Chromium Code Reviews Chromium Code Reviews
Issue 547553005:
Make ONCCertificateImporter async. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@nss_util_deadcode| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_ | 5 #ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_ |
| 6 #define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_ | 6 #define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| 11 | 11 |
| 12 #include "base/basictypes.h" | 12 #include "base/basictypes.h" |
| 13 #include "base/memory/ref_counted.h" | 13 #include "base/memory/ref_counted.h" |
| 14 #include "base/memory/scoped_ptr.h" | 14 #include "base/memory/scoped_ptr.h" |
| 15 #include "base/memory/weak_ptr.h" | |
| 15 #include "chromeos/chromeos_export.h" | 16 #include "chromeos/chromeos_export.h" |
| 16 #include "chromeos/network/onc/onc_certificate_importer.h" | 17 #include "chromeos/network/onc/onc_certificate_importer.h" |
| 17 #include "components/onc/onc_constants.h" | 18 #include "components/onc/onc_constants.h" |
| 18 | 19 |
| 19 namespace base { | 20 namespace base { |
| 20 class DictionaryValue; | 21 class DictionaryValue; |
| 21 class ListValue; | 22 class ListValue; |
| 23 class SequencedTaskRunner; | |
| 24 class SingleThreadTaskRunner; | |
| 22 } | 25 } |
| 23 | 26 |
| 24 namespace net { | 27 namespace net { |
| 25 class NSSCertDatabase; | 28 class NSSCertDatabase; |
| 26 class X509Certificate; | 29 class X509Certificate; |
| 27 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; | 30 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; |
| 28 } | 31 } |
| 29 | 32 |
| 30 namespace chromeos { | 33 namespace chromeos { |
| 31 namespace onc { | 34 namespace onc { |
| 32 | 35 |
| 33 // This class handles certificate imports from ONC (both policy and user | 36 // This class handles certificate imports from ONC (both policy and user |
| 34 // imports) into the certificate store. The GUID of Client certificates is | 37 // imports) into the certificate store. The GUID of Client certificates is |
| 35 // stored together with the certificate as Nickname. In contrast, Server and CA | 38 // stored together with the certificate as Nickname. In contrast, Server and CA |
| 36 // certificates are identified by their PEM and not by GUID. | 39 // certificates are identified by their PEM and not by GUID. |
| 37 // TODO(pneubeck): Replace Nickname by PEM for Client | 40 // TODO(pneubeck): Replace Nickname by PEM for Client |
| 38 // certificates. http://crbug.com/252119 | 41 // certificates. http://crbug.com/252119 |
| 39 class CHROMEOS_EXPORT CertificateImporterImpl : public CertificateImporter { | 42 class CHROMEOS_EXPORT CertificateImporterImpl : public CertificateImporter { |
| 40 public: | 43 public: |
| 41 typedef std::map<std::string, scoped_refptr<net::X509Certificate> > | 44 // |task_runner| will be used for NSSCertDatabase accesses. |
| 42 CertsByGUID; | 45 explicit CertificateImporterImpl( |
|
Joao da Silva
2014/09/15 12:38:24
no need for explicit
pneubeck (no reviews)
2014/09/17 12:44:21
Done.
| |
| 43 | 46 const scoped_refptr<base::SequencedTaskRunner>& task_runner, |
|
Joao da Silva
2014/09/15 12:38:24
Call it io_task_runner or net_task_runner to make
pneubeck (no reviews)
2014/09/17 12:44:22
Done.
| |
| 44 explicit CertificateImporterImpl(net::NSSCertDatabase* target_nssdb_); | 47 net::NSSCertDatabase* target_nssdb_); |
| 48 virtual ~CertificateImporterImpl(); | |
| 45 | 49 |
| 46 // CertificateImporter overrides | 50 // CertificateImporter overrides |
| 47 virtual bool ImportCertificates( | 51 virtual void ImportCertificates(const base::ListValue& certificates, |
| 48 const base::ListValue& certificates, | 52 ::onc::ONCSource source, |
| 49 ::onc::ONCSource source, | 53 const DoneCallback& done_callback) OVERRIDE; |
| 50 net::CertificateList* onc_trusted_certificates) OVERRIDE; | |
| 51 | |
| 52 // This implements ImportCertificates. Additionally, if | |
| 53 // |imported_server_and_ca_certs| is not NULL, it will be filled with the | |
| 54 // (GUID, Certificate) pairs of all succesfully imported Server and CA | |
| 55 // certificates. | |
| 56 bool ParseAndStoreCertificates(bool allow_trust_imports, | |
| 57 const base::ListValue& onc_certificates, | |
| 58 net::CertificateList* onc_trusted_certificates, | |
| 59 CertsByGUID* imported_server_and_ca_certs); | |
| 60 | 54 |
| 61 private: | 55 private: |
| 56 void RunDoneCallback(const CertificateImporter::DoneCallback& callback, | |
| 57 bool success, | |
