Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(81)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chromeos/network/onc/onc_certificate_importer.h

Issue 16946002: Resolve certificate references in ONC by PEM. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Added a unit test for the resolve function. Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chromeos/network/network_ui_data_unittest.cc ('k') | chromeos/network/onc/onc_certificate_importer.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ 5 #ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_
6 #define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ 6 #define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_
7 7
8 #include <map>
8 #include <string> 9 #include <string>
9 #include <vector> 10 #include <vector>
10 11
11 #include "base/basictypes.h" 12 #include "base/basictypes.h"
12 #include "base/memory/ref_counted.h" 13 #include "base/memory/ref_counted.h"
13 #include "base/memory/scoped_ptr.h" 14 #include "base/memory/scoped_ptr.h"
14 #include "chromeos/chromeos_export.h" 15 #include "chromeos/chromeos_export.h"
15 #include "chromeos/network/onc/onc_constants.h" 16 #include "chromeos/network/onc/onc_constants.h"
16 17
17 namespace base { 18 namespace base {
18 class DictionaryValue; 19 class DictionaryValue;
19 class ListValue; 20 class ListValue;
20 } 21 }
21 22
22 namespace net { 23 namespace net {
23 class X509Certificate; 24 class X509Certificate;
24 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; 25 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
25 } 26 }
26 27
27 namespace chromeos { 28 namespace chromeos {
28 namespace onc { 29 namespace onc {
29 30
30 // This class handles certificate imports from ONC (both policy and user 31 // This class handles certificate imports from ONC (both policy and user
31 // imports) into the certificate store. In particular, the GUID of certificates 32 // imports) into the certificate store. The GUID of Client certificates is
32 // is stored together with the certificate as Nickname. 33 // stored together with the certificate as Nickname. In contrast, Server and CA
34 // certificates are identified by their PEM and not by GUID.
35 // TODO(pneubeck): Replace Nickname by PEM for Client
36 // certificates. http://crbug.com/252119
33 class CHROMEOS_EXPORT CertificateImporter { 37 class CHROMEOS_EXPORT CertificateImporter {
34 public: 38 public:
39 typedef std::map<std::string, scoped_refptr<net::X509Certificate> >
40 CertsByGUID;
35 enum ParseResult { 41 enum ParseResult {
36 IMPORT_OK, 42 IMPORT_OK,
37 IMPORT_INCOMPLETE, 43 IMPORT_INCOMPLETE,
38 IMPORT_FAILED, 44 IMPORT_FAILED,
39 }; 45 };
40 46
41 // During import with ParseCertificate(), Web trust is only applied to Server 47 // During import with ParseCertificate(), Web trust is only applied to Server
42 // and Authority certificates with the TrustBits attribute "Web" if the 48 // and Authority certificates with the TrustBits attribute "Web" if the
43 // |allow_trust_imports| permission is granted, otherwise the attribute is 49 // |allow_trust_imports| permission is granted, otherwise the attribute is
44 // ignored. 50 // ignored.
45 explicit CertificateImporter(bool allow_trust_imports); 51 explicit CertificateImporter(bool allow_trust_imports);
46 52
47 // Parses and stores the certificates in |onc_certificates| into the 53 // Parses and stores the certificates in |onc_certificates| into the
48 // certificate store. If the "Remove" field of a certificate is enabled, then 54 // certificate store. If the "Remove" field of a certificate is enabled, then
49 // removes the certificate from the store instead of importing. Returns the 55 // removes the certificate from the store instead of importing. Returns the
50 // result of the parse operation. In case of IMPORT_INCOMPLETE, some of the 56 // result of the parse operation. In case of IMPORT_INCOMPLETE, some of the
51 // certificates may be stored/removed successfully while others had errors. 57 // certificates may be stored/removed successfully while others had errors.
52 // If |onc_trusted_certificates| is not NULL then it will be filled with the 58 // If no error occurred, returns IMPORT_OK. If |onc_trusted_certificates| is
53 // list of certificates that requested the Web trust flag. 59 // not NULL, it will be filled with the list of certificates that requested
54 // If no error occurred, returns IMPORT_OK. 60 // the Web trust flag. If |imported_server_and_ca_certs| is not null, it will
61 // be filled with the (GUID, Certificate) pairs of all successfully imported
62 // Server and CA certificates.
55 ParseResult ParseAndStoreCertificates( 63 ParseResult ParseAndStoreCertificates(
56 const base::ListValue& onc_certificates, 64 const base::ListValue& onc_certificates,
57 net::CertificateList* onc_trusted_certificates); 65 net::CertificateList* onc_trusted_certificates,
66 CertsByGUID* imported_server_and_ca_certs);
58 67
59 // Lists the certificates that have the string |label| as their certificate 68 // Lists the certificates that have the string |label| as their certificate
60 // nickname (exact match). 69 // nickname (exact match).
61 static void ListCertsWithNickname(const std::string& label, 70 static void ListCertsWithNickname(const std::string& label,
62 net::CertificateList* result); 71 net::CertificateList* result);
63 72
64 protected: 73 protected:
65 // Deletes any certificate that has the string |label| as its nickname (exact 74 // Deletes any certificate that has the string |label| as its nickname (exact
66 // match). 75 // match).
67 static bool DeleteCertAndKeyByNickname(const std::string& label); 76 static bool DeleteCertAndKeyByNickname(const std::string& label);
68 77
69 private: 78 private:
70 // Parses and stores/removes |certificate| in/from the certificate 79 // Parses and stores/removes |certificate| in/from the certificate
71 // store. Returns true if the operation succeeded. 80 // store. Returns true if the operation succeeded.
72 bool ParseAndStoreCertificate( 81 bool ParseAndStoreCertificate(
73 const base::DictionaryValue& certificate, 82 const base::DictionaryValue& certificate,
74 net::CertificateList* onc_trusted_certificates); 83 net::CertificateList* onc_trusted_certificates,
84 CertsByGUID* imported_server_and_ca_certs);
75 85
76 bool ParseServerOrCaCertificate( 86 bool ParseServerOrCaCertificate(
77 const std::string& cert_type, 87 const std::string& cert_type,
78 const std::string& guid, 88 const std::string& guid,
79 const base::DictionaryValue& certificate, 89 const base::DictionaryValue& certificate,
80 net::CertificateList* onc_trusted_certificates); 90 net::CertificateList* onc_trusted_certificates,
91 CertsByGUID* imported_server_and_ca_certs);
81 92
82 bool ParseClientCertificate(const std::string& guid, 93 bool ParseClientCertificate(const std::string& guid,
83 const base::DictionaryValue& certificate); 94 const base::DictionaryValue& certificate);
84 95
85 // Whether certificates with TrustBits attribute "Web" should be stored with 96 // Whether certificates with TrustBits attribute "Web" should be stored with
86 // web trust. 97 // web trust.
87 bool allow_trust_imports_; 98 bool allow_trust_imports_;
88 99
89 DISALLOW_COPY_AND_ASSIGN(CertificateImporter); 100 DISALLOW_COPY_AND_ASSIGN(CertificateImporter);
90 }; 101 };
91 102
92 } // namespace onc 103 } // namespace onc
93 } // namespace chromeos 104 } // namespace chromeos
94 105
95 #endif // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ 106 #endif // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_
OLDNEW
« no previous file with comments | « chromeos/network/network_ui_data_unittest.cc ('k') | chromeos/network/onc/onc_certificate_importer.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698