OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_ORIGIN_BOUND_CERT_STORE_H_ | 5 #ifndef NET_BASE_ORIGIN_BOUND_CERT_STORE_H_ |
6 #define NET_BASE_ORIGIN_BOUND_CERT_STORE_H_ | 6 #define NET_BASE_ORIGIN_BOUND_CERT_STORE_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <string> | 9 #include <string> |
10 #include <vector> | 10 #include <vector> |
11 | 11 |
12 #include "base/time.h" | 12 #include "base/time.h" |
13 #include "net/base/net_export.h" | 13 #include "net/base/net_export.h" |
14 #include "net/base/ssl_client_cert_type.h" | 14 #include "net/base/ssl_client_cert_type.h" |
15 | 15 |
16 namespace net { | 16 namespace net { |
17 | 17 |
18 // An interface for storing and retrieving origin bound certs. Origin bound | 18 // An interface for storing and retrieving server bound certs. |
| 19 // There isn't a domain bound certs spec yet, but the old origin bound |
19 // certificates are specified in | 20 // certificates are specified in |
20 // http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.html. | 21 // http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-01.html. |
21 | 22 |
22 // Owned only by a single OriginBoundCertService object, which is responsible | 23 // Owned only by a single ServerBoundCertService object, which is responsible |
23 // for deleting it. | 24 // for deleting it. |
24 | 25 class NET_EXPORT ServerBoundCertStore { |
25 class NET_EXPORT OriginBoundCertStore { | |
26 public: | 26 public: |
27 // The OriginBoundCert class contains a private key in addition to the origin | 27 // The ServerBoundCert class contains a private key in addition to the server |
28 // cert, and cert type. | 28 // cert, and cert type. |
29 class NET_EXPORT OriginBoundCert { | 29 class NET_EXPORT ServerBoundCert { |
30 public: | 30 public: |
31 OriginBoundCert(); | 31 ServerBoundCert(); |
32 OriginBoundCert(const std::string& origin, | 32 ServerBoundCert(const std::string& server, |
33 SSLClientCertType type, | 33 SSLClientCertType type, |
34 base::Time creation_time, | 34 base::Time creation_time, |
35 base::Time expiration_time, | 35 base::Time expiration_time, |
36 const std::string& private_key, | 36 const std::string& private_key, |
37 const std::string& cert); | 37 const std::string& cert); |
38 ~OriginBoundCert(); | 38 ~ServerBoundCert(); |
39 | 39 |
40 // Origin, for instance "https://www.verisign.com:443" | 40 // Server identifier. For domain bound certs, for instance "verisign.com". |
41 const std::string& origin() const { return origin_; } | 41 const std::string& server() const { return server_; } |
42 // TLS ClientCertificateType. | 42 // TLS ClientCertificateType. |
43 SSLClientCertType type() const { return type_; } | 43 SSLClientCertType type() const { return type_; } |
44 // The time the certificate was created, also the start of the certificate | 44 // The time the certificate was created, also the start of the certificate |
45 // validity period. | 45 // validity period. |
46 base::Time creation_time() const { return creation_time_; } | 46 base::Time creation_time() const { return creation_time_; } |
47 // The time after which this certificate is no longer valid. | 47 // The time after which this certificate is no longer valid. |
48 base::Time expiration_time() const { return expiration_time_; } | 48 base::Time expiration_time() const { return expiration_time_; } |
49 // The encoding of the private key depends on the type. | 49 // The encoding of the private key depends on the type. |
50 // rsa_sign: DER-encoded PrivateKeyInfo struct. | 50 // rsa_sign: DER-encoded PrivateKeyInfo struct. |
51 // ecdsa_sign: DER-encoded EncryptedPrivateKeyInfo struct. | 51 // ecdsa_sign: DER-encoded EncryptedPrivateKeyInfo struct. |
52 const std::string& private_key() const { return private_key_; } | 52 const std::string& private_key() const { return private_key_; } |
53 // DER-encoded certificate. | 53 // DER-encoded certificate. |
54 const std::string& cert() const { return cert_; } | 54 const std::string& cert() const { return cert_; } |
55 | 55 |
56 private: | 56 private: |
57 std::string origin_; | 57 std::string server_; |
58 SSLClientCertType type_; | 58 SSLClientCertType type_; |
59 base::Time creation_time_; | 59 base::Time creation_time_; |
60 base::Time expiration_time_; | 60 base::Time expiration_time_; |
61 std::string private_key_; | 61 std::string private_key_; |
62 std::string cert_; | 62 std::string cert_; |
63 }; | 63 }; |
64 | 64 |
