// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_
#define CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_
#include <string>
#include <vector>
#include "base/basictypes.h"
#include "base/memory/ref_counted.h"
#include "base/memory/scoped_ptr.h"
#include "base/memory/weak_ptr.h"
#include "chromeos/cert_loader.h"
#include "chromeos/chromeos_export.h"
#include "chromeos/network/network_policy_observer.h"
#include "chromeos/network/network_state_handler_observer.h"
namespace base {
class TaskRunner;
}
namespace chromeos {
class FavoriteState;
class NetworkStateHandler;
class ManagedNetworkConfigurationHandler;
// Observes the known networks. If a network is configured with a client
// certificate pattern, this class searches for a matching client certificate.
// Each time it finds a match, it configures the network accordingly.
class CHROMEOS_EXPORT ClientCertResolver : public NetworkStateHandlerObserver,
public CertLoader::Observer,
public NetworkPolicyObserver {
public:
struct NetworkAndMatchingCert;
ClientCertResolver();
virtual ~ClientCertResolver();
void Init(NetworkStateHandler* network_state_handler,
ManagedNetworkConfigurationHandler* managed_network_config_handler);
// Sets the task runner that any slow calls will be made from, e.g. calls
// to the NSS database. If not set, uses base::WorkerPool.
void SetSlowTaskRunnerForTest(
const scoped_refptr<base::TaskRunner>& task_runner);
private:
typedef std::vector<const FavoriteState*> FavoriteStateList;
// NetworkStateHandlerObserver overrides
virtual void NetworkListChanged() OVERRIDE;
// CertLoader::Observer overrides
virtual void OnCertificatesLoaded(const net::CertificateList& cert_list,
bool initial_load) OVERRIDE;
// NetworkPolicyObserver overrides
virtual void PolicyApplied(const std::string& service_path) OVERRIDE;
// Check which networks of |networks| are configured with a client certificate
// pattern. Search for certificates, on the worker thread, and configure the
// networks for which a matching cert is found (see ConfigureCertificates).
void ResolveNetworks(const FavoriteStateList& networks);
// |matches| contains networks for which a matching certificate was found.
// Configures these networks.
void ConfigureCertificates(std::vector<NetworkAndMatchingCert>* matches);
// The set of networks that were checked/resolved in previous passes. These
// networks are skipped in the NetworkListChanged notification.
std::set<std::string> resolved_networks_;
// Unowned associated (global or test) instance.
NetworkStateHandler* network_state_handler_;
// Unowned associated (global or test) instance.
ManagedNetworkConfigurationHandler* managed_network_config_handler_;
// TaskRunner for slow tasks.
scoped_refptr<base::TaskRunner> slow_task_runner_for_test_;
base::WeakPtrFactory<ClientCertResolver> weak_ptr_factory_;
DISALLOW_COPY_AND_ASSIGN(ClientCertResolver);
};
} // namespace chromeos
#endif // CHROMEOS_NETWORK_CLIENT_CERT_RESOLVER_H_