OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_ORIGIN_BOUND_CERT_STORE_H_ | 5 #ifndef NET_BASE_ORIGIN_BOUND_CERT_STORE_H_ |
6 #define NET_BASE_ORIGIN_BOUND_CERT_STORE_H_ | 6 #define NET_BASE_ORIGIN_BOUND_CERT_STORE_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <string> | 9 #include <string> |
10 #include <vector> | 10 #include <vector> |
11 | 11 |
12 #include "base/time.h" | 12 #include "base/time.h" |
13 #include "net/base/net_export.h" | 13 #include "net/base/net_export.h" |
14 #include "net/base/ssl_client_cert_type.h" | 14 #include "net/base/ssl_client_cert_type.h" |
15 | 15 |
16 namespace net { | 16 namespace net { |
17 | 17 |
18 // An interface for storing and retrieving origin bound certs. Origin bound | 18 // An interface for storing and retrieving domain bound certs. |
19 // certificates are specified in | 19 // There isn't a domain bound certs spec yet, but the old origin bound |
20 // http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.html. | 20 // certificates are specification is |
wtc
2012/03/08 02:13:45
Typo: are specification is
remove "are", or say "
mattm
2012/03/15 01:48:44
Done.
| |
21 // http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-01.html. | |
21 | 22 |
22 // Owned only by a single OriginBoundCertService object, which is responsible | 23 // Owned only by a single OriginBoundCertService object, which is responsible |
23 // for deleting it. | 24 // for deleting it. |
24 | 25 |
26 // Note: For historical reasons, this class is called OriginBoundCertStore, but | |
27 // it's really a DomainBoundCertStore. | |
25 class NET_EXPORT OriginBoundCertStore { | 28 class NET_EXPORT OriginBoundCertStore { |
26 public: | 29 public: |
27 // The OriginBoundCert class contains a private key in addition to the origin | 30 // The OriginBoundCert class contains a private key in addition to the domain |
28 // cert, and cert type. | 31 // cert, and cert type. |
29 class NET_EXPORT OriginBoundCert { | 32 class NET_EXPORT OriginBoundCert { |
30 public: | 33 public: |
31 OriginBoundCert(); | 34 OriginBoundCert(); |
32 OriginBoundCert(const std::string& origin, | 35 OriginBoundCert(const std::string& domain, |
33 SSLClientCertType type, | 36 SSLClientCertType type, |
34 base::Time creation_time, | 37 base::Time creation_time, |
35 base::Time expiration_time, | 38 base::Time expiration_time, |
36 const std::string& private_key, | 39 const std::string& private_key, |
37 const std::string& cert); | 40 const std::string& cert); |
38 ~OriginBoundCert(); | 41 ~OriginBoundCert(); |
39 | 42 |
40 // Origin, for instance "https://www.verisign.com:443" | 43 // Domain, for instance "verisign.com" |
41 const std::string& origin() const { return origin_; } | 44 const std::string& domain() const { return domain_; } |
42 // TLS ClientCertificateType. | 45 // TLS ClientCertificateType. |
43 SSLClientCertType type() const { return type_; } | 46 SSLClientCertType type() const { return type_; } |
44 // The time the certificate was created, also the start of the certificate | 47 // The time the certificate was created, also the start of the certificate |
45 // validity period. | 48 // validity period. |
46 base::Time creation_time() const { return creation_time_; } | 49 base::Time creation_time() const { return creation_time_; } |
47 // The time after which this certificate is no longer valid. | 50 // The time after which this certificate is no longer valid. |
48 base::Time expiration_time() const { return expiration_time_; } | 51 base::Time expiration_time() const { return expiration_time_; } |
49 // The encoding of the private key depends on the type. | 52 // The encoding of the private key depends on the type. |
50 // rsa_sign: DER-encoded PrivateKeyInfo struct. | 53 // rsa_sign: DER-encoded PrivateKeyInfo struct. |
51 // ecdsa_sign: DER-encoded EncryptedPrivateKeyInfo struct. | 54 // ecdsa_sign: DER-encoded EncryptedPrivateKeyInfo struct. |
52 const std::string& private_key() const { return private_key_; } | 55 const std::string& private_key() const { return private_key_; } |
53 // DER-encoded certificate. | 56 // DER-encoded certificate. |
54 const std::string& cert() const { return cert_; } | 57 const std::string& cert() const { return cert_; } |
55 | 58 |
56 private: | 59 private: |
57 std::string origin_; | 60 std::string domain_; |
58 SSLClientCertType type_; | 61 SSLClientCertType type_; |
59 base::Time creation_time_; | 62 base::Time creation_time_; |
60 base::Time expiration_time_; | 63 base::Time expiration_time_; |
61 std::string private_key_; | 64 std::string private_key_; |
