OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef NET_BASE_TEST_ROOT_CERTS_H_ | |
6 #define NET_BASE_TEST_ROOT_CERTS_H_ | |
7 #pragma once | |
8 | |
9 #include "base/singleton.h" | |
10 #include "build/build_config.h" | |
11 | |
12 #if defined(OS_WIN) | |
13 #include <windows.h> | |
14 #include <wincrypt.h> | |
15 #elif defined(OS_MACOSX) | |
16 #include <CoreFoundation/CFArray.h> | |
17 #include <Security/SecTrust.h> | |
18 #include "base/mac/scoped_cftyperef.h" | |
19 #elif defined(USE_NSS) | |
20 #include <list> | |
21 #endif | |
22 | |
23 class FilePath; | |
24 | |
25 namespace net { | |
26 | |
27 class X509Certificate; | |
28 | |
29 // TestRootCerts is a helper class for unit tests that is used to | |
30 // artificially mark a certificate as trusted, independent of the local | |
wtc
2010/11/23 00:30:11
Nit: a certificate => a root CA certificate
Ryan Sleevi
2010/12/03 03:28:06
In the case of NSS and Windows, it's actually "a c
| |
31 // machine configuration. | |
32 class TestRootCerts { | |
33 public: | |
34 // Obtains the Singleton instance to the trusted certificates. | |
35 static TestRootCerts* GetInstance(); | |
36 | |
37 // Returns true if an instance exists, without forcing an initialization. | |
38 static bool HasInstance(); | |
wtc
2010/11/23 00:30:11
BUG: your implementation of HasInstance() is not t
| |
39 | |
40 // Marks |certificate| as trusted for X509Certificate::Verify(). Returns | |
41 // false if the certificate could not be marked trusted. | |
42 bool Add(X509Certificate* certificate); | |
43 | |
44 // Reads a single certificate from |file| and marks it as trusted. Returns | |
45 // false if an error is encountered, such as being unable to read |file| | |
46 // or more than one certificate existing in |file|. | |
47 bool AddFromFile(const FilePath& file); | |
48 | |
49 // Clears the trusted status of any certificates that were previously | |
50 // marked trusted via Add(). | |
51 void Clear(); | |
52 | |
53 // Returns true if there are no certificates that have been marked trusted. | |
54 bool IsEmpty() const; | |
55 | |
56 #if defined(OS_MACOSX) | |
57 CFArrayRef temporary_roots() const { return temporary_roots_; } | |
58 | |
59 // Modifies the root certificates of |trust_ref| to include the | |
60 // certificates stored in |temporary_roots_|. If IsEmpty() is true, this | |
61 // does not modify |trust_ref|. | |
62 OSStatus FixupSecTrustRef(SecTrustRef trust_ref) const; | |
63 #elif defined(OS_WIN) | |
64 HCERTSTORE temporary_roots() const { return temporary_roots_; } | |
65 | |
66 // Returns an HCERTCHAINENGINE suitable to be used for certificate | |
67 // validation routines, or NULL to indicate that the default system chain | |
68 // engine is appropriate. The caller is responsible for freeing the | |
69 // returned HCERTCHAINENGINE. | |
70 HCERTCHAINENGINE GetChainEngine() const; | |
71 #endif | |
72 | |
73 private: | |
74 friend struct DefaultSingletonTraits<TestRootCerts>; | |
75 | |
76 TestRootCerts(); | |
77 ~TestRootCerts(); | |
78 | |
79 #if defined(OS_MACOSX) | |
80 base::mac::ScopedCFTypeRef<CFMutableArrayRef> temporary_roots_; | |
81 #elif defined(OS_WIN) | |
82 HCERTSTORE temporary_roots_; | |
83 #elif defined(USE_NSS) | |
84 // It is necessary to maintain a cache of the original certificate trust | |
85 // settings, in order to restore them when Clear() is called. | |
86 class TrustEntry; | |
87 std::list<TrustEntry*> trust_cache_; | |
88 #endif | |
89 | |
90 #if defined(OS_WIN) || defined(USE_OPENSSL) | |
91 // True if there are no temporarily trusted root certificates. | |
92 bool empty_; | |
93 #endif | |
94 | |
95 DISALLOW_COPY_AND_ASSIGN(TestRootCerts); | |
96 }; | |
97 | |
98 } // namespace net | |
99 | |
100 #endif // NET_BASE_TEST_ROOT_CERTS_H_ | |
OLD | NEW |