1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
#include "base/bind.h"
#include "base/bind_helpers.h"
#include "base/logging.h"
#include "chrome/browser/chromeos/login/user.h"
#include "chrome/browser/chromeos/net/onc_utils.h"
#include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
#include "chromeos/network/managed_network_configuration_handler.h"
#include "chromeos/network/onc/onc_certificate_importer.h"
#include "content/public/browser/browser_thread.h"
#include "net/cert/x509_certificate.h"
#include "policy/policy_constants.h"
namespace policy {
UserNetworkConfigurationUpdater::~UserNetworkConfigurationUpdater() {}
// static
scoped_ptr<UserNetworkConfigurationUpdater>
UserNetworkConfigurationUpdater::CreateForUserPolicy(
bool allow_trusted_certs_from_policy,
const chromeos::User& user,
scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer,
PolicyService* policy_service,
chromeos::ManagedNetworkConfigurationHandler* network_config_handler) {
scoped_ptr<UserNetworkConfigurationUpdater> updater(
new UserNetworkConfigurationUpdater(allow_trusted_certs_from_policy,
user,
certificate_importer.Pass(),
policy_service,
network_config_handler));
updater->Init();
return updater.Pass();
}
UserNetworkConfigurationUpdater::UserNetworkConfigurationUpdater(
bool allow_trusted_certs_from_policy,
const chromeos::User& user,
scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer,
PolicyService* policy_service,
chromeos::ManagedNetworkConfigurationHandler* network_config_handler)
: NetworkConfigurationUpdater(onc::ONC_SOURCE_USER_POLICY,
key::kOpenNetworkConfiguration,
certificate_importer.Pass(),
policy_service,
network_config_handler),
allow_trusted_certificates_from_policy_(allow_trusted_certs_from_policy),
user_(&user),
cert_verifier_(NULL) {}
void UserNetworkConfigurationUpdater::SetPolicyCertVerifier(
PolicyCertVerifier* cert_verifier) {
cert_verifier_ = cert_verifier;
SetTrustAnchors();
}
void UserNetworkConfigurationUpdater::GetWebTrustedCertificates(
net::CertificateList* certs) const {
*certs = web_trust_certs_;
}
void UserNetworkConfigurationUpdater::ImportCertificates(
const base::ListValue& certificates_onc) {
web_trust_certs_.clear();
certificate_importer_->ImportCertificates(
certificates_onc,
onc_source_,
allow_trusted_certificates_from_policy_ ? &web_trust_certs_ : NULL);
SetTrustAnchors();
}
void UserNetworkConfigurationUpdater::ApplyNetworkPolicy(
base::ListValue* network_configs_onc,
base::DictionaryValue* global_network_config) {
DCHECK(user_);
chromeos::onc::ExpandStringPlaceholdersInNetworksForUser(user_,
network_configs_onc);
network_config_handler_->SetPolicy(onc_source_,
user_->username_hash(),
*network_configs_onc,
*global_network_config);
}
void UserNetworkConfigurationUpdater::SetTrustAnchors() {
if (!cert_verifier_)
return;
content::BrowserThread::PostTask(
content::BrowserThread::IO,
FROM_HERE,
base::Bind(&PolicyCertVerifier::SetTrustAnchors,
base::Unretained(cert_verifier_),
web_trust_certs_));
}
} // namespace policy
|
