chromeos/network/onc/onc_certificate_importer_impl.h - chromium/src - Git at Google

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_
 #define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_

 #include <map>
 #include <memory>
 #include <string>
 #include <vector>

 #include "base/component_export.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/weak_ptr.h"
 #include "chromeos/network/onc/onc_certificate_importer.h"
 #include "chromeos/network/onc/onc_parsed_certificates.h"
 #include "components/onc/onc_constants.h"

 namespace base {
 class SequencedTaskRunner;
 }

 namespace net {
 class NSSCertDatabase;
 }

 namespace chromeos {
 namespace onc {

 // This class handles certificate imports from ONC (both policy and user
 // imports) into a certificate store. The GUID of Client certificates is stored
 // together with the certificate as Nickname. In contrast, Server and CA
 // certificates are identified by their PEM and not by GUID.
 // TODO(pneubeck): Replace Nickname by PEM for Client
 // certificates. http://crbug.com/252119
 class COMPONENT_EXPORT(CHROMEOS_NETWORK) CertificateImporterImpl
     : public CertificateImporter {
  public:
   // |io_task_runner| will be used for NSSCertDatabase accesses.
   CertificateImporterImpl(
       const scoped_refptr<base::SequencedTaskRunner>& io_task_runner,
       net::NSSCertDatabase* target_nssdb_);
   ~CertificateImporterImpl() override;

   // CertificateImporter overrides
   void ImportAllCertificatesUserInitiated(
       const std::vector<OncParsedCertificates::ServerOrAuthorityCertificate>&
           server_or_authority_certificates,
       const std::vector<OncParsedCertificates::ClientCertificate>&
           client_certificates,
       DoneCallback done_callback) override;

   void ImportClientCertificates(
       const std::vector<OncParsedCertificates::ClientCertificate>&
           client_certificates,
       DoneCallback done_callback) override;

  private:
   // Runs |task| on the |io_task_runner_|. Calls |done_callback| on the origin
   // loop if this |CertificateImporterImpl| has not been destroyed in the
   // meantime.
   void RunTaskOnIOTaskRunnerAndCallDoneCallback(base::OnceCallback<bool()> task,
                                                 DoneCallback done_callback);

   // Calls |callback| with |success|. This is used to ensure that |callback| is
   // only called if this |CertificateImporterImpl| has not been destroyed yet.
   void RunDoneCallback(DoneCallback callback, bool success);

   // Synchronously imports |client_certificates| into |nssdb|. This will be
   // executed on the |io_task_runner_|.
   static bool StoreClientCertificates(
       const std::vector<OncParsedCertificates::ClientCertificate>&
           client_certificates,
       net::NSSCertDatabase* nssdb);

   // Synchronously imports all server/authority and client certificates from
   // |certificates| into |nssdb|. This will be executed on the
   // |io_task_runner_|.
   static bool StoreAllCertificatesUserInitiated(
       const std::vector<OncParsedCertificates::ServerOrAuthorityCertificate>&
           server_or_authority_certificates,
       const std::vector<OncParsedCertificates::ClientCertificate>&
           client_certificates,
       net::NSSCertDatabase* nssdb);

   // Imports the Server or CA certificate |certificate|. Web trust is only
   // applied if the certificate requests the TrustBits attribute "Web".
   static bool StoreServerOrCaCertificateUserInitiated(
       const OncParsedCertificates::ServerOrAuthorityCertificate& certificate,
       net::NSSCertDatabase* nssdb);

   static bool StoreClientCertificate(
       const OncParsedCertificates::ClientCertificate& certificate,
       net::NSSCertDatabase* nssdb);

   // The task runner to use for NSSCertDatabase accesses.
   scoped_refptr<base::SequencedTaskRunner> io_task_runner_;

   // The certificate database to which certificates are imported.
   net::NSSCertDatabase* target_nssdb_;

   base::WeakPtrFactory<CertificateImporterImpl> weak_factory_{this};

   DISALLOW_COPY_AND_ASSIGN(CertificateImporterImpl);
 };

 }  // namespace onc
 }  // namespace chromeos

 #endif  // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_
	// Copyright 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_
	#define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_

