Dict& global_network_config) override;
// ProfileObserver implementation
void OnProfileInitializationComplete(Profile* profile) override;
// Creates onc::CertImporter with |database| and passes it to
// |SetClientCertificateImporter|.
void CreateAndSetClientCertificateImporter(net::NSSCertDatabase* database);
// Sets the certificate importer that should be used to import certificate
// policies. If there is |pending_certificates_onc_|, it gets imported.
void SetClientCertificateImporter(
std::unique_ptr<ash::onc::CertificateImporter> certificate_importer);
// The user for whom the user policy will be applied.
const raw_ptr<const user_manager::User> user_;
// Pointer to the global singleton or a test instance.
const raw_ptr<ash::ManagedNetworkConfigurationHandler>
network_config_handler_;
// Certificate importer to be used for importing policy defined client
// certificates. Set by |SetClientCertificateImporter|.
std::unique_ptr<ash::onc::CertificateImporter> client_certificate_importer_;
base::ScopedObservation<Profile, ProfileObserver> profile_observation_{this};
base::WeakPtrFactory<UserNetworkConfigurationUpdaterAsh> weak_factory_{this};
};
} // namespace policy
#endif // CHROME_BROWSER_POLICY_NETWORKING_USER_NETWORK_CONFIGURATION_UPDATER_ASH_H_
|