onc_certificate_importer.h revision c2e0dbddbe15c98d52c4786dac06cb8952a8ae6d
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ 6#define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ 7 8#include <string> 9#include <vector> 10 11#include "base/basictypes.h" 12#include "base/memory/ref_counted.h" 13#include "base/memory/scoped_ptr.h" 14#include "chromeos/chromeos_export.h" 15#include "chromeos/network/onc/onc_constants.h" 16 17namespace base { 18class DictionaryValue; 19class ListValue; 20} 21 22namespace net { 23class X509Certificate; 24typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; 25} 26 27namespace chromeos { 28namespace onc { 29 30// This class handles certificate imports from ONC (both policy and user 31// imports) into the certificate store. In particular, the GUID of certificates 32// is stored together with the certificate as Nickname. 33class CHROMEOS_EXPORT CertificateImporter { 34 public: 35 enum ParseResult { 36 IMPORT_OK, 37 IMPORT_INCOMPLETE, 38 IMPORT_FAILED, 39 }; 40 41 // During import with ParseCertificate(), Web trust is only applied to Server 42 // and Authority certificates with the TrustBits attribute "Web" if the 43 // |allow_trust_imports| permission is granted, otherwise the attribute is 44 // ignored. 45 explicit CertificateImporter(bool allow_trust_imports); 46 47 // Parses and stores the certificates in |onc_certificates| into the 48 // certificate store. If the "Remove" field of a certificate is enabled, then 49 // removes the certificate from the store instead of importing. Returns the 50 // result of the parse operation. In case of IMPORT_INCOMPLETE, some of the 51 // certificates may be stored/removed successfully while others had errors. 52 // If |onc_trusted_certificates| is not NULL then it will be filled with the 53 // list of certificates that requested the Web trust flag. 54 // If no error occurred, returns IMPORT_OK. 55 ParseResult ParseAndStoreCertificates( 56 const base::ListValue& onc_certificates, 57 net::CertificateList* onc_trusted_certificates); 58 59 // Lists the certificates that have the string |label| as their certificate 60 // nickname (exact match). 61 static void ListCertsWithNickname(const std::string& label, 62 net::CertificateList* result); 63 64 protected: 65 // Deletes any certificate that has the string |label| as its nickname (exact 66 // match). 67 static bool DeleteCertAndKeyByNickname(const std::string& label); 68 69 private: 70 // Parses and stores/removes |certificate| in/from the certificate 71 // store. Returns true if the operation succeeded. 72 bool ParseAndStoreCertificate( 73 const base::DictionaryValue& certificate, 74 net::CertificateList* onc_trusted_certificates); 75 76 bool ParseServerOrCaCertificate( 77 const std::string& cert_type, 78 const std::string& guid, 79 const base::DictionaryValue& certificate, 80 net::CertificateList* onc_trusted_certificates); 81 82 bool ParseClientCertificate(const std::string& guid, 83 const base::DictionaryValue& certificate); 84 85 // Whether certificates with TrustBits attribute "Web" should be stored with 86 // web trust. 87 bool allow_trust_imports_; 88 89 DISALLOW_COPY_AND_ASSIGN(CertificateImporter); 90}; 91 92} // namespace onc 93} // namespace chromeos 94 95#endif // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ 96