File: onc_parsed_certificates.h

package info (click to toggle)
chromium 138.0.7204.183-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 6,071,908 kB
  • sloc: cpp: 34,937,088; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,953; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,806; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (137 lines) | stat: -rw-r--r-- 4,752 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
 
// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROMEOS_COMPONENTS_ONC_ONC_PARSED_CERTIFICATES_H_
#define CHROMEOS_COMPONENTS_ONC_ONC_PARSED_CERTIFICATES_H_

#include <string>
#include <vector>

#include "base/component_export.h"
#include "base/memory/ref_counted.h"
#include "base/values.h"
#include "chromeos/components/onc/certificate_scope.h"

namespace net {
class X509Certificate;
}

namespace chromeos::onc {

// Represents certificates parsed from the ONC Certificates section.
class COMPONENT_EXPORT(CHROMEOS_ONC) OncParsedCertificates {
 public:
  // A Server or Authority certificate parsed from ONC. The payload is
  // represented as a net::X509Certificate.
  class ServerOrAuthorityCertificate {
   public:
    enum class Type { kServer, kAuthority };

    ServerOrAuthorityCertificate(
        CertificateScope scope,
        Type type,
        const std::string& guid,
        const scoped_refptr<net::X509Certificate>& certificate,
        bool web_trust_requested);

    ServerOrAuthorityCertificate(const ServerOrAuthorityCertificate& other);
    ServerOrAuthorityCertificate& operator=(
        const ServerOrAuthorityCertificate& other);
    ServerOrAuthorityCertificate(ServerOrAuthorityCertificate&& other);
    ~ServerOrAuthorityCertificate();

    bool operator==(const ServerOrAuthorityCertificate& other) const;
    bool operator!=(const ServerOrAuthorityCertificate& other) const;

    CertificateScope scope() const { return scope_; }

    Type type() const { return type_; }

    const std::string& guid() const { return guid_; }

    const scoped_refptr<net::X509Certificate>& certificate() const {
      return certificate_;
    }
    // Returns true if the certificate definition in ONC had the "Web" TrustBit.
    bool web_trust_requested() const { return web_trust_requested_; }

   private:
    CertificateScope scope_;
    Type type_;
    std::string guid_;
    scoped_refptr<net::X509Certificate> certificate_;
    bool web_trust_requested_;
  };

  // A Client certificate parsed from ONC. The payload is the PKCS12 payload
  // (base64 decoded).
  class ClientCertificate {
   public:
    ClientCertificate(const std::string& guid, const std::string& pkcs12_data);

    ClientCertificate(const ClientCertificate& other);
    ClientCertificate& operator=(const ClientCertificate& other);
    ClientCertificate(ClientCertificate&& other);
    ~ClientCertificate();

    bool operator==(const ClientCertificate& other) const;
    bool operator!=(const ClientCertificate& other) const;

    const std::string& guid() const { return guid_; }

    // The PKCS12 payload of the certificate. Note: Contrary to the PKCS12 field
    // in ONC, this data is not base64-encoded.
    const std::string& pkcs12_data() const { return pkcs12_data_; }

   private:
    std::string guid_;
    std::string pkcs12_data_;
  };

  // Constructs an empty OncParsedCertificates. It will have no error, and the
  // certificate lists will be empty.
  OncParsedCertificates();

  // Parses |onc_certificates|.
  explicit OncParsedCertificates(const base::Value::List& onc_certificates);

  OncParsedCertificates(const OncParsedCertificates&) = delete;
  OncParsedCertificates& operator=(const OncParsedCertificates&) = delete;

  ~OncParsedCertificates();

  // Returns all certificates that were successfully parsed and had the type
  // Server or Authority.
  const std::vector<ServerOrAuthorityCertificate>&
  server_or_authority_certificates() const {
    return server_or_authority_certificates_;
  }

  // Returns all certificates that were successfully parsed and had the type
  // Client.
  const std::vector<ClientCertificate>& client_certificates() const {
    return client_certificates_;
  }

  // Returns true if any parsing error occurred. Note that certificates which
  // had no parsing errors will still be available through
  // server_or_authority_certificates() and client_certificates().
  bool has_error() const { return has_error_; }

 private:
  bool ParseCertificate(const base::Value::Dict& onc_certificate);
  bool ParseServerOrCaCertificate(ServerOrAuthorityCertificate::Type type,
                                  const std::string& guid,
                                  const base::Value::Dict& onc_certificate);
  bool ParseClientCertificate(const std::string& guid,
                              const base::Value::Dict& onc_certificate);

  std::vector<ServerOrAuthorityCertificate> server_or_authority_certificates_;
  std::vector<ClientCertificate> client_certificates_;
  bool has_error_ = false;
};

}  // namespace chromeos::onc

#endif  // CHROMEOS_COMPONENTS_ONC_ONC_PARSED_CERTIFICATES_H_