onc_certificate_importer.h revision c2e0dbddbe15c98d52c4786dac06cb8952a8ae6d 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_
6#define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_
7
8#include <string>
9#include <vector>
10
11#include "base/basictypes.h"
12#include "base/memory/ref_counted.h"
13#include "base/memory/scoped_ptr.h"
14#include "chromeos/chromeos_export.h"
15#include "chromeos/network/onc/onc_constants.h"
16
17namespace base {
18class DictionaryValue;
19class ListValue;
20}
21
22namespace net {
23class X509Certificate;
24typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
25}
26
27namespace chromeos {
28namespace onc {
29
30// This class handles certificate imports from ONC (both policy and user
31// imports) into the certificate store. In particular, the GUID of certificates
32// is stored together with the certificate as Nickname.
33class CHROMEOS_EXPORT CertificateImporter {
34 public:
35  enum ParseResult {
36    IMPORT_OK,
37    IMPORT_INCOMPLETE,
38    IMPORT_FAILED,
39  };
40
41  // During import with ParseCertificate(), Web trust is only applied to Server
42  // and Authority certificates with the TrustBits attribute "Web" if the
43  // |allow_trust_imports| permission is granted, otherwise the attribute is
44  // ignored.
45  explicit CertificateImporter(bool allow_trust_imports);
46
47  // Parses and stores the certificates in |onc_certificates| into the
48  // certificate store. If the "Remove" field of a certificate is enabled, then
49  // removes the certificate from the store instead of importing. Returns the
50  // result of the parse operation. In case of IMPORT_INCOMPLETE, some of the
51  // certificates may be stored/removed successfully while others had errors.
52  // If |onc_trusted_certificates| is not NULL then it will be filled with the
53  // list of certificates that requested the Web trust flag.
54  // If no error occurred, returns IMPORT_OK.
55  ParseResult ParseAndStoreCertificates(
56      const base::ListValue& onc_certificates,
57      net::CertificateList* onc_trusted_certificates);
58
59  // Lists the certificates that have the string |label| as their certificate
60  // nickname (exact match).
61  static void ListCertsWithNickname(const std::string& label,
62                                    net::CertificateList* result);
63
64 protected:
65  // Deletes any certificate that has the string |label| as its nickname (exact
66  // match).
67  static bool DeleteCertAndKeyByNickname(const std::string& label);
68
69 private:
70  // Parses and stores/removes |certificate| in/from the certificate
71  // store. Returns true if the operation succeeded.
72  bool ParseAndStoreCertificate(
73      const base::DictionaryValue& certificate,
74      net::CertificateList* onc_trusted_certificates);
75
76  bool ParseServerOrCaCertificate(
77      const std::string& cert_type,
78      const std::string& guid,
79      const base::DictionaryValue& certificate,
80      net::CertificateList* onc_trusted_certificates);
81
82  bool ParseClientCertificate(const std::string& guid,
83                              const base::DictionaryValue& certificate);
84
85  // Whether certificates with TrustBits attribute "Web" should be stored with
86  // web trust.
87  bool allow_trust_imports_;
88
89  DISALLOW_COPY_AND_ASSIGN(CertificateImporter);
90};
91
92}  // namespace onc
93}  // namespace chromeos
94
95#endif  // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_
96