Chromium Code Reviews Chromium Code Reviews
Issue 13035003:
Added a PolicyCertVerifier that uses the trust anchors from the ONC policies. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ | 5 #ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ |
| 6 #define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ | 6 #define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 42 // and Authority certificates with the Trust attribute "Web" if the | 42 // and Authority certificates with the Trust attribute "Web" if the |
| 43 // |allow_web_trust| permission is granted, otherwise the attribute is | 43 // |allow_web_trust| permission is granted, otherwise the attribute is |
| 44 // ignored. | 44 // ignored. |
| 45 explicit CertificateImporter(bool allow_web_trust); | 45 explicit CertificateImporter(bool allow_web_trust); |
| 46 | 46 |
| 47 // Parses and stores the certificates in |onc_certificates| into the | 47 // Parses and stores the certificates in |onc_certificates| into the |
| 48 // certificate store. If the "Remove" field of a certificate is enabled, then | 48 // certificate store. If the "Remove" field of a certificate is enabled, then |
| 49 // removes the certificate from the store instead of importing. Returns the | 49 // removes the certificate from the store instead of importing. Returns the |
| 50 // result of the parse operation. In case of IMPORT_INCOMPLETE, some of the | 50 // result of the parse operation. In case of IMPORT_INCOMPLETE, some of the |
| 51 // certificates may be stored/removed successfully while others had errors. | 51 // certificates may be stored/removed successfully while others had errors. |
| 52 // |web_trust_certificates| will be filled with the list of certificates that | |
| 53 // requested the Web trust flag, if not NULL. | |
|
pneubeck (no reviews)
2013/03/26 10:01:25
NIT: "if not NULL" to the beginning of the sentenc
Joao da Silva
2013/03/31 19:22:14
Done.
| |
| 52 // If no error occurred, returns IMPORT_OK. | 54 // If no error occurred, returns IMPORT_OK. |
| 53 ParseResult ParseAndStoreCertificates( | 55 ParseResult ParseAndStoreCertificates( |
| 54 const base::ListValue& onc_certificates); | 56 const base::ListValue& onc_certificates, |
| 57 net::CertificateList* web_trust_certificates); | |
| 55 | 58 |
| 56 // Parses and stores/removes |certificate| in/from the certificate | 59 // Parses and stores/removes |certificate| in/from the certificate |
| 57 // store. Returns true if the operation succeeded. | 60 // store. Returns true if the operation succeeded. |
| 58 bool ParseAndStoreCertificate(const base::DictionaryValue& certificate); | 61 bool ParseAndStoreCertificate( |
|
pneubeck (no reviews)
2013/03/26 10:01:25
you can make this one private. it's never called f
Joao da Silva
2013/03/31 19:22:14
Done.
| |
| 62 const base::DictionaryValue& certificate, | |
| 63 net::CertificateList* web_trust_certificates); | |
| 59 | 64 |
| 60 // Lists the certificates that have the string |label| as their certificate | 65 // Lists the certificates that have the string |label| as their certificate |
| 61 // nickname (exact match). | 66 // nickname (exact match). |
| 62 static void ListCertsWithNickname(const std::string& label, | 67 static void ListCertsWithNickname(const std::string& label, |
| 63 net::CertificateList* result); | 68 net::CertificateList* result); |
| 64 | 69 |
| 65 protected: | 70 protected: |
| 66 // Deletes any certificate that has the string |label| as its nickname (exact | 71 // Deletes any certificate that has the string |label| as its nickname (exact |
| 67 // match). | 72 // match). |
| 68 static bool DeleteCertAndKeyByNickname(const std::string& label); | 73 static bool DeleteCertAndKeyByNickname(const std::string& label); |
| 69 | 74 |
| 70 private: | 75 private: |
| 71 bool ParseServerOrCaCertificate(const std::string& cert_type, | 76 bool ParseServerOrCaCertificate( |
| 72 const std::string& guid, | 77 const std::string& cert_type, |
| 73 const base::DictionaryValue& certificate); | 78 const std::string& guid, |
| 79 const base::DictionaryValue& certificate, | |
| 80 net::CertificateList* web_trust_certificates); | |
| 74 | 81 |
| 75 bool ParseClientCertificate(const std::string& guid, | 82 bool ParseClientCertificate(const std::string& guid, |
| 76 const base::DictionaryValue& certificate); | 83 const base::DictionaryValue& certificate); |
| 77 | 84 |
| 78 // Whether certificates with Trust attribute "Web" should be stored with web | 85 // Whether certificates with Trust attribute "Web" should be stored with web |
| 79 // trust. | 86 // trust. |
| 80 bool allow_web_trust_; | 87 bool allow_web_trust_; |
| 81 | 88 |
| 82 DISALLOW_COPY_AND_ASSIGN(CertificateImporter); | 89 DISALLOW_COPY_AND_ASSIGN(CertificateImporter); |
| 83 }; | 90 }; |
| 84 | 91 |
| 85 } // namespace onc | 92 } // namespace onc |
| 86 } // namespace chromeos | 93 } // namespace chromeos |
| 87 | 94 |
| 88 #endif // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ | 95 #endif // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ |
| OLD | NEW |