62 std::string cert_; | 65 std::string cert_; |
63 }; | 66 }; |
64 | 67 |
65 virtual ~OriginBoundCertStore() {} | 68 virtual ~OriginBoundCertStore() {} |
66 | 69 |
67 // TODO(rkn): File I/O may be required, so this should have an asynchronous | 70 // TODO(rkn): File I/O may be required, so this should have an asynchronous |
68 // interface. | 71 // interface. |
69 // Returns true on success. |private_key_result| stores a DER-encoded | 72 // Returns true on success. |private_key_result| stores a DER-encoded |
70 // PrivateKeyInfo struct, |cert_result| stores a DER-encoded certificate, | 73 // PrivateKeyInfo struct, |cert_result| stores a DER-encoded certificate, |
71 // |type| is the ClientCertificateType of the returned certificate, | 74 // |type| is the ClientCertificateType of the returned certificate, |
72 // |creation_time| stores the start of the validity period of the certificate | 75 // |creation_time| stores the start of the validity period of the certificate |
73 // and |expiration_time| is the expiration time of the certificate. | 76 // and |expiration_time| is the expiration time of the certificate. |
74 // Returns false if no origin bound cert exists for the specified origin. | 77 // Returns false if no domain bound cert exists for the specified domain. |
75 virtual bool GetOriginBoundCert( | 78 virtual bool GetOriginBoundCert( |
76 const std::string& origin, | 79 const std::string& domain, |
77 SSLClientCertType* type, | 80 SSLClientCertType* type, |
78 base::Time* creation_time, | 81 base::Time* creation_time, |
79 base::Time* expiration_time, | 82 base::Time* expiration_time, |
80 std::string* private_key_result, | 83 std::string* private_key_result, |
81 std::string* cert_result) = 0; | 84 std::string* cert_result) = 0; |
82 | 85 |
83 // Adds an origin bound cert and the corresponding private key to the store. | 86 // Adds a domain bound cert and the corresponding private key to the store. |
84 virtual void SetOriginBoundCert( | 87 virtual void SetOriginBoundCert( |
85 const std::string& origin, | 88 const std::string& domain, |
86 SSLClientCertType type, | 89 SSLClientCertType type, |
87 base::Time creation_time, | 90 base::Time creation_time, |
88 base::Time expiration_time, | 91 base::Time expiration_time, |
89 const std::string& private_key, | 92 const std::string& private_key, |
90 const std::string& cert) = 0; | 93 const std::string& cert) = 0; |
91 | 94 |
92 // Removes an origin bound cert and the corresponding private key from the | 95 // Removes an domain bound cert and the corresponding private key from the |
93 // store. | 96 // store. |
94 virtual void DeleteOriginBoundCert(const std::string& origin) = 0; | 97 virtual void DeleteOriginBoundCert(const std::string& domain) = 0; |
95 | 98 |
96 // Deletes all of the origin bound certs that have a creation_date greater | 99 // Deletes all of the domain bound certs that have a creation_date greater |
97 // than or equal to |delete_begin| and less than |delete_end|. If a | 100 // than or equal to |delete_begin| and less than |delete_end|. If a |
98 // base::Time value is_null, that side of the comparison is unbounded. | 101 // base::Time value is_null, that side of the comparison is unbounded. |
99 virtual void DeleteAllCreatedBetween(base::Time delete_begin, | 102 virtual void DeleteAllCreatedBetween(base::Time delete_begin, |
100 base::Time delete_end) = 0; | 103 base::Time delete_end) = 0; |
101 | 104 |
102 // Removes all origin bound certs and the corresponding private keys from | 105 // Removes all domain bound certs and the corresponding private keys from |
103 // the store. | 106 // the store. |
104 virtual void DeleteAll() = 0; | 107 virtual void DeleteAll() = 0; |
105 | 108 |
106 // Returns all origin bound certs and the corresponding private keys. | 109 // Returns all domain bound certs and the corresponding private keys. |
107 virtual void GetAllOriginBoundCerts( | 110 virtual void GetAllOriginBoundCerts( |
108 std::vector<OriginBoundCert>* origin_bound_certs) = 0; | 111 std::vector<OriginBoundCert>* origin_bound_certs) = 0; |
109 | 112 |
110 // Returns the number of certs in the store. | 113 // Returns the number of certs in the store. |
111 // Public only for unit testing. | 114 // Public only for unit testing. |
112 virtual int GetCertCount() = 0; | 115 virtual int GetCertCount() = 0; |
113 }; | 116 }; |
114 | 117 |
115 } // namespace net | 118 } // namespace net |
116 | 119 |
117 #endif // NET_BASE_ORIGIN_BOUND_CERT_STORE_H_ | 120 #endif // NET_BASE_ORIGIN_BOUND_CERT_STORE_H_ |
OLD | NEW |