// Copyright (c) 2013 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef CHROME_BROWSER_POLICY_PROFILE_POLICY_CONNECTOR_H_ #define CHROME_BROWSER_POLICY_PROFILE_POLICY_CONNECTOR_H_ #include #include #include "base/basictypes.h" #include "base/callback.h" #include "base/memory/ref_counted.h" #include "base/memory/scoped_ptr.h" #include "base/memory/weak_ptr.h" #include "components/browser_context_keyed_service/browser_context_keyed_service.h" #if defined(OS_CHROMEOS) #include "chromeos/dbus/dbus_method_call_status.h" #endif class Profile; namespace base { class SequencedTaskRunner; } namespace net { class CertTrustAnchorProvider; } namespace net { class X509Certificate; typedef std::vector > CertificateList; } namespace policy { class ConfigurationPolicyProvider; class UserNetworkConfigurationUpdater; class PolicyService; class PolicyCertVerifier; // A BrowserContextKeyedService that creates and manages the per-Profile policy // components. class ProfilePolicyConnector : public BrowserContextKeyedService { public: explicit ProfilePolicyConnector(Profile* profile); virtual ~ProfilePolicyConnector(); // If |force_immediate_load| then disk caches will be loaded synchronously. void Init(bool force_immediate_load, base::SequencedTaskRunner* sequenced_task_runner); void InitForTesting(scoped_ptr service); // BrowserContextKeyedService: virtual void Shutdown() OVERRIDE; // This is never NULL. PolicyService* policy_service() const { return policy_service_.get(); } #if defined(OS_CHROMEOS) // Sets the CertVerifier on which the current list of Web trusted server and // CA certificates will be set. Policy updates will trigger further calls to // |cert_verifier| later. |cert_verifier| must be valid until // SetPolicyCertVerifier is called again (with another CertVerifier or NULL) // or until this Connector is destructed. |cert_verifier|'s methods are only // called on the IO thread. This function must be called on the UI thread. void SetPolicyCertVerifier(PolicyCertVerifier* cert_verifier); // Returns a callback that should be called if a policy installed certificate // was trusted for the associated profile. The closure can be safely used (on // the UI thread) even after this Connector is destructed. base::Closure GetPolicyCertTrustedCallback(); // Sets |certs| to the list of Web trusted server and CA certificates from the // last received ONC user policy. void GetWebTrustedCertificates(net::CertificateList* certs) const; #endif // Returns true if |profile()| has used certificates installed via policy // to establish a secure connection before. This means that it may have // cached content from an untrusted source. bool UsedPolicyCertificates(); private: #if defined(ENABLE_CONFIGURATION_POLICY) #if defined(OS_CHROMEOS) void SetUsedPolicyCertificatesOnce(); void InitializeDeviceLocalAccountPolicyProvider(const std::string& username); #endif #if defined(OS_CHROMEOS) // Some of the user policy configuration affects browser global state, and // can only come from one Profile. |is_primary_user_| is true if this // connector belongs to the first signed-in Profile, and in that case that // Profile's policy is the one that affects global policy settings in // local state. bool is_primary_user_; scoped_ptr special_user_policy_provider_; scoped_ptr network_configuration_updater_; base::WeakPtrFactory weak_ptr_factory_; #endif Profile* profile_; #endif // ENABLE_CONFIGURATION_POLICY scoped_ptr policy_service_; DISALLOW_COPY_AND_ASSIGN(ProfilePolicyConnector); }; } // namespace policy #endif // CHROME_BROWSER_POLICY_PROFILE_POLICY_CONNECTOR_H_