| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_CERT_DATABASE_H_ | 5 #ifndef NET_BASE_CERT_DATABASE_H_ |
| 6 #define NET_BASE_CERT_DATABASE_H_ | 6 #define NET_BASE_CERT_DATABASE_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 92 // Check whether this is a valid user cert that we have the private key for. | 92 // Check whether this is a valid user cert that we have the private key for. |
| 93 // Returns OK or a network error code such as ERR_CERT_CONTAINS_ERRORS. | 93 // Returns OK or a network error code such as ERR_CERT_CONTAINS_ERRORS. |
| 94 int CheckUserCert(X509Certificate* cert); | 94 int CheckUserCert(X509Certificate* cert); |
| 95 | 95 |
| 96 // Store user (client) certificate. Assumes CheckUserCert has already passed. | 96 // Store user (client) certificate. Assumes CheckUserCert has already passed. |
| 97 // Returns OK, or ERR_ADD_USER_CERT_FAILED if there was a problem saving to | 97 // Returns OK, or ERR_ADD_USER_CERT_FAILED if there was a problem saving to |
| 98 // the platform cert database, or possibly other network error codes. | 98 // the platform cert database, or possibly other network error codes. |
| 99 int AddUserCert(X509Certificate* cert); | 99 int AddUserCert(X509Certificate* cert); |
| 100 | 100 |
| 101 #if defined(USE_NSS) || defined(USE_OPENSSL) | 101 #if defined(USE_NSS) || defined(USE_OPENSSL) |
| 102 // Get a list of unique certificates in the certificate database. (One | 102 // Get a list of unique certificates in the certificate database (one |
| 103 // instance of all certificates.) | 103 // instance of all certificates). |
| 104 void ListCerts(CertificateList* certs); | 104 void ListCerts(CertificateList* certs); |
| 105 | 105 |
| 106 // Get the default module for public key data. | 106 // Get the default module for public key data. |
| 107 // The returned pointer must be stored in a scoped_refptr<CryptoModule>. | 107 // The returned pointer must be stored in a scoped_refptr<CryptoModule>. |
| 108 CryptoModule* GetPublicModule() const; | 108 CryptoModule* GetPublicModule() const; |
| 109 | 109 |
| 110 // Get the default module for private key or mixed private/public key data. | 110 // Get the default module for private key or mixed private/public key data. |
| 111 // The returned pointer must be stored in a scoped_refptr<CryptoModule>. | 111 // The returned pointer must be stored in a scoped_refptr<CryptoModule>. |
| 112 CryptoModule* GetPrivateModule() const; | 112 CryptoModule* GetPrivateModule() const; |
| 113 | 113 |
| 114 // Get all modules. | 114 // Get all modules. |
| 115 // If |need_rw| is true, only writable modules will be returned. | 115 // If |need_rw| is true, only writable modules will be returned. |
| 116 void ListModules(CryptoModuleList* modules, bool need_rw) const; | 116 void ListModules(CryptoModuleList* modules, bool need_rw) const; |
| 117 | 117 |
| 118 // Import certificates and private keys from PKCS #12 blob into the module. | 118 // Import certificates and private keys from PKCS #12 blob into the module. |
| 119 // If |is_extractable| is false, mark the private key as being unextractable | 119 // If |is_extractable| is false, mark the private key as being unextractable |
| 120 // from the module. | 120 // from the module. |
| 121 // Returns OK or a network error code such as ERR_PKCS12_IMPORT_BAD_PASSWORD | 121 // Returns OK or a network error code such as ERR_PKCS12_IMPORT_BAD_PASSWORD |
| 122 // or ERR_PKCS12_IMPORT_ERROR. | 122 // or ERR_PKCS12_IMPORT_ERROR. |imported_certs|, if non-NULL, returns a list |
| 123 // of certs that were imported. |
| 123 int ImportFromPKCS12(CryptoModule* module, | 124 int ImportFromPKCS12(CryptoModule* module, |
| 124 const std::string& data, | 125 const std::string& data, |
| 125 const string16& password, | 126 const string16& password, |
| 126 bool is_extractable); | 127 bool is_extractable, |
| 128 CertificateList* imported_certs); |
| 127 | 129 |
| 128 // Export the given certificates and private keys into a PKCS #12 blob, | 130 // Export the given certificates and private keys into a PKCS #12 blob, |
| 129 // storing into |output|. | 131 // storing into |output|. |
