Make CertificateHandler a proper interface of CertificateImporter.

chromeos/network/onc/onc_certificate_importer.h

-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_
 #define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_
 
-#include <map>
-#include <string>
-#include <vector>
-
-#include "base/basictypes.h"
 #include "base/memory/ref_counted.h"

[Mattias Nissler (ping if slow), 2013/07/24 11:25:40]

no longer needed?

[pneubeck (no reviews), 2013/07/25 08:03:23]

Done.

-#include "base/memory/scoped_ptr.h"
 #include "chromeos/chromeos_export.h"
 #include "chromeos/network/onc/onc_constants.h"
+#include "net/cert/x509_certificate.h"
 
 namespace base {
-class DictionaryValue;
 class ListValue;
 }
 
-namespace net {
-class X509Certificate;
-typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
-}
-
 namespace chromeos {
 namespace onc {
 
-// This class handles certificate imports from ONC (both policy and user
-// imports) into the certificate store. The GUID of Client certificates is
-// stored together with the certificate as Nickname. In contrast, Server and CA
-// certificates are identified by their PEM and not by GUID.
-// TODO(pneubeck): Replace Nickname by PEM for Client
-// certificates. http://crbug.com/252119
 class CHROMEOS_EXPORT CertificateImporter {
  public:
-  typedef std::map<std::string, scoped_refptr<net::X509Certificate> >
-      CertsByGUID;
-  enum ParseResult {
-    IMPORT_OK,
-    IMPORT_INCOMPLETE,
-    IMPORT_FAILED,
-  };
+  CertificateImporter() {}
+  virtual ~CertificateImporter() {}
 
-  // During import with ParseCertificate(), Web trust is only applied to Server
-  // and Authority certificates with the TrustBits attribute "Web" if the
-  // |allow_trust_imports| permission is granted, otherwise the attribute is
-  // ignored.
-  explicit CertificateImporter(bool allow_trust_imports);
-
-  // Parses and stores the certificates in |onc_certificates| into the
-  // certificate store. If the "Remove" field of a certificate is enabled, then
-  // removes the certificate from the store instead of importing. Returns the
-  // result of the parse operation. In case of IMPORT_INCOMPLETE, some of the
-  // certificates may be stored/removed successfully while others had errors.
-  // If no error occurred, returns IMPORT_OK. If |onc_trusted_certificates| is
-  // not NULL, it will be filled with the list of certificates that requested
-  // the Web trust flag. If |imported_server_and_ca_certs| is not null, it will
-  // be filled with the (GUID, Certificate) pairs of all successfully imported
-  // Server and CA certificates.
-  ParseResult ParseAndStoreCertificates(
-      const base::ListValue& onc_certificates,
-      net::CertificateList* onc_trusted_certificates,
-      CertsByGUID* imported_server_and_ca_certs);
-
-  // Lists the certificates that have the string |label| as their certificate
-  // nickname (exact match).
-  static void ListCertsWithNickname(const std::string& label,
-                                    net::CertificateList* result);
-
- protected:
-  // Deletes any certificate that has the string |label| as its nickname (exact
-  // match).
-  static bool DeleteCertAndKeyByNickname(const std::string& label);
+  // Import the |certificates|, which must be a list of ONC Certificate objects.
+  // Certificates are only imported with web trust for user imports. If
+  // |onc_trusted_certificates| is not NULL, it will be filled with the list
+  // of certificates that requested the TrustBit "Web". Returns true if all
+  // certificates were imported successfully.
+  virtual bool ImportCertificates(
+      const base::ListValue& certificates,
+      onc::ONCSource source,
+      net::CertificateList* onc_trusted_certificates) = 0;
 
  private:
-  // Parses and stores/removes |certificate| in/from the certificate
-  // store. Returns true if the operation succeeded.
-  bool ParseAndStoreCertificate(
-      const base::DictionaryValue& certificate,
-      net::CertificateList* onc_trusted_certificates,
-      CertsByGUID* imported_server_and_ca_certs);
-
-  bool ParseServerOrCaCertificate(
-      const std::string& cert_type,
-      const std::string& guid,
-      const base::DictionaryValue& certificate,
-      net::CertificateList* onc_trusted_certificates,
-      CertsByGUID* imported_server_and_ca_certs);
-
-  bool ParseClientCertificate(const std::string& guid,
-                              const base::DictionaryValue& certificate);
-
-  // Whether certificates with TrustBits attribute "Web" should be stored with
-  // web trust.
-  bool allow_trust_imports_;
-
   DISALLOW_COPY_AND_ASSIGN(CertificateImporter);

[Mattias Nissler (ping if slow), 2013/07/24 11:25:40]

#include "base/basictypes.h"

[pneubeck (no reviews), 2013/07/25 08:03:23]

Done.

 };
 
 }  // namespace onc
 }  // namespace chromeos
 
 #endif  // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_