65 virtual ~OriginBoundCertStore() {} | 65 virtual ~ServerBoundCertStore() {} |
66 | 66 |
67 // TODO(rkn): File I/O may be required, so this should have an asynchronous | 67 // TODO(rkn): File I/O may be required, so this should have an asynchronous |
68 // interface. | 68 // interface. |
69 // Returns true on success. |private_key_result| stores a DER-encoded | 69 // Returns true on success. |private_key_result| stores a DER-encoded |
70 // PrivateKeyInfo struct, |cert_result| stores a DER-encoded certificate, | 70 // PrivateKeyInfo struct, |cert_result| stores a DER-encoded certificate, |
71 // |type| is the ClientCertificateType of the returned certificate, | 71 // |type| is the ClientCertificateType of the returned certificate, |
72 // |creation_time| stores the start of the validity period of the certificate | 72 // |creation_time| stores the start of the validity period of the certificate |
73 // and |expiration_time| is the expiration time of the certificate. | 73 // and |expiration_time| is the expiration time of the certificate. |
74 // Returns false if no origin bound cert exists for the specified origin. | 74 // Returns false if no server bound cert exists for the specified server. |
75 virtual bool GetOriginBoundCert( | 75 virtual bool GetServerBoundCert( |
76 const std::string& origin, | 76 const std::string& server, |
77 SSLClientCertType* type, | 77 SSLClientCertType* type, |
78 base::Time* creation_time, | 78 base::Time* creation_time, |
79 base::Time* expiration_time, | 79 base::Time* expiration_time, |
80 std::string* private_key_result, | 80 std::string* private_key_result, |
81 std::string* cert_result) = 0; | 81 std::string* cert_result) = 0; |
82 | 82 |
83 // Adds an origin bound cert and the corresponding private key to the store. | 83 // Adds a server bound cert and the corresponding private key to the store. |
84 virtual void SetOriginBoundCert( | 84 virtual void SetServerBoundCert( |
85 const std::string& origin, | 85 const std::string& server, |
86 SSLClientCertType type, | 86 SSLClientCertType type, |
87 base::Time creation_time, | 87 base::Time creation_time, |
88 base::Time expiration_time, | 88 base::Time expiration_time, |
89 const std::string& private_key, | 89 const std::string& private_key, |
90 const std::string& cert) = 0; | 90 const std::string& cert) = 0; |
91 | 91 |
92 // Removes an origin bound cert and the corresponding private key from the | 92 // Removes an server bound cert and the corresponding private key from the |
93 // store. | 93 // store. |
94 virtual void DeleteOriginBoundCert(const std::string& origin) = 0; | 94 virtual void DeleteServerBoundCert(const std::string& server) = 0; |
95 | 95 |
96 // Deletes all of the origin bound certs that have a creation_date greater | 96 // Deletes all of the server bound certs that have a creation_date greater |
97 // than or equal to |delete_begin| and less than |delete_end|. If a | 97 // than or equal to |delete_begin| and less than |delete_end|. If a |
98 // base::Time value is_null, that side of the comparison is unbounded. | 98 // base::Time value is_null, that side of the comparison is unbounded. |
99 virtual void DeleteAllCreatedBetween(base::Time delete_begin, | 99 virtual void DeleteAllCreatedBetween(base::Time delete_begin, |
100 base::Time delete_end) = 0; | 100 base::Time delete_end) = 0; |
101 | 101 |
102 // Removes all origin bound certs and the corresponding private keys from | 102 // Removes all server bound certs and the corresponding private keys from |
103 // the store. | 103 // the store. |
104 virtual void DeleteAll() = 0; | 104 virtual void DeleteAll() = 0; |
105 | 105 |
106 // Returns all origin bound certs and the corresponding private keys. | 106 // Returns all server bound certs and the corresponding private keys. |
107 virtual void GetAllOriginBoundCerts( | 107 virtual void GetAllServerBoundCerts( |
108 std::vector<OriginBoundCert>* origin_bound_certs) = 0; | 108 std::vector<ServerBoundCert>* server_bound_certs) = 0; |
109 | 109 |
110 // Returns the number of certs in the store. | 110 // Returns the number of certs in the store. |
111 // Public only for unit testing. | 111 // Public only for unit testing. |
112 virtual int GetCertCount() = 0; | 112 virtual int GetCertCount() = 0; |
113 }; | 113 }; |
114 | 114 |
115 } // namespace net | 115 } // namespace net |
116 | 116 |
117 #endif // NET_BASE_ORIGIN_BOUND_CERT_STORE_H_ | 117 #endif // NET_BASE_ORIGIN_BOUND_CERT_STORE_H_ |
OLD | NEW |