OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef NET_BASE_TEST_ROOT_CERTS_H_ | |
6 #define NET_BASE_TEST_ROOT_CERTS_H_ | |
7 #pragma once | |
8 | |
9 #include "build/build_config.h" | |
10 | |
11 #include "base/singleton.h" | |
wtc
2010/11/18 02:12:49
Nit: I believe brettw's recommendation is to simpl
| |
12 | |
13 #if defined(OS_WIN) | |
14 #include <windows.h> | |
15 #include <wincrypt.h> | |
16 #elif defined(OS_MACOSX) | |
17 #include <CoreFoundation/CFArray.h> | |
18 #include <Security/SecBase.h> | |
19 #include "base/mac/scoped_cftyperef.h" | |
20 #elif defined(USE_NSS) | |
21 #include <list> | |
22 #endif | |
23 | |
24 class FilePath; | |
25 | |
26 namespace net { | |
27 | |
28 class X509Certificate; | |
29 | |
30 // TestRootCerts is a helper class for unit tests that is used to | |
31 // artificially mark a certificate as trusted, independent of the local | |
32 // machine configuration. | |
33 class TestRootCerts { | |
34 public: | |
35 // Obtains the Singleton instance to the trusted certificates. | |
36 static TestRootCerts* GetInstance(); | |
37 | |
38 // Marks |certificate| as trusted for X509Certificate::Verify(). Returns | |
39 // false if the certificate could not be marked trusted. | |
40 bool Add(X509Certificate* certificate); | |
41 | |
42 // Reads a single certificate from |file| and marks it as trusted. Returns | |
43 // false if an error is encountered, such as being unable to read |file| | |
44 // or more than one certificate existing in |file|. | |
45 bool AddFromFile(const FilePath& file); | |
46 | |
47 // Clears the trusted status of any certificates that were previously | |
48 // marked trusted via Add(). | |
49 void Clear(); | |
50 | |
51 // Returns true if there are no certificates that have been marked trusted. | |
52 bool IsEmpty() const; | |
53 | |
54 #if defined(OS_MACOSX) | |
55 CFArrayRef temporary_roots() const { return temporary_roots_; } | |
56 | |
57 // Overrides the anchor certificates of |trust_ref| to include the | |
58 // certificates stored in |temporary_roots_|. | |
59 OSStatus SetAnchorCertificates(SecTrustRef trust_ref) const; | |
60 #elif defined(OS_WIN) | |
61 HCERTSTORE temporary_roots() const { return temporary_roots_; } | |
62 | |
63 // Examines |chain_context| for trust failures resulting from an untrusted | |
64 // root. If such a failure is found, |temporary_roots_| is checked to see | |
65 // if it contains the offending certificate. If it does, |chain_context| is | |
66 // updated and the trust-related failures are removed. | |
67 void UpdateChainContext(PCERT_CHAIN_CONTEXT chain_context) const; | |
wtc
2010/11/18 02:12:49
Nit: rename this method FixupChainContext. "Updat
| |
68 #endif | |
69 | |
70 private: | |
71 friend struct DefaultSingletonTraits<TestRootCerts>; | |
72 | |
73 TestRootCerts(); | |
74 ~TestRootCerts(); | |
75 | |
76 #if defined(OS_MACOSX) | |
77 base::mac::ScopedCFTypeRef<CFMutableArrayRef> temporary_roots_; | |
78 #elif defined(OS_WIN) | |
79 HCERTSTORE temporary_roots_; | |
80 #elif defined(USE_NSS) | |
81 // It is necessary to maintain a cache of the original certificate trust | |
82 // settings, in order to restore them when Clear() is called. | |
83 class TrustEntry; | |
84 std::list<TrustEntry*> trust_cache_; | |
85 #endif | |
86 | |
87 #if defined(OS_WIN) || defined(USE_OPENSSL) | |
88 // True if there are no temporarily trusted root certificates. | |
89 bool empty_; | |
90 #endif | |
91 | |
92 DISALLOW_COPY_AND_ASSIGN(TestRootCerts); | |
93 }; | |
94 | |
95 } // namespace net | |
96 | |
97 #endif // NET_BASE_TEST_ROOT_CERTS_H_ | |
OLD | NEW |