Chromium Code Reviews Chromium Code Reviews
Issue 16946002:
Resolve certificate references in ONC by PEM. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ | 5 #ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ |
| 6 #define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ | 6 #define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ |
| 7 | 7 |
| 8 #include <map> | |
| 8 #include <string> | 9 #include <string> |
| 9 #include <vector> | 10 #include <vector> |
| 10 | 11 |
| 11 #include "base/basictypes.h" | 12 #include "base/basictypes.h" |
| 12 #include "base/memory/ref_counted.h" | 13 #include "base/memory/ref_counted.h" |
| 13 #include "base/memory/scoped_ptr.h" | 14 #include "base/memory/scoped_ptr.h" |
| 14 #include "chromeos/chromeos_export.h" | 15 #include "chromeos/chromeos_export.h" |
| 15 #include "chromeos/network/onc/onc_constants.h" | 16 #include "chromeos/network/onc/onc_constants.h" |
| 16 | 17 |
| 17 namespace base { | 18 namespace base { |
| 18 class DictionaryValue; | 19 class DictionaryValue; |
| 19 class ListValue; | 20 class ListValue; |
| 20 } | 21 } |
| 21 | 22 |
| 22 namespace net { | 23 namespace net { |
| 23 class X509Certificate; | 24 class X509Certificate; |
| 24 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; | 25 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; |
| 25 } | 26 } |
| 26 | 27 |
| 27 namespace chromeos { | 28 namespace chromeos { |
| 28 namespace onc { | 29 namespace onc { |
| 29 | 30 |
| 30 // This class handles certificate imports from ONC (both policy and user | 31 // This class handles certificate imports from ONC (both policy and user |
| 31 // imports) into the certificate store. In particular, the GUID of certificates | 32 // imports) into the certificate store. In particular, the GUID of certificates |
| 32 // is stored together with the certificate as Nickname. | 33 // is stored together with the certificate as Nickname. |
|
Mattias Nissler (ping if slow)
2013/06/14 12:56:44
you'll want to update this comment
pneubeck (no reviews)
2013/06/21 12:53:56
Done.
| |
| 33 class CHROMEOS_EXPORT CertificateImporter { | 34 class CHROMEOS_EXPORT CertificateImporter { |
| 34 public: | 35 public: |
| 36 typedef std::map<std::string, scoped_refptr<net::X509Certificate> > | |
| 37 CertsByGUID; | |
| 35 enum ParseResult { | 38 enum ParseResult { |
| 36 IMPORT_OK, | 39 IMPORT_OK, |
| 37 IMPORT_INCOMPLETE, | 40 IMPORT_INCOMPLETE, |
| 38 IMPORT_FAILED, | 41 IMPORT_FAILED, |
| 39 }; | 42 }; |
| 40 | 43 |
| 41 // During import with ParseCertificate(), Web trust is only applied to Server | 44 // During import with ParseCertificate(), Web trust is only applied to Server |
| 42 // and Authority certificates with the TrustBits attribute "Web" if the | 45 // and Authority certificates with the TrustBits attribute "Web" if the |
| 43 // |allow_trust_imports| permission is granted, otherwise the attribute is | 46 // |allow_trust_imports| permission is granted, otherwise the attribute is |
| 44 // ignored. | 47 // ignored. |
| 45 explicit CertificateImporter(bool allow_trust_imports); | 48 explicit CertificateImporter(bool allow_trust_imports); |
| 46 | 49 |
| 47 // Parses and stores the certificates in |onc_certificates| into the | 50 // Parses and stores the certificates in |onc_certificates| into the |
| 48 // certificate store. If the "Remove" field of a certificate is enabled, then | 51 // certificate store. If the "Remove" field of a certificate is enabled, then |
| 49 // removes the certificate from the store instead of importing. Returns the | 52 // removes the certificate from the store instead of importing. Returns the |
| 50 // result of the parse operation. In case of IMPORT_INCOMPLETE, some of the | 53 // result of the parse operation. In case of IMPORT_INCOMPLETE, some of the |
