diff options
author | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-08-13 15:30:04 +0000 |
---|---|---|
committer | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-08-13 15:30:04 +0000 |
commit | 72b3a7eea94e94507e8ae7398082e9ffe1cd620f (patch) | |
tree | e67f659eade2654e5137037dc4403b01dd6e1949 /chromeos/network/client_cert_resolver.h | |
parent | 514a497e58caebaca362a42a76d174c593ad00c8 (diff) | |
download | chromium_src-72b3a7eea94e94507e8ae7398082e9ffe1cd620f.zip chromium_src-72b3a7eea94e94507e8ae7398082e9ffe1cd620f.tar.gz chromium_src-72b3a7eea94e94507e8ae7398082e9ffe1cd620f.tar.bz2 |
Automatically resolve ClientCertificatePatterns.
This adds a new ClientCertResolver to chromeos/network, which automatically resolves ClientCertificatePatterns and writes the cert id of the matching certificate to Shill.
This should fix several issues like updating client certs and auto-connect immediately after installing EAP networks from policy.
It's required for Ethernet EAP policies where the current pattern matching on each manual connect isn't sufficient.
BUG=234983, 126870
Review URL: https://chromiumcodereview.appspot.com/22327005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@217257 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chromeos/network/client_cert_resolver.h')
-rw-r--r-- | chromeos/network/client_cert_resolver.h | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/chromeos/network/client_cert_resolver.h b/chromeos/network/client_cert_resolver.h new file mode 100644 index 0000000..a1be963 --- /dev/null +++ b/chromeos/network/client_cert_resolver.h @@ -0,0 +1,92 @@ +// Copyright 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_ +#define CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_ + +#include <string> +#include <vector> + +#include "base/basictypes.h" +#include "base/memory/ref_counted.h" +#include "base/memory/scoped_ptr.h" +#include "base/memory/weak_ptr.h" +#include "chromeos/cert_loader.h" +#include "chromeos/chromeos_export.h" +#include "chromeos/network/network_policy_observer.h" +#include "chromeos/network/network_state_handler_observer.h" + +namespace base { +class TaskRunner; +} + +namespace chromeos { + +class NetworkState; +class NetworkStateHandler; +class ManagedNetworkConfigurationHandler; + +// Observes the known networks. If a network is configured with a client +// certificate pattern, this class searches for a matching client certificate. +// Each time it finds a match, it configures the network accordingly. +class CHROMEOS_EXPORT ClientCertResolver : public NetworkStateHandlerObserver, + public CertLoader::Observer, + public NetworkPolicyObserver { + public: + struct NetworkAndMatchingCert; + + ClientCertResolver(); + virtual ~ClientCertResolver(); + + void Init(NetworkStateHandler* network_state_handler, + ManagedNetworkConfigurationHandler* managed_network_config_handler); + + // Sets the task runner that any slow calls will be made from, e.g. calls + // to the NSS database. If not set, uses base::WorkerPool. + void SetSlowTaskRunnerForTest( + const scoped_refptr<base::TaskRunner>& task_runner); + + private: + typedef std::vector<const NetworkState*> NetworkStateList; + + // NetworkStateHandlerObserver overrides + virtual void NetworkListChanged() OVERRIDE; + + // CertLoader::Observer overrides + virtual void OnCertificatesLoaded(const net::CertificateList& cert_list, + bool initial_load) OVERRIDE; + + // NetworkPolicyObserver overrides + virtual void PolicyApplied(const std::string& service_path) OVERRIDE; + + // Check which networks of |networks| are configured with a client certificate + // pattern. Search for certificates, on the worker thread, and configure the + // networks for which a matching cert is found (see ConfigureCertificates). + void ResolveNetworks(const NetworkStateList& networks); + + // |matches| contains networks for which a matching certificate was found. + // Configures these networks. + void ConfigureCertificates(std::vector<NetworkAndMatchingCert>* matches); + + // The set of networks that were checked/resolved in previous passes. These + // networks are skipped in the NetworkListChanged notification. + std::set<std::string> resolved_networks_; + + // Unowned associated (global or test) instance. + NetworkStateHandler* network_state_handler_; + + // Unowned associated (global or test) instance. + ManagedNetworkConfigurationHandler* managed_network_config_handler_; + + // TaskRunner for slow tasks. + scoped_refptr<base::TaskRunner> slow_task_runner_for_test_; + + base::WeakPtrFactory<ClientCertResolver> weak_ptr_factory_; + + DISALLOW_COPY_AND_ASSIGN(ClientCertResolver); +}; + +} // namespace chromeos + +#endif // CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_ |