onc_certificate_importer.h revision 2a99a7e74a7f215066514fe81d2bfa6639d9eddd 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_
6#define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_
7
8#include <string>
9#include <vector>
10
11#include "base/basictypes.h"
12#include "base/memory/ref_counted.h"
13#include "base/memory/scoped_ptr.h"
14#include "chromeos/chromeos_export.h"
15#include "chromeos/network/onc/onc_constants.h"
16
17namespace base {
18class DictionaryValue;
19class ListValue;
20}
21
22namespace net {
23class X509Certificate;
24typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
25}
26
27namespace chromeos {
28namespace onc {
29
30// This class handles certificate imports from ONC (both policy and user
31// imports) into the certificate store. In particular, the GUID of certificates
32// is stored together with the certificate as Nickname.
33class CHROMEOS_EXPORT CertificateImporter {
34 public:
35  enum ParseResult {
36    IMPORT_OK,
37    IMPORT_INCOMPLETE,
38    IMPORT_FAILED,
39  };
40
41  // During import with ParseCertificate(), Web trust is only applied to Server
42  // and Authority certificates with the Trust attribute "Web" if the
43  // |allow_web_trust| permission is granted, otherwise the attribute is
44  // ignored.
45  explicit CertificateImporter(bool allow_web_trust);
46
47  // Parses and stores the certificates in |onc_certificates| into the
48  // certificate store. If the "Remove" field of a certificate is enabled, then
49  // removes the certificate from the store instead of importing. Returns the
50  // result of the parse operation. In case of IMPORT_INCOMPLETE, some of the
51  // certificates may be stored/removed successfully while others had errors.
52  // If no error occurred, returns IMPORT_OK.
53  ParseResult ParseAndStoreCertificates(
54      const base::ListValue& onc_certificates);
55
56  // Parses and stores/removes |certificate| in/from the certificate
57  // store. Returns true if the operation succeeded.
58  bool ParseAndStoreCertificate(const base::DictionaryValue& certificate);
59
60  // Lists the certificates that have the string |label| as their certificate
61  // nickname (exact match).
62  static void ListCertsWithNickname(const std::string& label,
63                                    net::CertificateList* result);
64
65 protected:
66  // Deletes any certificate that has the string |label| as its nickname (exact
67  // match).
68  static bool DeleteCertAndKeyByNickname(const std::string& label);
69
70 private:
71  bool ParseServerOrCaCertificate(const std::string& cert_type,
72                                  const std::string& guid,
73                                  const base::DictionaryValue& certificate);
74
75  bool ParseClientCertificate(const std::string& guid,
76                              const base::DictionaryValue& certificate);
77
78  // Whether certificates with Trust attribute "Web" should be stored with web
79  // trust.
80  bool allow_web_trust_;
81
82  DISALLOW_COPY_AND_ASSIGN(CertificateImporter);
83};
84
85}  // namespace onc
86}  // namespace chromeos
87
88#endif  // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_
89