OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_NSS_CERT_DATABASE_H_ | 5 #ifndef NET_CERT_NSS_CERT_DATABASE_H_ |
6 #define NET_CERT_NSS_CERT_DATABASE_H_ | 6 #define NET_CERT_NSS_CERT_DATABASE_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <memory> | 10 #include <memory> |
(...skipping 24 matching lines...) Expand all Loading... |
35 | 35 |
36 // Provides functions to manipulate the NSS certificate stores. | 36 // Provides functions to manipulate the NSS certificate stores. |
37 // Forwards notifications about certificate changes to the global CertDatabase | 37 // Forwards notifications about certificate changes to the global CertDatabase |
38 // singleton. | 38 // singleton. |
39 class NET_EXPORT NSSCertDatabase { | 39 class NET_EXPORT NSSCertDatabase { |
40 public: | 40 public: |
41 class NET_EXPORT Observer { | 41 class NET_EXPORT Observer { |
42 public: | 42 public: |
43 virtual ~Observer() {} | 43 virtual ~Observer() {} |
44 | 44 |
45 // Will be called when a new certificate is added. | |
46 // Called with |cert| == NULL after importing a list of certificates | |
47 // in ImportFromPKCS12(). | |
48 virtual void OnCertAdded(const X509Certificate* cert) {} | |
49 | |
50 // Will be called when a certificate is removed. | |
51 virtual void OnCertRemoved(const X509Certificate* cert) {} | |
52 | |
53 // Will be called when a CA certificate is changed. | 45 // Will be called when a CA certificate is changed. |
54 // Called with |cert| == NULL after importing a list of certificates | 46 // Called with |cert| == NULL after importing a list of certificates |
55 // in ImportCACerts(). | 47 // in ImportCACerts(). |
56 virtual void OnCACertChanged(const X509Certificate* cert) {} | 48 virtual void OnCertDBChanged(const X509Certificate* cert) {} |
57 | 49 |
58 protected: | 50 protected: |
59 Observer() {} | 51 Observer() {} |
60 | 52 |
61 private: | 53 private: |
62 DISALLOW_COPY_AND_ASSIGN(Observer); | 54 DISALLOW_COPY_AND_ASSIGN(Observer); |
63 }; | 55 }; |
64 | 56 |
65 // Stores per-certificate error codes for import failures. | 57 // Stores per-certificate error codes for import failures. |
66 struct NET_EXPORT ImportCertFailure { | 58 struct NET_EXPORT ImportCertFailure { |
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
192 // Uses similar logic to nsNSSCertificateDB::handleCACertDownload to find the | 184 // Uses similar logic to nsNSSCertificateDB::handleCACertDownload to find the |
193 // root. Assumes the list is an ordered hierarchy with the root being either | 185 // root. Assumes the list is an ordered hierarchy with the root being either |
194 // the first or last element. | 186 // the first or last element. |
195 // TODO(mattm): improve this to handle any order. | 187 // TODO(mattm): improve this to handle any order. |
196 X509Certificate* FindRootInList(const CertificateList& certificates) const; | 188 X509Certificate* FindRootInList(const CertificateList& certificates) const; |
197 | 189 |
198 // Import a user certificate. The private key for the user certificate must | 190 // Import a user certificate. The private key for the user certificate must |
199 // already be installed, otherwise we return ERR_NO_PRIVATE_KEY_FOR_CERT. | 191 // already be installed, otherwise we return ERR_NO_PRIVATE_KEY_FOR_CERT. |
200 // Returns OK or a network error code. | 192 // Returns OK or a network error code. |
201 int ImportUserCert(const std::string& data); | 193 int ImportUserCert(const std::string& data); |
| 194 int ImportUserCert(X509Certificate* cert); |
202 | 195 |
203 // Import CA certificates. | 196 // Import CA certificates. |
204 // Tries to import all the certificates given. The root will be trusted | 197 // Tries to import all the certificates given. The root will be trusted |
