This change implements certificate import from ONC file.

It will import any certificates in an ONC file into the certificate
database.  It does not yet associate the given GUID for the
certificate with the certificate added to the database.  That will
happen in an upcoming CL.

This also adds test cases for importing each type of certificate.

BUG=chromium-os:19404,chromium-os:19406
TEST=Ran new unit test cases.  Imported ONC file with a certificate
     and saw that it appeared in the certificate manager.


Review URL: http://codereview.chromium.org/8403007

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108551 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 23 insertions, 3 deletions

diff --git a/net/base/cert_database.h b/net/base/cert_database.h
index 4851a77..a735e693 100644
--- a/net/base/cert_database.h
+++ b/net/base/cert_database.h
@@ -174,10 +174,16 @@ class NET_EXPORT CertDatabase {
                     TrustBits trust_bits);
 
   // Delete certificate and associated private key (if one exists).
-  // Returns true on success or false on failure.
-  // |cert| is still valid when this function returns.
+  // |cert| is still valid when this function returns. Returns true on
+  // success.
   bool DeleteCertAndKey(const X509Certificate* cert);
 
+  // Delete the certificate and associated public and private key (if
+  // one exists) with the given label from the database.  Returns true
+  // on success.  ("label" here refers to the NSS Attribute CKA_LABEL,
+  // also referred to as a nickname or friendly name).
+  bool DeleteCertAndKeyByLabel(const std::string& label);
+
   // Check whether cert is stored in a readonly slot.
   bool IsReadOnly(const X509Certificate* cert) const;
 #endif
diff --git a/net/base/cert_database_nss.cc b/net/base/cert_database_nss.cc
index 4fa877d..817372d 100644
--- a/net/base/cert_database_nss.cc
+++ b/net/base/cert_database_nss.cc
@@ -328,6 +328,13 @@ bool CertDatabase::DeleteCertAndKey(const X509Certificate* cert) {
   return true;
 }
 
+bool CertDatabase::DeleteCertAndKeyByLabel(const std::string& label) {
+  // TODO(gspencer):Find the certificate with the given CKA_LABEL
+  // (nickname), and delete it.
+  NOTIMPLEMENTED();
+  return false;
+}
+
 bool CertDatabase::IsReadOnly(const X509Certificate* cert) const {
   PK11SlotInfo* slot = cert->os_cert_handle()->slot;
   return slot && PK11_IsReadOnly(slot);
diff --git a/net/base/cert_database_nss_unittest.cc b/net/base/cert_database_nss_unittest.cc
index a7301b8..7b1c3e2 100644
--- a/net/base/cert_database_nss_unittest.cc
+++ b/net/base/cert_database_nss_unittest.cc
@@ -174,7 +174,7 @@ TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsExtractableAndExportAgain) {
   EXPECT_EQ("testusercert",
             cert->subject().common_name);
 
-  // TODO(mattm): move export test to seperate test case?
+  // TODO(mattm): move export test to separate test case?
   std::string exported_data;
   EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"),
                                        &exported_data));
diff --git a/net/base/cert_database_openssl.cc b/net/base/cert_database_openssl.cc
index ca429c08..76bd3f8 100644
--- a/net/base/cert_database_openssl.cc
+++ b/net/base/cert_database_openssl.cc
@@ -82,6 +82,13 @@ bool CertDatabase::DeleteCertAndKey(const X509Certificate* cert) {
   return false;
 }
 
+bool CertDatabase::DeleteCertAndKeyByLabel(const std::string& label) {
+  // TODO(gspencer):Find the certificate with the given label
+  // (nickname), and delete it.
+  NOTIMPLEMENTED();
+  return false;
+}
+
 CertDatabase::TrustBits CertDatabase::GetCertTrust(const X509Certificate* cert,
                                                    CertType type) const {
   // TODO(bulach): implement me.