| 51 // certificates may be stored/removed successfully while others had errors. | 54 // certificates may be stored/removed successfully while others had errors. |
| 52 // If |onc_trusted_certificates| is not NULL then it will be filled with the | 55 // If |onc_trusted_certificates| is not NULL then it will be filled with the |
| 53 // list of certificates that requested the Web trust flag. | 56 // list of certificates that requested the Web trust flag. |
| 54 // If no error occurred, returns IMPORT_OK. | 57 // If no error occurred, returns IMPORT_OK. |
| 55 ParseResult ParseAndStoreCertificates( | 58 ParseResult ParseAndStoreCertificates( |
| 56 const base::ListValue& onc_certificates, | 59 const base::ListValue& onc_certificates, |
| 57 net::CertificateList* onc_trusted_certificates); | 60 net::CertificateList* onc_trusted_certificates, |
| 61 CertsByGUID* imported_server_and_ca_certs); | |
| 58 | 62 |
| 59 // Lists the certificates that have the string |label| as their certificate | 63 // Lists the certificates that have the string |label| as their certificate |
| 60 // nickname (exact match). | 64 // nickname (exact match). |
| 61 static void ListCertsWithNickname(const std::string& label, | 65 static void ListCertsWithNickname(const std::string& label, |
| 62 net::CertificateList* result); | 66 net::CertificateList* result); |
| 63 | 67 |
| 64 protected: | 68 protected: |
| 65 // Deletes any certificate that has the string |label| as its nickname (exact | 69 // Deletes any certificate that has the string |label| as its nickname (exact |
| 66 // match). | 70 // match). |
| 67 static bool DeleteCertAndKeyByNickname(const std::string& label); | 71 static bool DeleteCertAndKeyByNickname(const std::string& label); |
| 68 | 72 |
| 69 private: | 73 private: |
| 70 // Parses and stores/removes |certificate| in/from the certificate | 74 // Parses and stores/removes |certificate| in/from the certificate |
| 71 // store. Returns true if the operation succeeded. | 75 // store. Returns true if the operation succeeded. |
| 72 bool ParseAndStoreCertificate( | 76 bool ParseAndStoreCertificate( |
| 73 const base::DictionaryValue& certificate, | 77 const base::DictionaryValue& certificate, |
| 74 net::CertificateList* onc_trusted_certificates); | 78 net::CertificateList* onc_trusted_certificates, |
| 79 CertsByGUID* imported_server_and_ca_certs); | |
| 75 | 80 |
| 76 bool ParseServerOrCaCertificate( | 81 bool ParseServerOrCaCertificate( |
| 77 const std::string& cert_type, | 82 const std::string& cert_type, |
| 78 const std::string& guid, | 83 const std::string& guid, |
| 79 const base::DictionaryValue& certificate, | 84 const base::DictionaryValue& certificate, |
| 80 net::CertificateList* onc_trusted_certificates); | 85 net::CertificateList* onc_trusted_certificates, |
| 86 CertsByGUID* imported_server_and_ca_certs); | |
| 81 | 87 |
| 82 bool ParseClientCertificate(const std::string& guid, | 88 bool ParseClientCertificate(const std::string& guid, |
| 83 const base::DictionaryValue& certificate); | 89 const base::DictionaryValue& certificate); |
| 84 | 90 |
| 85 // Whether certificates with TrustBits attribute "Web" should be stored with | 91 // Whether certificates with TrustBits attribute "Web" should be stored with |
| 86 // web trust. | 92 // web trust. |
| 87 bool allow_trust_imports_; | 93 bool allow_trust_imports_; |
| 88 | 94 |
| 89 DISALLOW_COPY_AND_ASSIGN(CertificateImporter); | 95 DISALLOW_COPY_AND_ASSIGN(CertificateImporter); |
| 90 }; | 96 }; |
| 91 | 97 |
| 92 } // namespace onc | 98 } // namespace onc |
| 93 } // namespace chromeos | 99 } // namespace chromeos |
| 94 | 100 |
| 95 #endif // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ | 101 #endif // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ |
| OLD | NEW |
