1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_ 6 #define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_ 7 8 #include <map> 9 #include <string> 10 #include <vector> 11 12 #include "base/basictypes.h" 13 #include "base/memory/ref_counted.h" 14 #include "base/memory/scoped_ptr.h" 15 #include "chromeos/chromeos_export.h" 16 #include "chromeos/network/onc/onc_certificate_importer.h" 17 #include "chromeos/network/onc/onc_constants.h" 18 19 namespace base { 20 class DictionaryValue; 21 class ListValue; 22 } 23 24 namespace net { 25 class X509Certificate; 26 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; 27 } 28 29 namespace chromeos { 30 namespace onc { 31 32 // This class handles certificate imports from ONC (both policy and user 33 // imports) into the certificate store. The GUID of Client certificates is 34 // stored together with the certificate as Nickname. In contrast, Server and CA 35 // certificates are identified by their PEM and not by GUID. 36 // TODO(pneubeck): Replace Nickname by PEM for Client 37 // certificates. http://crbug.com/252119 38 class CHROMEOS_EXPORT CertificateImporterImpl : public CertificateImporter { 39 public: 40 typedef std::map<std::string, scoped_refptr<net::X509Certificate> > 41 CertsByGUID; 42 43 CertificateImporterImpl(); 44 45 // CertificateImporter overrides 46 virtual bool ImportCertificates( 47 const base::ListValue& certificates, 48 onc::ONCSource source, 49 net::CertificateList* onc_trusted_certificates) OVERRIDE; 50 51 // This implements ImportCertificates. Additionally, if 52 // |imported_server_and_ca_certs| is not NULL, it will be filled with the 53 // (GUID, Certificate) pairs of all succesfully imported Server and CA 54 // certificates. 55 bool ParseAndStoreCertificates(bool allow_trust_imports, 56 const base::ListValue& onc_certificates, 57 net::CertificateList* onc_trusted_certificates, 58 CertsByGUID* imported_server_and_ca_certs); 59 60 // Lists the certificates that have the string |label| as their certificate 61 // nickname (exact match). 62 static void ListCertsWithNickname(const std::string& label, 63 net::CertificateList* result); 64 65 private: 66 // Deletes any certificate that has the string |label| as its nickname (exact 67 // match). 68 static bool DeleteCertAndKeyByNickname(const std::string& label); 69 70 // Parses and stores/removes |certificate| in/from the certificate 71 // store. Returns true if the operation succeeded. 72 bool ParseAndStoreCertificate( 73 bool allow_trust_imports, 74 const base::DictionaryValue& certificate, 75 net::CertificateList* onc_trusted_certificates, 76 CertsByGUID* imported_server_and_ca_certs); 77 78 // Imports the Server or CA certificate |certificate|. Web trust is only 79 // applied if the certificate requests the TrustBits attribute "Web" and if 80 // the |allow_trust_imports| permission is granted, otherwise the attribute is 81 // ignored. 82 bool ParseServerOrCaCertificate( 83 bool allow_trust_imports, 84 const std::string& cert_type, 85 const std::string& guid, 86 const base::DictionaryValue& certificate, 87 net::CertificateList* onc_trusted_certificates, 88 CertsByGUID* imported_server_and_ca_certs); 89 90 bool ParseClientCertificate(const std::string& guid, 91 const base::DictionaryValue& certificate); 92 93 DISALLOW_COPY_AND_ASSIGN(CertificateImporterImpl); 94 }; 95 96 } // namespace onc 97 } // namespace chromeos 98 99 #endif // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_ 100