| 130 // Returns the number of certificates successfully exported. | 132 // Returns the number of certificates successfully exported. |
| 131 int ExportToPKCS12(const CertificateList& certs, const string16& password, | 133 int ExportToPKCS12(const CertificateList& certs, const string16& password, |
| 132 std::string* output) const; | 134 std::string* output) const; |
| 133 | 135 |
| 134 // Uses similar logic to nsNSSCertificateDB::handleCACertDownload to find the | 136 // Uses similar logic to nsNSSCertificateDB::handleCACertDownload to find the |
| 135 // root. Assumes the list is an ordered hierarchy with the root being either | 137 // root. Assumes the list is an ordered hierarchy with the root being either |
| 136 // the first or last element. | 138 // the first or last element. |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 171 // Returns true on success or false on failure. | 173 // Returns true on success or false on failure. |
| 172 bool SetCertTrust(const X509Certificate* cert, | 174 bool SetCertTrust(const X509Certificate* cert, |
| 173 CertType type, | 175 CertType type, |
| 174 TrustBits trust_bits); | 176 TrustBits trust_bits); |
| 175 | 177 |
| 176 // Delete certificate and associated private key (if one exists). | 178 // Delete certificate and associated private key (if one exists). |
| 177 // |cert| is still valid when this function returns. Returns true on | 179 // |cert| is still valid when this function returns. Returns true on |
| 178 // success. | 180 // success. |
| 179 bool DeleteCertAndKey(const X509Certificate* cert); | 181 bool DeleteCertAndKey(const X509Certificate* cert); |
| 180 | 182 |
| 181 // Delete the certificate and associated public and private key (if | |
| 182 // one exists) with the given label from the database. Returns true | |
| 183 // on success. ("label" here refers to the NSS Attribute CKA_LABEL, | |
| 184 // also referred to as a nickname or friendly name). | |
| 185 bool DeleteCertAndKeyByLabel(const std::string& label); | |
| 186 | |
| 187 // Check whether cert is stored in a readonly slot. | 183 // Check whether cert is stored in a readonly slot. |
| 188 bool IsReadOnly(const X509Certificate* cert) const; | 184 bool IsReadOnly(const X509Certificate* cert) const; |
| 189 #endif | 185 #endif |
| 190 | 186 |
| 191 // Registers |observer| to receive notifications of certificate changes. The | 187 // Registers |observer| to receive notifications of certificate changes. The |
| 192 // thread on which this is called is the thread on which |observer| will be | 188 // thread on which this is called is the thread on which |observer| will be |
| 193 // called back with notifications. | 189 // called back with notifications. |
| 194 static void AddObserver(Observer* observer); | 190 static void AddObserver(Observer* observer); |
| 195 | 191 |
| 196 // Unregisters |observer| from receiving notifications. This must be called | 192 // Unregisters |observer| from receiving notifications. This must be called |
| 197 // on the same thread on which AddObserver() was called. | 193 // on the same thread on which AddObserver() was called. |
| 198 static void RemoveObserver(Observer* observer); | 194 static void RemoveObserver(Observer* observer); |
| 199 | 195 |
| 200 private: | 196 private: |
| 201 // Broadcasts notifications to all registered observers. | 197 // Broadcasts notifications to all registered observers. |
| 202 static void NotifyObserversOfUserCertAdded(const X509Certificate* cert); | 198 static void NotifyObserversOfUserCertAdded(const X509Certificate* cert); |
| 203 static void NotifyObserversOfCertTrustChanged(const X509Certificate* cert); | 199 static void NotifyObserversOfCertTrustChanged(const X509Certificate* cert); |
| 204 | 200 |
| 205 DISALLOW_COPY_AND_ASSIGN(CertDatabase); | 201 DISALLOW_COPY_AND_ASSIGN(CertDatabase); |
| 206 }; | 202 }; |
| 207 | 203 |
| 208 } // namespace net | 204 } // namespace net |
| 209 | 205 |
| 210 #endif // NET_BASE_CERT_DATABASE_H_ | 206 #endif // NET_BASE_CERT_DATABASE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8566056:
This applies GUIDs to certificate and key nicknames when (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src