| 58 const net::CertificateList& onc_trusted_certificates); | |
| 59 | |
| 60 // This is the synchronous implementation of ImportCertificates. It is | |
| 61 // executed on the given |task_runner_|. | |
| 62 static void ParseAndStoreCertificates(::onc::ONCSource source, | |
| 63 const DoneCallback& done_callback, | |
| 64 base::ListValue* certificates, | |
| 65 net::NSSCertDatabase* nssdb); | |
| 66 | |
| 62 // Lists the certificates that have the string |label| as their certificate | 67 // Lists the certificates that have the string |label| as their certificate |
| 63 // nickname (exact match). | 68 // nickname (exact match). |
| 64 static void ListCertsWithNickname(const std::string& label, | 69 static void ListCertsWithNickname(const std::string& label, |
| 65 net::CertificateList* result, | 70 net::CertificateList* result, |
| 66 net::NSSCertDatabase* target_nssdb); | 71 net::NSSCertDatabase* target_nssdb); |
| 67 | 72 |
| 68 // Deletes any certificate that has the string |label| as its nickname (exact | 73 // Deletes any certificate that has the string |label| as its nickname (exact |
| 69 // match). | 74 // match). |
| 70 static bool DeleteCertAndKeyByNickname(const std::string& label, | 75 static bool DeleteCertAndKeyByNickname(const std::string& label, |
| 71 net::NSSCertDatabase* target_nssdb); | 76 net::NSSCertDatabase* target_nssdb); |
| 72 | 77 |
| 73 // Parses and stores/removes |certificate| in/from the certificate | 78 // Parses and stores/removes |certificate| in/from the certificate |
| 74 // store. Returns true if the operation succeeded. | 79 // store. Returns true if the operation succeeded. |
| 75 bool ParseAndStoreCertificate( | 80 static bool ParseAndStoreCertificate( |
| 76 bool allow_trust_imports, | 81 bool allow_trust_imports, |
| 77 const base::DictionaryValue& certificate, | 82 const base::DictionaryValue& certificate, |
| 78 net::CertificateList* onc_trusted_certificates, | 83 net::NSSCertDatabase* nssdb, |
| 79 CertsByGUID* imported_server_and_ca_certs); | 84 net::CertificateList* onc_trusted_certificates); |
| 80 | 85 |
| 81 // Imports the Server or CA certificate |certificate|. Web trust is only | 86 // Imports the Server or CA certificate |certificate|. Web trust is only |
| 82 // applied if the certificate requests the TrustBits attribute "Web" and if | 87 // applied if the certificate requests the TrustBits attribute "Web" and if |
| 83 // the |allow_trust_imports| permission is granted, otherwise the attribute is | 88 // the |allow_trust_imports| permission is granted, otherwise the attribute is |
| 84 // ignored. | 89 // ignored. |
| 85 bool ParseServerOrCaCertificate( | 90 static bool ParseServerOrCaCertificate( |
| 86 bool allow_trust_imports, | 91 bool allow_trust_imports, |
| 87 const std::string& cert_type, | 92 const std::string& cert_type, |
| 88 const std::string& guid, | 93 const std::string& guid, |
| 89 const base::DictionaryValue& certificate, | 94 const base::DictionaryValue& certificate, |
| 90 net::CertificateList* onc_trusted_certificates, | 95 net::NSSCertDatabase* nssdb, |
| 91 CertsByGUID* imported_server_and_ca_certs); | 96 net::CertificateList* onc_trusted_certificates); |
| 92 | 97 |
| 93 bool ParseClientCertificate(const std::string& guid, | 98 static bool ParseClientCertificate(const std::string& guid, |
| 94 const base::DictionaryValue& certificate); | 99 const base::DictionaryValue& certificate, |
| 100 net::NSSCertDatabase* nssdb); | |
| 101 | |
| 102 // The task runner to use for NSSCertDatabase accesses. | |
| 103 scoped_refptr<base::SequencedTaskRunner> task_runner_; | |
|
Joao da Silva
2014/09/15 12:38:24
io_task_runner_ or net_task_runner_?
pneubeck (no reviews)
2014/09/17 12:44:21
Done.
| |
| 95 | 104 |
| 96 // The certificate database to which certificates are imported. | 105 // The certificate database to which certificates are imported. |
| 97 net::NSSCertDatabase* target_nssdb_; | 106 net::NSSCertDatabase* target_nssdb_; |
| 98 | 107 |
| 108 base::WeakPtrFactory<CertificateImporterImpl> weak_factory_; | |
| 109 | |
| 99 DISALLOW_COPY_AND_ASSIGN(CertificateImporterImpl); | 110 DISALLOW_COPY_AND_ASSIGN(CertificateImporterImpl); |
| 100 }; | 111 }; |
| 101 | 112 |
| 102 } // namespace onc | 113 } // namespace onc |
| 103 } // namespace chromeos | 114 } // namespace chromeos |
| 104 | 115 |
| 105 #endif // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_ | 116 #endif // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_ |
| OLD | NEW |
