Chromium Code Reviews Chromium Code Reviews
Issue 4646001:
Implement LoadTemporaryRoot for Windows (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/net/base| Index: net/base/temporary_root_certs.h |
| diff --git a/net/base/temporary_root_certs.h b/net/base/temporary_root_certs.h |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..f03fbcc1263586b05675a1e698876531086b02ae |
| --- /dev/null |
| +++ b/net/base/temporary_root_certs.h |
| @@ -0,0 +1,85 @@ |
| +// Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#ifndef NET_BASE_TEMPORARY_ROOT_CERTS_H_ |
| +#define NET_BASE_TEMPORARY_ROOT_CERTS_H_ |
| +#pragma once |
| + |
| +#include "base/singleton.h" |
|
wtc
2010/11/16 23:24:01
Nit: list "base/singleton.h" after all the other h
|
| +#include "build/build_config.h" |
| + |
| +#if defined(OS_MACOSX) |
| +#include <CoreFoundation/CoreFoundation.h> |
| +#include "base/mac/scoped_cftyperef.h" |
| +#elif defined(OS_WIN) |
| +#include <wincrypt.h> |
| +#elif defined(USE_NSS) |
| +#include <map> |
| +#include <string> |
| +#include "net/base/x509_cert_types.h" |
| +#endif |
| + |
| +class FilePath; |
| + |
| +namespace net { |
| + |
| +class X509Certificate; |
| + |
| +class TemporaryRootCerts { |
|
bulach
2010/11/09 16:21:09
this is only ever going to be used for tests, righ
wtc
2010/11/16 23:24:01
I agree with bulach's suggestion of naming this cl
|
| + public: |
| + // Obtain the Singleton instance to the trusted certificates. |
|
wtc
2010/11/16 23:24:01
When documenting methods in a header file, please
|
| + static TemporaryRootCerts* GetInstance(); |
| + |
| + // Mark |certificate| as trusted for X509Certificate::Verify(). Returns |
| + // false if the certificate could not be marked trusted. |
| + bool Add(X509Certificate* certificate); |
| + |
| + // Mark all the certificates in |file| as trusted. Returns false if the |
| + // file could not be read or the certificates could not be marked trusted. |
| + bool AddFromFile(const FilePath& file); |
|
wtc
2010/11/16 23:24:01
I commented on this issue before: it is better to
|
| + |
| + // Clear the trusted status from |certificate|, reverting it to its original |
| + // trust state prior to Add(). If |certificate| was already trusted, this |
| + // does nothing. |
| + void Remove(X509Certificate* certificate); |
|
wtc
2010/11/16 23:24:01
Perhaps all we need is a Clear/RemoveAll method th
|
| + |
| + // Clear the trusted status from all the certificates in |file|. |
| + void RemoveFromFile(const FilePath& file); |
| + |
| +#if defined(OS_MACOSX) |
| + bool IsEmpty() const; |
|
wtc
2010/11/16 23:24:01
It is strange that IsEmpty() is defined for only s
|
| + |
| + CFArrayRef temporary_roots() const { return temporary_roots_; } |
| +#elif defined(OS_WIN) |
| + bool IsEmpty() const { return cert_count_ == 0; } |
| + |
| + HCERTSTORE temporary_roots() const { return temporary_roots_; } |
| +#endif |
| + |
| + private: |
| + friend struct DefaultSingletonTraits<TemporaryRootCerts>; |
| + |
| + TemporaryRootCerts(); |
| + ~TemporaryRootCerts(); |
| + |
| +#if defined(OS_MACOSX) |
| + base::mac::ScopedCFTypeRef<CFMutableArrayRef> temporary_roots_; |
| +#elif defined(OS_WIN) |
| + HCERTSTORE temporary_roots_; |
| + |
| + // The number of certificates added to |temporary_roots_|. |
| + size_t cert_count_; |
| +#elif defined(USE_NSS) |
| + class TrustEntry; |
| + typedef std::map<SHA1Fingerprint, TrustEntry, |
| + SHA1FingerprintLessThan> CertTrustMap; |
| + CertTrustMap cert_trust_map_; |
|
wtc
2010/11/16 23:24:01
You should document what you store in cert_trust_m
|
| +#endif |
| + |
| + DISALLOW_COPY_AND_ASSIGN(TemporaryRootCerts); |
| +}; |
| + |
| +} // namespace net |
| + |
| +#endif // NET_BASE_TEMPORARY_ROOT_CERTS_H_ |