	#include <map>
	#include <memory>
	#include <string>
	#include <vector>

	#include "base/component_export.h"
	#include "base/macros.h"
	#include "base/memory/ref_counted.h"
	#include "base/memory/weak_ptr.h"
	#include "chromeos/network/onc/onc_certificate_importer.h"
	#include "chromeos/network/onc/onc_parsed_certificates.h"
	#include "components/onc/onc_constants.h"

	namespace base {
	class SequencedTaskRunner;
	}

	namespace net {
	class NSSCertDatabase;
	}

	namespace chromeos {
	namespace onc {

	// This class handles certificate imports from ONC (both policy and user
	// imports) into a certificate store. The GUID of Client certificates is stored
	// together with the certificate as Nickname. In contrast, Server and CA
	// certificates are identified by their PEM and not by GUID.
	// TODO(pneubeck): Replace Nickname by PEM for Client
	// certificates. http://crbug.com/252119
	class COMPONENT_EXPORT(CHROMEOS_NETWORK) CertificateImporterImpl
	: public CertificateImporter {
	public:
	// \|io_task_runner\| will be used for NSSCertDatabase accesses.
	CertificateImporterImpl(
	const scoped_refptr<base::SequencedTaskRunner>& io_task_runner,
	net::NSSCertDatabase* target_nssdb_);
	~CertificateImporterImpl() override;

	// CertificateImporter overrides
	void ImportAllCertificatesUserInitiated(
	const std::vector<OncParsedCertificates::ServerOrAuthorityCertificate>&
	server_or_authority_certificates,
	const std::vector<OncParsedCertificates::ClientCertificate>&
	client_certificates,
	DoneCallback done_callback) override;

	void ImportClientCertificates(
	const std::vector<OncParsedCertificates::ClientCertificate>&
	client_certificates,
	DoneCallback done_callback) override;

	private:
	// Runs \|task\| on the \|io_task_runner_\|. Calls \|done_callback\| on the origin
	// loop if this \|CertificateImporterImpl\| has not been destroyed in the
	// meantime.
	void RunTaskOnIOTaskRunnerAndCallDoneCallback(base::OnceCallback<bool()> task,
	DoneCallback done_callback);

	// Calls \|callback\| with \|success\|. This is used to ensure that \|callback\| is
	// only called if this \|CertificateImporterImpl\| has not been destroyed yet.
	void RunDoneCallback(DoneCallback callback, bool success);

	// Synchronously imports \|client_certificates\| into \|nssdb\|. This will be
	// executed on the \|io_task_runner_\|.
	static bool StoreClientCertificates(
	const std::vector<OncParsedCertificates::ClientCertificate>&
	client_certificates,
	net::NSSCertDatabase* nssdb);

	// Synchronously imports all server/authority and client certificates from
	// \|certificates\| into \|nssdb\|. This will be executed on the
	// \|io_task_runner_\|.
	static bool StoreAllCertificatesUserInitiated(
	const std::vector<OncParsedCertificates::ServerOrAuthorityCertificate>&
	server_or_authority_certificates,
	const std::vector<OncParsedCertificates::ClientCertificate>&
	client_certificates,
	net::NSSCertDatabase* nssdb);

	// Imports the Server or CA certificate \|certificate\|. Web trust is only
	// applied if the certificate requests the TrustBits attribute "Web".
	static bool StoreServerOrCaCertificateUserInitiated(
	const OncParsedCertificates::ServerOrAuthorityCertificate& certificate,
	net::NSSCertDatabase* nssdb);

	static bool StoreClientCertificate(
	const OncParsedCertificates::ClientCertificate& certificate,
	net::NSSCertDatabase* nssdb);

	// The task runner to use for NSSCertDatabase accesses.
	scoped_refptr<base::SequencedTaskRunner> io_task_runner_;

	// The certificate database to which certificates are imported.
	net::NSSCertDatabase* target_nssdb_;

	base::WeakPtrFactory<CertificateImporterImpl> weak_factory_{this};

	DISALLOW_COPY_AND_ASSIGN(CertificateImporterImpl);
	};

	} // namespace onc
	} // namespace chromeos

	#endif // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_