File: onc_certificate_importer_impl.h

package info (click to toggle)
chromium 138.0.7204.183-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 6,071,908 kB
  • sloc: cpp: 34,937,088; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,953; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,806; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (123 lines) | stat: -rw-r--r-- 4,774 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
 
// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROMEOS_ASH_COMPONENTS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_
#define CHROMEOS_ASH_COMPONENTS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_

#include <map>
#include <memory>
#include <string>
#include <vector>

#include "base/component_export.h"
#include "base/memory/raw_ptr.h"
#include "base/memory/ref_counted.h"
#include "base/memory/weak_ptr.h"
#include "chromeos/ash/components/network/onc/onc_certificate_importer.h"
#include "chromeos/components/onc/onc_parsed_certificates.h"
#include "components/onc/onc_constants.h"

namespace base {
class SequencedTaskRunner;
}

namespace net {
class NSSCertDatabase;
}

namespace ash::onc {

// This class handles certificate imports from ONC (both policy and user
// imports) into a certificate store. The GUID of Client certificates is stored
// together with the certificate as Nickname. In contrast, Server and CA
// certificates are identified by their PEM and not by GUID.
// TODO(pneubeck): Replace Nickname by PEM for Client
// certificates. http://crbug.com/252119
class COMPONENT_EXPORT(CHROMEOS_NETWORK) CertificateImporterImpl
    : public CertificateImporter {
 public:
  // |io_task_runner| will be used for NSSCertDatabase accesses.
  CertificateImporterImpl(
      const scoped_refptr<base::SequencedTaskRunner>& io_task_runner,
      net::NSSCertDatabase* target_nssdb_);

  CertificateImporterImpl(const CertificateImporterImpl&) = delete;
  CertificateImporterImpl& operator=(const CertificateImporterImpl&) = delete;

  ~CertificateImporterImpl() override;

  // CertificateImporter overrides
  void ImportAllCertificatesUserInitiated(
      const std::vector<
          chromeos::onc::OncParsedCertificates::ServerOrAuthorityCertificate>&
          server_or_authority_certificates,
      const std::vector<
          chromeos::onc::OncParsedCertificates::ClientCertificate>&
          client_certificates,
      DoneCallback done_callback) override;

  void ImportClientCertificates(
      const std::vector<
          chromeos::onc::OncParsedCertificates::ClientCertificate>&
          client_certificates,
      DoneCallback done_callback) override;

 private:
  // Runs |task| on the |io_task_runner_|. Calls |done_callback| on the origin
  // loop if this |CertificateImporterImpl| has not been destroyed in the
  // meantime.
  void RunTaskOnIOTaskRunnerAndCallDoneCallback(base::OnceCallback<bool()> task,
                                                DoneCallback done_callback);

  // Calls |callback| with |success|. This is used to ensure that |callback| is
  // only called if this |CertificateImporterImpl| has not been destroyed yet.
  void RunDoneCallback(DoneCallback callback, bool success);

  // Synchronously imports |client_certificates| into |nssdb|. This will be
  // executed on the |io_task_runner_|.
  static bool StoreClientCertificates(
      const std::vector<
          chromeos::onc::OncParsedCertificates::ClientCertificate>&
          client_certificates,
      net::NSSCertDatabase* nssdb);

  // Synchronously imports all server/authority and client certificates from
  // |certificates| into |nssdb|. This will be executed on the
  // |io_task_runner_|.
  // TODO(crbug.com/40928765): Remove ability for server certs to be imported
  // into NSS after features::kEnableCertManagementUIV2Write is defaulted to on
  // for ChromeOS.
  static bool StoreAllCertificatesUserInitiated(
      const std::vector<
          chromeos::onc::OncParsedCertificates::ServerOrAuthorityCertificate>&
          server_or_authority_certificates,
      const std::vector<
          chromeos::onc::OncParsedCertificates::ClientCertificate>&
          client_certificates,
      net::NSSCertDatabase* nssdb);

  // Imports the Server or CA certificate |certificate|. Web trust is only
  // applied if the certificate requests the TrustBits attribute "Web".
  static bool StoreServerOrCaCertificateUserInitiated(
      const chromeos::onc::OncParsedCertificates::ServerOrAuthorityCertificate&
          certificate,
      net::NSSCertDatabase* nssdb);

  static bool StoreClientCertificate(
      const chromeos::onc::OncParsedCertificates::ClientCertificate&
          certificate,
      net::NSSCertDatabase* nssdb);

  // The task runner to use for NSSCertDatabase accesses.
  scoped_refptr<base::SequencedTaskRunner> io_task_runner_;

  // The certificate database to which certificates are imported.
  raw_ptr<net::NSSCertDatabase> target_nssdb_;

  base::WeakPtrFactory<CertificateImporterImpl> weak_factory_{this};
};

}  // namespace ash::onc

#endif  // CHROMEOS_ASH_COMPONENTS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_