Resolve certificate references in ONC by PEM.

chromeos/network/onc/onc_utils.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROMEOS_NETWORK_ONC_ONC_UTILS_H_
 #define CHROMEOS_NETWORK_ONC_ONC_UTILS_H_
 
+#include <map>
 #include <string>
+#include <vector>
 
 #include "base/basictypes.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "chromeos/chromeos_export.h"
 #include "chromeos/network/onc/onc_constants.h"
-#include "net/cert/x509_certificate.h"
 
 namespace base {
 class DictionaryValue;
 class ListValue;
 }
 
+namespace net {
+class X509Certificate;
+typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
+}
+
 namespace chromeos {
 namespace onc {
 
 struct OncValueSignature;
 
 // A valid but empty (no networks and no certificates) and unencrypted
 // configuration.
 CHROMEOS_EXPORT extern const char kEmptyUnencryptedConfiguration[];
 
 // Parses |json| according to the JSON format. If |json| is a JSON formatted
@@ skipping 49 matching lines @@
 // and Certificates of |onc_blob|. Returns false if any validation errors or
 // warnings occurred. Still, some networks or certificates might be added to the
 // output lists and should be further processed by the caller.
 CHROMEOS_EXPORT bool ParseAndValidateOncForImport(
     const std::string& onc_blob,
     ONCSource onc_source,
     const std::string& passphrase,
     base::ListValue* network_configs,
     base::ListValue* certificates);
 
+// Get the hexadecimal representation of the fingerprint of |cert|.
+CHROMEOS_EXPORT std::string GetHexFingerprintOfCert(
+    const net::X509Certificate& cert);
+
+// Returns a certificate of |cert_list| with the given |fingerprint|. If none or
+// more than one matching entry exists, returns NULL.
+CHROMEOS_EXPORT net::X509Certificate* FindCertByFingerprint(
+    const net::CertificateList& cert_list,
+    const std::string& fingerprint);
+
+// Returns the PEM encoding of the certificate of |cert_list| with
+// |fingerprint|. If none or more than one matching entry exists or the encoding
+// failed, returns an empty string.
+CHROMEOS_EXPORT std::string GetPEMEncodedCertFromFingerprint(
+    const net::CertificateList& cert_list,
+    const std::string& fingerprint);
+
 // Parse the given PEM encoded certificate |pem_encoded| and create a
 // X509Certificate from it.
 CHROMEOS_EXPORT scoped_refptr<net::X509Certificate> DecodePEMCertificate(
-    const std::string& pem_encoded,
-    const std::string& nickname);
+    const std::string& pem_encoded);
+
+// Replaces all references by GUID to Server or CA certs by their fingerprints
+// (see GetHexFingerprintOfCert). Return true, if all references could be

[Mattias Nissler (ping if slow), 2013/06/24 12:45:09]

nit: *Returns, no comma

[pneubeck (no reviews), 2013/06/24 15:35:41]

Done.

+// resolved. Otherwise return false and network configurations with

[Mattias Nissler (ping if slow), 2013/06/24 12:45:09]

nit: *returns

[pneubeck (no reviews), 2013/06/24 15:35:41]

Done.

+// unresolveable references are removed from
+// |network_configs|. |network_configs| must be a list of ONC
+// NetworkConfiguration dictionaries.
+CHROMEOS_EXPORT bool ResolveServerCertRefsInNetworks(
+    const std::map<std::string,
+                   scoped_refptr<net::X509Certificate> >& certs_by_guid,
+    base::ListValue* network_configs);
+
+// Replaces all references by GUID to Server or CA certs by their fingerprints
+// (see GetHexFingerprintOfCert). |network_config| must be a ONC
+// NetworkConfiguration.
+CHROMEOS_EXPORT bool ResolveServerCertRefsInNetwork(
+    const std::map<std::string,
+                   scoped_refptr<net::X509Certificate> >& certs_by_guid,
+    base::DictionaryValue* network_config);
 
 }  // namespace onc
 }  // namespace chromeos
 
 #endif  // CHROMEOS_NETWORK_ONC_ONC_UTILS_H_