Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / certificate_manager_model.h
blob34d0f0786f29b2491e918d725508f12be2c90234
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CERTIFICATE_MANAGER_MODEL_H_
6 #define CHROME_BROWSER_CERTIFICATE_MANAGER_MODEL_H_
8 #include <map>
9 #include <string>
11 #include "base/callback.h"
12 #include "base/memory/ref_counted.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/strings/string16.h"
15 #include "net/cert/nss_cert_database.h"
17 namespace content {
18 class BrowserContext;
19 class ResourceContext;
20 } // namespace content
22 // CertificateManagerModel provides the data to be displayed in the certificate
23 // manager dialog, and processes changes from the view.
24 class CertificateManagerModel {
25 public:
26 // Map from the subject organization name to the list of certs from that
27 // organization. If a cert does not have an organization name, the
28 // subject's CertPrincipal::GetDisplayName() value is used instead.
29 typedef std::map<std::string, net::CertificateList> OrgGroupingMap;
31 typedef base::Callback<void(scoped_ptr<CertificateManagerModel>)>
32 CreationCallback;
34 // Enumeration of the possible columns in the certificate manager tree view.
35 enum Column {
36 COL_SUBJECT_NAME,
37 COL_CERTIFICATE_STORE,
38 COL_SERIAL_NUMBER,
39 COL_EXPIRES_ON,
42 class Observer {
43 public:
44 // Called to notify the view that the certificate list has been refreshed.
45 // TODO(mattm): do a more granular updating strategy? Maybe retrieve new
46 // list of certs, diff against past list, and then notify of the changes?
47 virtual void CertificatesRefreshed() = 0;
50 // Creates a CertificateManagerModel. The model will be passed to the callback
51 // when it is ready. The caller must ensure the model does not outlive the
52 // |browser_context|.
53 static void Create(content::BrowserContext* browser_context,
54 Observer* observer,
55 const CreationCallback& callback);
57 ~CertificateManagerModel();
59 bool is_user_db_available() const { return is_user_db_available_; }
60 bool is_tpm_available() const { return is_tpm_available_; }
62 // Accessor for read-only access to the underlying NSSCertDatabase.
63 const net::NSSCertDatabase* cert_db() const { return cert_db_; }
65 // Trigger a refresh of the list of certs, unlock any slots if necessary.
66 // Following this call, the observer CertificatesRefreshed method will be
67 // called so the view can call FilterAndBuildOrgGroupingMap as necessary to
68 // refresh its tree views.
69 void Refresh();
71 // Fill |map| with the certificates matching |filter_type|.
72 void FilterAndBuildOrgGroupingMap(net::CertType filter_type,
73 OrgGroupingMap* map) const;
75 // Get the data to be displayed in |column| for the given |cert|.
76 base::string16 GetColumnText(const net::X509Certificate& cert, Column column) const;
78 // Import private keys and certificates from PKCS #12 encoded
79 // |data|, using the given |password|. If |is_extractable| is false,
80 // mark the private key as unextractable from the module.
81 // Returns a net error code on failure.
82 int ImportFromPKCS12(net::CryptoModule* module, const std::string& data,
83 const base::string16& password, bool is_extractable);
85 // Import CA certificates.
86 // Tries to import all the certificates given. The root will be trusted
87 // according to |trust_bits|. Any certificates that could not be imported
88 // will be listed in |not_imported|.
89 // |trust_bits| should be a bit field of TRUST* values from NSSCertDatabase.
90 // Returns false if there is an internal error, otherwise true is returned and
91 // |not_imported| should be checked for any certificates that were not
92 // imported.
93 bool ImportCACerts(const net::CertificateList& certificates,
94 net::NSSCertDatabase::TrustBits trust_bits,
95 net::NSSCertDatabase::ImportCertFailureList* not_imported);
97 // Import server certificate. The first cert should be the server cert. Any
98 // additional certs should be intermediate/CA certs and will be imported but
99 // not given any trust.
100 // Any certificates that could not be imported will be listed in
101 // |not_imported|.
102 // |trust_bits| can be set to explicitly trust or distrust the certificate, or
103 // use TRUST_DEFAULT to inherit trust as normal.
104 // Returns false if there is an internal error, otherwise true is returned and
105 // |not_imported| should be checked for any certificates that were not
106 // imported.
107 bool ImportServerCert(
108 const net::CertificateList& certificates,
109 net::NSSCertDatabase::TrustBits trust_bits,
110 net::NSSCertDatabase::ImportCertFailureList* not_imported);
112 // Set trust values for certificate.
113 // |trust_bits| should be a bit field of TRUST* values from NSSCertDatabase.
114 // Returns true on success or false on failure.
115 bool SetCertTrust(const net::X509Certificate* cert,
116 net::CertType type,
117 net::NSSCertDatabase::TrustBits trust_bits);
119 // Delete the cert. Returns true on success. |cert| is still valid when this
120 // function returns.
121 bool Delete(net::X509Certificate* cert);
123 // IsHardwareBacked returns true if |cert| is hardware backed.
124 bool IsHardwareBacked(const net::X509Certificate* cert) const;
126 private:
127 CertificateManagerModel(net::NSSCertDatabase* nss_cert_database,
128 bool is_user_db_available,
129 bool is_tpm_available,
130 Observer* observer);
132 // Methods used during initialization, see the comment at the top of the .cc
133 // file for details.
134 static void DidGetCertDBOnUIThread(
135 net::NSSCertDatabase* cert_db,
136 bool is_user_db_available,
137 bool is_tpm_available,
138 CertificateManagerModel::Observer* observer,
139 const CreationCallback& callback);
140 static void DidGetCertDBOnIOThread(
141 CertificateManagerModel::Observer* observer,
142 const CreationCallback& callback,
143 net::NSSCertDatabase* cert_db);
144 static void GetCertDBOnIOThread(content::ResourceContext* context,
145 CertificateManagerModel::Observer* observer,
146 const CreationCallback& callback);
148 // Callback used by Refresh() for when the cert slots have been unlocked.
149 // This method does the actual refreshing.
150 void RefreshSlotsUnlocked();
152 net::NSSCertDatabase* cert_db_;
153 net::CertificateList cert_list_;
154 // Whether the certificate database has a public slot associated with the
155 // profile. If not set, importing certificates is not allowed with this model.
156 bool is_user_db_available_;
157 bool is_tpm_available_;
159 // The observer to notify when certificate list is refreshed.
160 Observer* observer_;
162 DISALLOW_COPY_AND_ASSIGN(CertificateManagerModel);
165 #endif // CHROME_BROWSER_CERTIFICATE_MANAGER_MODEL_H_