1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_
#define CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_
#include <set>
#include <string>
#include <vector>
#include "base/basictypes.h"
#include "base/macros.h"
#include "base/memory/ref_counted.h"
#include "base/memory/scoped_ptr.h"
#include "base/memory/weak_ptr.h"
#include "base/observer_list.h"
#include "chromeos/cert_loader.h"
#include "chromeos/chromeos_export.h"
#include "chromeos/network/client_cert_util.h"
#include "chromeos/network/network_policy_observer.h"
#include "chromeos/network/network_state_handler.h"
#include "chromeos/network/network_state_handler_observer.h"
namespace base {
class TaskRunner;
}
namespace chromeos {
class NetworkState;
class ManagedNetworkConfigurationHandler;
// Observes the known networks. If a network is configured with a client
// certificate pattern, this class searches for a matching client certificate.
// Each time it finds a match, it configures the network accordingly.
class CHROMEOS_EXPORT ClientCertResolver : public NetworkStateHandlerObserver,
public CertLoader::Observer,
public NetworkPolicyObserver {
public:
struct NetworkAndMatchingCert;
class Observer {
public:
// Called every time resolving of client certificate patterns finishes,
// no resolve requests are pending and no tasks are running.
// |network_properties_changed| will be true if any network properties were
// changed by this resolver since the last notification.
virtual void ResolveRequestCompleted(bool network_properties_changed) = 0;
protected:
virtual ~Observer() {}
private:
DISALLOW_ASSIGN(Observer);
};
ClientCertResolver();
~ClientCertResolver() override;
void Init(NetworkStateHandler* network_state_handler,
ManagedNetworkConfigurationHandler* managed_network_config_handler);
// Sets the task runner that any slow calls will be made from, e.g. calls
// to the NSS database. If not set, uses base::WorkerPool.
void SetSlowTaskRunnerForTest(
const scoped_refptr<base::TaskRunner>& task_runner);
void AddObserver(Observer* observer);
void RemoveObserver(Observer* observer);
// Returns true if any resolve tasks are running. Every time a task finishes
// and no further requests are pending, a notification is sent, see
// |Observer|.
bool IsAnyResolveTaskRunning() const;
// Returns true and sets the Shill properties that have to be configured in
// |shill_properties| if the certificate pattern |pattern| could be resolved.
// Returns false otherwise and sets empty Shill properties to clear the
// certificate configuration.
static bool ResolveCertificatePatternSync(
const client_cert::ConfigType client_cert_type,
const CertificatePattern& pattern,
base::DictionaryValue* shill_properties);
private:
// NetworkStateHandlerObserver overrides
void NetworkListChanged() override;
// CertLoader::Observer overrides
void OnCertificatesLoaded(const net::CertificateList& cert_list,
bool initial_load) override;
// NetworkPolicyObserver overrides
void PolicyAppliedToNetwork(const std::string& service_path) override;
// Check which networks of |networks| are configured with a client certificate
// pattern. Search for certificates, on the worker thread, and configure the
// networks for which a matching cert is found (see ConfigureCertificates).
void ResolveNetworks(const NetworkStateHandler::NetworkStateList& networks);
// Resolves certificates for the pending networks. This will always trigger a
// ResolveRequestCompleted notification, even if the queue is empty.
void ResolvePendingNetworks();
// |matches| contains networks for which a matching certificate was found.
// Configures these networks.
void ConfigureCertificates(std::vector<NetworkAndMatchingCert>* matches);
// Trigger a ResolveRequestCompleted event on all observers.
void NotifyResolveRequestCompleted();
ObserverList<Observer> observers_;
// The set of networks that were checked/resolved in previous passes. These
// networks are skipped in the NetworkListChanged notification.
std::set<std::string> resolved_networks_;
// The list of network paths that still have to be resolved.
std::set<std::string> queued_networks_to_resolve_;
// True if currently a resolve task is running.
bool resolve_task_running_;
// True if any network properties were changed since the last notification to
// observers.
bool network_properties_changed_;
// Unowned associated (global or test) instance.
NetworkStateHandler* network_state_handler_;
// Unowned associated (global or test) instance.
ManagedNetworkConfigurationHandler* managed_network_config_handler_;
// TaskRunner for slow tasks.
scoped_refptr<base::TaskRunner> slow_task_runner_for_test_;
base::WeakPtrFactory<ClientCertResolver> weak_ptr_factory_;
DISALLOW_COPY_AND_ASSIGN(ClientCertResolver);
};
} // namespace chromeos
#endif // CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_
|
