Chromium Code Reviews| Index: chromeos/network/onc/onc_certificate_importer.h |
| diff --git a/chromeos/network/onc/onc_certificate_importer.h b/chromeos/network/onc/onc_certificate_importer.h |
| index 48488828e302bc062f7ec4d12e7fe615cf9f9357..a271c915b805bf9f7bf3bbe0783c680935aaa846 100644 |
| --- a/chromeos/network/onc/onc_certificate_importer.h |
| +++ b/chromeos/network/onc/onc_certificate_importer.h |
| @@ -1,102 +1,38 @@ |
| -// Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| +// Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| #ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ |
| #define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_H_ |
| -#include <map> |
| -#include <string> |
| -#include <vector> |
| - |
| -#include "base/basictypes.h" |
| #include "base/memory/ref_counted.h" |
|
Mattias Nissler (ping if slow)
2013/07/24 11:25:40
no longer needed?
pneubeck (no reviews)
2013/07/25 08:03:23
Done.
|
| -#include "base/memory/scoped_ptr.h" |
| #include "chromeos/chromeos_export.h" |
| #include "chromeos/network/onc/onc_constants.h" |
| +#include "net/cert/x509_certificate.h" |
| namespace base { |
| -class DictionaryValue; |
| class ListValue; |
| } |
| -namespace net { |
| -class X509Certificate; |
| -typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; |
| -} |
| - |
| namespace chromeos { |
| namespace onc { |
| -// This class handles certificate imports from ONC (both policy and user |
| -// imports) into the certificate store. The GUID of Client certificates is |
| -// stored together with the certificate as Nickname. In contrast, Server and CA |
| -// certificates are identified by their PEM and not by GUID. |
| -// TODO(pneubeck): Replace Nickname by PEM for Client |
| -// certificates. http://crbug.com/252119 |
| class CHROMEOS_EXPORT CertificateImporter { |
| public: |
| - typedef std::map<std::string, scoped_refptr<net::X509Certificate> > |
| - CertsByGUID; |
| - enum ParseResult { |
| - IMPORT_OK, |
| - IMPORT_INCOMPLETE, |
| - IMPORT_FAILED, |
| - }; |
| - |
| - // During import with ParseCertificate(), Web trust is only applied to Server |
| - // and Authority certificates with the TrustBits attribute "Web" if the |
| - // |allow_trust_imports| permission is granted, otherwise the attribute is |
| - // ignored. |
| - explicit CertificateImporter(bool allow_trust_imports); |
| - |
| - // Parses and stores the certificates in |onc_certificates| into the |
| - // certificate store. If the "Remove" field of a certificate is enabled, then |
| - // removes the certificate from the store instead of importing. Returns the |
| - // result of the parse operation. In case of IMPORT_INCOMPLETE, some of the |
| - // certificates may be stored/removed successfully while others had errors. |
| - // If no error occurred, returns IMPORT_OK. If |onc_trusted_certificates| is |
| - // not NULL, it will be filled with the list of certificates that requested |
| - // the Web trust flag. If |imported_server_and_ca_certs| is not null, it will |
| - // be filled with the (GUID, Certificate) pairs of all successfully imported |
| - // Server and CA certificates. |
| - ParseResult ParseAndStoreCertificates( |
| - const base::ListValue& onc_certificates, |
| - net::CertificateList* onc_trusted_certificates, |
| - CertsByGUID* imported_server_and_ca_certs); |
| - |
| - // Lists the certificates that have the string |label| as their certificate |
| - // nickname (exact match). |
| - static void ListCertsWithNickname(const std::string& label, |
| - net::CertificateList* result); |
| - |
| - protected: |
| - // Deletes any certificate that has the string |label| as its nickname (exact |
| - // match). |
| - static bool DeleteCertAndKeyByNickname(const std::string& label); |
| + CertificateImporter() {} |
| + virtual ~CertificateImporter() {} |
| + |
| + // Import the |certificates|, which must be a list of ONC Certificate objects. |
| + // Certificates are only imported with web trust for user imports. If |
| + // |onc_trusted_certificates| is not NULL, it will be filled with the list |
| + // of certificates that requested the TrustBit "Web". Returns true if all |
| + // certificates were imported successfully. |
| + virtual bool ImportCertificates( |
| + const base::ListValue& certificates, |
| + onc::ONCSource source, |
| + net::CertificateList* onc_trusted_certificates) = 0; |
| private: |
| - // Parses and stores/removes |certificate| in/from the certificate |
| - // store. Returns true if the operation succeeded. |
| - bool ParseAndStoreCertificate( |
| - const base::DictionaryValue& certificate, |
| - net::CertificateList* onc_trusted_certificates, |
| - CertsByGUID* imported_server_and_ca_certs); |
| - |
| - bool ParseServerOrCaCertificate( |
| - const std::string& cert_type, |
| - const std::string& guid, |
| - const base::DictionaryValue& certificate, |
| - net::CertificateList* onc_trusted_certificates, |
| - CertsByGUID* imported_server_and_ca_certs); |
| - |
| - bool ParseClientCertificate(const std::string& guid, |
| - const base::DictionaryValue& certificate); |
| - |
| - // Whether certificates with TrustBits attribute "Web" should be stored with |
| - // web trust. |
| - bool allow_trust_imports_; |
| - |
| DISALLOW_COPY_AND_ASSIGN(CertificateImporter); |
|
Mattias Nissler (ping if slow)
2013/07/24 11:25:40
#include "base/basictypes.h"
pneubeck (no reviews)
2013/07/25 08:03:23
Done.
|
| }; |