summaryrefslogtreecommitdiffstats
path: root/net/base/cert_database.h
diff options
context:
space:
mode:
Diffstat (limited to 'net/base/cert_database.h')
-rw-r--r--net/base/cert_database.h57
1 files changed, 57 insertions, 0 deletions
diff --git a/net/base/cert_database.h b/net/base/cert_database.h
index a264f19..9570d15 100644
--- a/net/base/cert_database.h
+++ b/net/base/cert_database.h
@@ -18,6 +18,18 @@ namespace net {
class X509Certificate;
typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
+// Constants to classify the type of a certificate.
+// This is only used in the context of CertDatabase, but is defined outside to
+// avoid an awkwardly long type name.
+enum CertType {
+ UNKNOWN_CERT,
+ CA_CERT,
+ USER_CERT,
+ EMAIL_CERT,
+ SERVER_CERT,
+ NUM_CERT_TYPES
+};
+
// This class provides functions to manipulate the local
// certificate store.
@@ -27,6 +39,24 @@ typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
class CertDatabase {
public:
+ // Constants that define which usages a certificate is trusted for.
+ enum {
+ UNTRUSTED = 0,
+ TRUSTED_SSL = 1 << 0,
+ TRUSTED_EMAIL = 1 << 1,
+ TRUSTED_OBJ_SIGN = 1 << 2,
+ };
+
+ // Stores per-certificate import results.
+ struct ImportCertResult {
+ public:
+ ImportCertResult(X509Certificate* cert, int err);
+
+ scoped_refptr<X509Certificate> certificate;
+ int net_error;
+ };
+ typedef std::vector<ImportCertResult> ImportCertResultList;
+
CertDatabase();
// Check whether this is a valid user cert that we have the private key for.
@@ -49,6 +79,33 @@ class CertDatabase {
// Returns the number of certificates successfully exported.
int ExportToPKCS12(const CertificateList& certs, const string16& password,
std::string* output);
+
+ // Uses similar logic to nsNSSCertificateDB::handleCACertDownload to find the
+ // root. Assumes the list is an ordered hierarchy with the root being either
+ // the first or last element.
+ // TODO(mattm): improve this to handle any order.
+ X509Certificate* FindRootInList(const CertificateList& certificates);
+
+ // Import CA certificates.
+ // Tries to import all the certificates given. The root will be trusted
+ // according to |trust_bits|. Any certificates that could not be imported
+ // will be listed in |not_imported|.
+ // Returns false if there is an internal error, otherwise true is returned and
+ // |not_imported| should be checked for any certificates that were not
+ // imported.
+ bool ImportCACerts(const CertificateList& certificates,
+ unsigned int trust_bits,
+ ImportCertResultList* not_imported);
+
+ // Set trust values for certificate.
+ // Returns true on success or false on failure.
+ bool SetCertTrust(const X509Certificate* cert,
+ CertType type,
+ unsigned int trust_bits);
+
+ // Delete certificate and associated private key (if one exists).
+ // Returns true on success or false on failure.
+ bool DeleteCertAndKey(const X509Certificate* cert);
#endif
private:
generated by cgit v1.1 at 2025-01-23 03:13:51 +0000