205 // according to |trust_bits|. Any certificates that could not be imported | 198 // according to |trust_bits|. Any certificates that could not be imported |
206 // will be listed in |not_imported|. | 199 // will be listed in |not_imported|. |
207 // Returns false if there is an internal error, otherwise true is returned and | 200 // Returns false if there is an internal error, otherwise true is returned and |
208 // |not_imported| should be checked for any certificates that were not | 201 // |not_imported| should be checked for any certificates that were not |
209 // imported. | 202 // imported. |
210 bool ImportCACerts(const CertificateList& certificates, | 203 bool ImportCACerts(const CertificateList& certificates, |
211 TrustBits trust_bits, | 204 TrustBits trust_bits, |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
268 static void ListCertsImpl(crypto::ScopedPK11Slot slot, | 261 static void ListCertsImpl(crypto::ScopedPK11Slot slot, |
269 CertificateList* certs); | 262 CertificateList* certs); |
270 | 263 |
271 // Gets task runner that should be used for slow tasks like certificate | 264 // Gets task runner that should be used for slow tasks like certificate |
272 // listing. Defaults to a base::WorkerPool runner, but may be overriden | 265 // listing. Defaults to a base::WorkerPool runner, but may be overriden |
273 // in tests (see SetSlowTaskRunnerForTest). | 266 // in tests (see SetSlowTaskRunnerForTest). |
274 scoped_refptr<base::TaskRunner> GetSlowTaskRunner() const; | 267 scoped_refptr<base::TaskRunner> GetSlowTaskRunner() const; |
275 | 268 |
276 protected: | 269 protected: |
277 // Broadcasts notifications to all registered observers. | 270 // Broadcasts notifications to all registered observers. |
278 void NotifyObserversOfCertAdded(const X509Certificate* cert); | 271 void NotifyObserversCertDBChanged(const X509Certificate* cert); |
279 void NotifyObserversOfCertRemoved(const X509Certificate* cert); | |
280 void NotifyObserversOfCACertChanged(const X509Certificate* cert); | |
281 | 272 |
282 private: | 273 private: |
283 // Registers |observer| to receive notifications of certificate changes. The | 274 // Registers |observer| to receive notifications of certificate changes. The |
284 // thread on which this is called is the thread on which |observer| will be | 275 // thread on which this is called is the thread on which |observer| will be |
285 // called back with notifications. | 276 // called back with notifications. |
286 // NOTE: Observers registered here will only receive notifications generated | 277 // NOTE: Observers registered here will only receive notifications generated |
287 // directly through the NSSCertDatabase, but not those from the CertDatabase. | 278 // directly through the NSSCertDatabase, but not those from the CertDatabase. |
288 // CertDatabase observers will receive all certificate notifications. | 279 // CertDatabase observers will receive all certificate notifications. |
289 void AddObserver(Observer* observer); | 280 void AddObserver(Observer* observer); |
290 | 281 |
(...skipping 23 matching lines...) Expand all Loading... |
314 const scoped_refptr<base::ObserverListThreadSafe<Observer>> observer_list_; | 305 const scoped_refptr<base::ObserverListThreadSafe<Observer>> observer_list_; |
315 | 306 |
316 base::WeakPtrFactory<NSSCertDatabase> weak_factory_; | 307 base::WeakPtrFactory<NSSCertDatabase> weak_factory_; |
317 | 308 |
318 DISALLOW_COPY_AND_ASSIGN(NSSCertDatabase); | 309 DISALLOW_COPY_AND_ASSIGN(NSSCertDatabase); |
319 }; | 310 }; |
320 | 311 |
321 } // namespace net | 312 } // namespace net |
322 | 313 |
323 #endif // NET_CERT_NSS_CERT_DATABASE_H_ | 314 #endif // NET_CERT_NSS_CERT_DATABASE_H_ |
OLD | NEW |