onc_certificate_importer_impl.h revision 1320f92c476a1ad9d19dba2a48c72b75566198e9
1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_ 6#define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_ 7 8#include <map> 9#include <string> 10#include <vector> 11 12#include "base/basictypes.h" 13#include "base/memory/ref_counted.h" 14#include "base/memory/scoped_ptr.h" 15#include "base/memory/weak_ptr.h" 16#include "chromeos/chromeos_export.h" 17#include "chromeos/network/onc/onc_certificate_importer.h" 18#include "components/onc/onc_constants.h" 19 20namespace base { 21class DictionaryValue; 22class ListValue; 23class SequencedTaskRunner; 24class SingleThreadTaskRunner; 25} 26 27namespace net { 28class NSSCertDatabase; 29class X509Certificate; 30typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; 31} 32 33namespace chromeos { 34namespace onc { 35 36// This class handles certificate imports from ONC (both policy and user 37// imports) into a certificate store. The GUID of Client certificates is stored 38// together with the certificate as Nickname. In contrast, Server and CA 39// certificates are identified by their PEM and not by GUID. 40// TODO(pneubeck): Replace Nickname by PEM for Client 41// certificates. http://crbug.com/252119 42class CHROMEOS_EXPORT CertificateImporterImpl : public CertificateImporter { 43 public: 44 // |io_task_runner| will be used for NSSCertDatabase accesses. 45 CertificateImporterImpl( 46 const scoped_refptr<base::SequencedTaskRunner>& io_task_runner, 47 net::NSSCertDatabase* target_nssdb_); 48 virtual ~CertificateImporterImpl(); 49 50 // CertificateImporter overrides 51 virtual void ImportCertificates(const base::ListValue& certificates, 52 ::onc::ONCSource source, 53 const DoneCallback& done_callback) OVERRIDE; 54 55 private: 56 void RunDoneCallback(const CertificateImporter::DoneCallback& callback, 57 bool success, 58 const net::CertificateList& onc_trusted_certificates); 59 60 // This is the synchronous implementation of ImportCertificates. It is 61 // executed on the given |io_task_runner_|. 62 static void ParseAndStoreCertificates(::onc::ONCSource source, 63 const DoneCallback& done_callback, 64 base::ListValue* certificates, 65 net::NSSCertDatabase* nssdb); 66 67 // Lists the certificates that have the string |label| as their certificate 68 // nickname (exact match). 69 static void ListCertsWithNickname(const std::string& label, 70 net::CertificateList* result, 71 net::NSSCertDatabase* target_nssdb); 72 73 // Deletes any certificate that has the string |label| as its nickname (exact 74 // match). 75 static bool DeleteCertAndKeyByNickname(const std::string& label, 76 net::NSSCertDatabase* target_nssdb); 77 78 // Parses and stores/removes |certificate| in/from the certificate 79 // store. Returns true if the operation succeeded. 80 static bool ParseAndStoreCertificate( 81 bool allow_trust_imports, 82 const base::DictionaryValue& certificate, 83 net::NSSCertDatabase* nssdb, 84 net::CertificateList* onc_trusted_certificates); 85 86 // Imports the Server or CA certificate |certificate|. Web trust is only 87 // applied if the certificate requests the TrustBits attribute "Web" and if 88 // the |allow_trust_imports| permission is granted, otherwise the attribute is 89 // ignored. 90 static bool ParseServerOrCaCertificate( 91 bool allow_trust_imports, 92 const std::string& cert_type, 93 const std::string& guid, 94 const base::DictionaryValue& certificate, 95 net::NSSCertDatabase* nssdb, 96 net::CertificateList* onc_trusted_certificates); 97 98 static bool ParseClientCertificate(const std::string& guid, 99 const base::DictionaryValue& certificate, 100 net::NSSCertDatabase* nssdb); 101 102 // The task runner to use for NSSCertDatabase accesses. 103 scoped_refptr<base::SequencedTaskRunner> io_task_runner_; 104 105 // The certificate database to which certificates are imported. 106 net::NSSCertDatabase* target_nssdb_; 107 108 base::WeakPtrFactory<CertificateImporterImpl> weak_factory_; 109 110 DISALLOW_COPY_AND_ASSIGN(CertificateImporterImpl); 111}; 112 113} // namespace onc 114} // namespace chromeos 115 116#endif // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_ 117