chromeos/network/onc/onc_certificate_importer_impl.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_
   6 #define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_
   7
   8 #include <map>
   9 #include <string>
  10 #include <vector>
  11
  12 #include "base/basictypes.h"
  13 #include "base/memory/ref_counted.h"
  14 #include "base/memory/scoped_ptr.h"
  15 #include "chromeos/chromeos_export.h"
  16 #include "chromeos/network/onc/onc_certificate_importer.h"
  17 #include "components/onc/onc_constants.h"
  18
  19 namespace base {
  20 class DictionaryValue;
  21 class ListValue;
  22 }
  23
  24 namespace net {
  25 class NSSCertDatabase;
  26 class X509Certificate;
  27 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
  28 }
  29
  30 namespace chromeos {
  31 namespace onc {
  32
  33 // This class handles certificate imports from ONC (both policy and user
  34 // imports) into the certificate store. The GUID of Client certificates is
  35 // stored together with the certificate as Nickname. In contrast, Server and CA
  36 // certificates are identified by their PEM and not by GUID.
  37 // TODO(pneubeck): Replace Nickname by PEM for Client
  38 // certificates. http://crbug.com/252119
  39 class CHROMEOS_EXPORT CertificateImporterImpl : public CertificateImporter {
  40  public:
  41   typedef std::map<std::string, scoped_refptr<net::X509Certificate> >
  42       CertsByGUID;
  43
  44   explicit CertificateImporterImpl(net::NSSCertDatabase* target_nssdb_);
  45
  46   // CertificateImporter overrides
  47   virtual bool ImportCertificates(
  48       const base::ListValue& certificates,
  49       ::onc::ONCSource source,
  50       net::CertificateList* onc_trusted_certificates) OVERRIDE;
  51
  52   // This implements ImportCertificates. Additionally, if
  53   // |imported_server_and_ca_certs| is not NULL, it will be filled with the
  54   // (GUID, Certificate) pairs of all succesfully imported Server and CA
  55   // certificates.
  56   bool ParseAndStoreCertificates(bool allow_trust_imports,
  57                                  const base::ListValue& onc_certificates,
  58                                  net::CertificateList* onc_trusted_certificates,
  59                                  CertsByGUID* imported_server_and_ca_certs);
  60
  61  private:
  62   // Lists the certificates that have the string |label| as their certificate
  63   // nickname (exact match).
  64   static void ListCertsWithNickname(const std::string& label,
  65                                     net::CertificateList* result,
  66                                     net::NSSCertDatabase* target_nssdb);
  67
  68   // Deletes any certificate that has the string |label| as its nickname (exact
  69   // match).
  70   static bool DeleteCertAndKeyByNickname(const std::string& label,
  71                                          net::NSSCertDatabase* target_nssdb);
  72
  73   // Parses and stores/removes |certificate| in/from the certificate
  74   // store. Returns true if the operation succeeded.
  75   bool ParseAndStoreCertificate(
  76       bool allow_trust_imports,
  77       const base::DictionaryValue& certificate,
  78       net::CertificateList* onc_trusted_certificates,
  79       CertsByGUID* imported_server_and_ca_certs);
  80
  81   // Imports the Server or CA certificate |certificate|. Web trust is only
  82   // applied if the certificate requests the TrustBits attribute "Web" and if
  83   // the |allow_trust_imports| permission is granted, otherwise the attribute is
  84   // ignored.
  85   bool ParseServerOrCaCertificate(
  86       bool allow_trust_imports,
  87       const std::string& cert_type,
  88       const std::string& guid,
  89       const base::DictionaryValue& certificate,
  90       net::CertificateList* onc_trusted_certificates,
  91       CertsByGUID* imported_server_and_ca_certs);
  92
  93   bool ParseClientCertificate(const std::string& guid,
  94                               const base::DictionaryValue& certificate);
  95
  96   // The certificate database to which certificates are imported.
  97   net::NSSCertDatabase* target_nssdb_;
  98
  99   DISALLOW_COPY_AND_ASSIGN(CertificateImporterImpl);
 100 };
 101
 102 }  // namespace onc
 103 }  // namespace chromeos
 104
 105 #endif  // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_