onc_certificate_importer.h revision 2a99a7e74a7f215066514fe81d2bfa6639d9eddd
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ 6#define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ 7 8#include <string> 9#include <vector> 10 11#include "base/basictypes.h" 12#include "base/memory/ref_counted.h" 13#include "base/memory/scoped_ptr.h" 14#include "chromeos/chromeos_export.h" 15#include "chromeos/network/onc/onc_constants.h" 16 17namespace base { 18class DictionaryValue; 19class ListValue; 20} 21 22namespace net { 23class X509Certificate; 24typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; 25} 26 27namespace chromeos { 28namespace onc { 29 30// This class handles certificate imports from ONC (both policy and user 31// imports) into the certificate store. In particular, the GUID of certificates 32// is stored together with the certificate as Nickname. 33class CHROMEOS_EXPORT CertificateImporter { 34 public: 35 enum ParseResult { 36 IMPORT_OK, 37 IMPORT_INCOMPLETE, 38 IMPORT_FAILED, 39 }; 40 41 // During import with ParseCertificate(), Web trust is only applied to Server 42 // and Authority certificates with the Trust attribute "Web" if the 43 // |allow_web_trust| permission is granted, otherwise the attribute is 44 // ignored. 45 explicit CertificateImporter(bool allow_web_trust); 46 47 // Parses and stores the certificates in |onc_certificates| into the 48 // certificate store. If the "Remove" field of a certificate is enabled, then 49 // removes the certificate from the store instead of importing. Returns the 50 // result of the parse operation. In case of IMPORT_INCOMPLETE, some of the 51 // certificates may be stored/removed successfully while others had errors. 52 // If no error occurred, returns IMPORT_OK. 53 ParseResult ParseAndStoreCertificates( 54 const base::ListValue& onc_certificates); 55 56 // Parses and stores/removes |certificate| in/from the certificate 57 // store. Returns true if the operation succeeded. 58 bool ParseAndStoreCertificate(const base::DictionaryValue& certificate); 59 60 // Lists the certificates that have the string |label| as their certificate 61 // nickname (exact match). 62 static void ListCertsWithNickname(const std::string& label, 63 net::CertificateList* result); 64 65 protected: 66 // Deletes any certificate that has the string |label| as its nickname (exact 67 // match). 68 static bool DeleteCertAndKeyByNickname(const std::string& label); 69 70 private: 71 bool ParseServerOrCaCertificate(const std::string& cert_type, 72 const std::string& guid, 73 const base::DictionaryValue& certificate); 74 75 bool ParseClientCertificate(const std::string& guid, 76 const base::DictionaryValue& certificate); 77 78 // Whether certificates with Trust attribute "Web" should be stored with web 79 // trust. 80 bool allow_web_trust_; 81 82 DISALLOW_COPY_AND_ASSIGN(CertificateImporter); 83}; 84 85} // namespace onc 86} // namespace chromeos 87 88#endif // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ 89