1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CERTIFICATE_MANAGER_MODEL_H_ 6 #define CHROME_BROWSER_CERTIFICATE_MANAGER_MODEL_H_ 7 8 #include <map> 9 #include <string> 10 11 #include "base/memory/ref_counted.h" 12 #include "base/strings/string16.h" 13 #include "net/cert/nss_cert_database.h" 14 15 // CertificateManagerModel provides the data to be displayed in the certificate 16 // manager dialog, and processes changes from the view. 17 class CertificateManagerModel { 18 public: 19 // Map from the subject organization name to the list of certs from that 20 // organization. If a cert does not have an organization name, the 21 // subject's CertPrincipal::GetDisplayName() value is used instead. 22 typedef std::map<std::string, net::CertificateList> OrgGroupingMap; 23 24 // Enumeration of the possible columns in the certificate manager tree view. 25 enum Column { 26 COL_SUBJECT_NAME, 27 COL_CERTIFICATE_STORE, 28 COL_SERIAL_NUMBER, 29 COL_EXPIRES_ON, 30 }; 31 32 class Observer { 33 public: 34 // Called to notify the view that the certificate list has been refreshed. 35 // TODO(mattm): do a more granular updating strategy? Maybe retrieve new 36 // list of certs, diff against past list, and then notify of the changes? 37 virtual void CertificatesRefreshed() = 0; 38 }; 39 40 explicit CertificateManagerModel(Observer* observer); 41 ~CertificateManagerModel(); 42 43 // Accessor for read-only access to the underlying NSSCertDatabase. 44 const net::NSSCertDatabase* cert_db() const { return cert_db_; } 45 46 // Trigger a refresh of the list of certs, unlock any slots if necessary. 47 // Following this call, the observer CertificatesRefreshed method will be 48 // called so the view can call FilterAndBuildOrgGroupingMap as necessary to 49 // refresh its tree views. 50 void Refresh(); 51 52 // Fill |map| with the certificates matching |filter_type|. 53 void FilterAndBuildOrgGroupingMap(net::CertType filter_type, 54 OrgGroupingMap* map) const; 55 56 // Get the data to be displayed in |column| for the given |cert|. 57 string16 GetColumnText(const net::X509Certificate& cert, Column column) const; 58 59 // Import private keys and certificates from PKCS #12 encoded 60 // |data|, using the given |password|. If |is_extractable| is false, 61 // mark the private key as unextractable from the module. 62 // Returns a net error code on failure. 63 int ImportFromPKCS12(net::CryptoModule* module, const std::string& data, 64 const string16& password, bool is_extractable); 65 66 // Import CA certificates. 67 // Tries to import all the certificates given. The root will be trusted 68 // according to |trust_bits|. Any certificates that could not be imported 69 // will be listed in |not_imported|. 70 // |trust_bits| should be a bit field of TRUST* values from NSSCertDatabase. 71 // Returns false if there is an internal error, otherwise true is returned and 72 // |not_imported| should be checked for any certificates that were not 73 // imported. 74 bool ImportCACerts(const net::CertificateList& certificates, 75 net::NSSCertDatabase::TrustBits trust_bits, 76 net::NSSCertDatabase::ImportCertFailureList* not_imported); 77 78 // Import server certificate. The first cert should be the server cert. Any 79 // additional certs should be intermediate/CA certs and will be imported but 80 // not given any trust. 81 // Any certificates that could not be imported will be listed in 82 // |not_imported|. 83 // |trust_bits| can be set to explicitly trust or distrust the certificate, or 84 // use TRUST_DEFAULT to inherit trust as normal. 85 // Returns false if there is an internal error, otherwise true is returned and 86 // |not_imported| should be checked for any certificates that were not 87 // imported. 88 bool ImportServerCert( 89 const net::CertificateList& certificates, 90 net::NSSCertDatabase::TrustBits trust_bits, 91 net::NSSCertDatabase::ImportCertFailureList* not_imported); 92 93 // Set trust values for certificate. 94 // |trust_bits| should be a bit field of TRUST* values from NSSCertDatabase. 95 // Returns true on success or false on failure. 96 bool SetCertTrust(const net::X509Certificate* cert, 97 net::CertType type, 98 net::NSSCertDatabase::TrustBits trust_bits); 99 100 // Delete the cert. Returns true on success. |cert| is still valid when this 101 // function returns. 102 bool Delete(net::X509Certificate* cert); 103 104 // IsHardwareBacked returns true if |cert| is hardware backed. 105 // This function is only implemented for Chrome OS and always returns false 106 // for other platforms. 107 bool IsHardwareBacked(const net::X509Certificate* cert) const; 108 109 private: 110 // Callback used by Refresh() for when the cert slots have been unlocked. 111 // This method does the actual refreshing. 112 void RefreshSlotsUnlocked(); 113 114 net::NSSCertDatabase* cert_db_; 115 net::CertificateList cert_list_; 116 117 // The observer to notify when certificate list is refreshed. 118 Observer* observer_; 119 120 DISALLOW_COPY_AND_ASSIGN(CertificateManagerModel); 121 }; 122 123 #endif // CHROME_BROWSER_CERTIFICATE_MANAGER_MODEL_H_ 124
