OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SSL_CHANNEL_ID_STORE_H_ | 5 #ifndef NET_SSL_CHANNEL_ID_STORE_H_ |
6 #define NET_SSL_CHANNEL_ID_STORE_H_ | 6 #define NET_SSL_CHANNEL_ID_STORE_H_ |
7 | 7 |
8 #include <list> | 8 #include <list> |
9 #include <string> | 9 #include <string> |
10 | 10 |
11 #include "base/callback.h" | 11 #include "base/callback.h" |
| 12 #include "base/memory/scoped_ptr.h" |
12 #include "base/threading/non_thread_safe.h" | 13 #include "base/threading/non_thread_safe.h" |
13 #include "base/time/time.h" | 14 #include "base/time/time.h" |
| 15 #include "crypto/ec_private_key.h" |
14 #include "net/base/net_export.h" | 16 #include "net/base/net_export.h" |
15 | 17 |
16 namespace net { | 18 namespace net { |
17 | 19 |
18 // An interface for storing and retrieving server bound certs. | 20 // An interface for storing and retrieving channel ID keypairs. |
19 // There isn't a domain bound certs spec yet, but the old origin bound | 21 // There isn't a domain bound certs spec yet, but the old origin bound |
20 // certificates are specified in | 22 // certificates are specified in |
21 // http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-01.html. | 23 // http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-01.html. |
22 // TODO(wtc): Update this comment. | 24 // TODO(wtc): Update this comment. |
23 | 25 |
24 // Owned only by a single ChannelIDService object, which is responsible | 26 // Owned only by a single ChannelIDService object, which is responsible |
25 // for deleting it. | 27 // for deleting it. |
26 class NET_EXPORT ChannelIDStore | 28 class NET_EXPORT ChannelIDStore |
27 : NON_EXPORTED_BASE(public base::NonThreadSafe) { | 29 : NON_EXPORTED_BASE(public base::NonThreadSafe) { |
28 public: | 30 public: |
29 // The ChannelID class contains a private key in addition to the cert. | 31 // The ChannelID class contains a keypair, along with the corresponding |
| 32 // hostname (server identifier) and creation time. |
30 class NET_EXPORT ChannelID { | 33 class NET_EXPORT ChannelID { |
31 public: | 34 public: |
32 ChannelID(); | 35 ChannelID(); |
33 ChannelID(const std::string& server_identifier, | 36 ChannelID(const std::string& server_identifier, |
34 base::Time creation_time, | 37 base::Time creation_time, |
35 base::Time expiration_time, | 38 scoped_ptr<crypto::ECPrivateKey> key); |
36 const std::string& private_key, | 39 ChannelID(const ChannelID& other); |
37 const std::string& cert); | 40 ChannelID& operator=(const ChannelID& other); |
38 ~ChannelID(); | 41 ~ChannelID(); |
39 | 42 |
40 // Server identifier. For domain bound certs, for instance "verisign.com". | 43 // Server identifier. |
41 const std::string& server_identifier() const { return server_identifier_; } | 44 const std::string& server_identifier() const { return server_identifier_; } |
42 // The time the certificate was created, also the start of the certificate | 45 // The time the keypair was created. |
43 // validity period. | |
44 base::Time creation_time() const { return creation_time_; } | 46 base::Time creation_time() const { return creation_time_; } |
45 // The time after which this certificate is no longer valid. | 47 // Returns the keypair for the channel ID. This pointer is only valid for |
46 base::Time expiration_time() const { return expiration_time_; } | 48 // the lifetime of the ChannelID object - the ECPrivateKey object remains |
47 // The encoding of the private key depends on the type. | 49 // owned by the ChannelID object; no ownership is transferred. |
48 // rsa_sign: DER-encoded PrivateKeyInfo struct. | 50 crypto::ECPrivateKey* key() const { return key_.get(); } |
49 // ecdsa_sign: DER-encoded EncryptedPrivateKeyInfo struct. | |
50 const std::string& private_key() const { return private_key_; } | |
51 // DER-encoded certificate. | |
52 const std::string& cert() const { return cert_; } | |
53 | 51 |
54 private: | 52 private: |
55 std::string server_identifier_; | 53 std::string server_identifier_; |
56 base::Time creation_time_; | 54 base::Time creation_time_; |
57 base::Time expiration_time_; | 55 scoped_ptr<crypto::ECPrivateKey> key_; |
58 std::string private_key_; | |
59 std::string cert_; | |
60 }; | 56 }; |
61 | 57 |
62 typedef std::list<ChannelID> ChannelIDList; | 58 typedef std::list<ChannelID> ChannelIDList; |
63 | 59 |
64 typedef base::Callback<void( | 60 typedef base::Callback< |
65 int, | 61 void(int, const std::string&, scoped_ptr<crypto::ECPrivateKey>)> |
66 const std::string&, | 62 GetChannelIDCallback; |
67 base::Time, | |
68 const std::string&, | |
69 const std::string&)> GetChannelIDCallback; | |
70 typedef base::Callback<void(const ChannelIDList&)> GetChannelIDListCallback; | 63 typedef base::Callback<void(const ChannelIDList&)> GetChannelIDListCallback; |
71 | 64 |
72 virtual ~ChannelIDStore() {} | 65 virtual ~ChannelIDStore() {} |
73 | 66 |
74 // GetChannelID may return the result synchronously through the | 67 // GetChannelID may return the result synchronously through the |
75 // output parameters, in which case it will return either OK if a cert is | 68 // output parameters, in which case it will return either OK if a keypair is |
76 // found in the store, or ERR_FILE_NOT_FOUND if none is found. If the | 69 // found in the store, or ERR_FILE_NOT_FOUND if none is found. If the |
77 // result cannot be returned synchronously, GetChannelID will | 70 // result cannot be returned synchronously, GetChannelID will |
78 // return ERR_IO_PENDING and the callback will be called with the result | 71 // return ERR_IO_PENDING and the callback will be called with the result |
79 // asynchronously. | 72 // asynchronously. |
80 virtual int GetChannelID( | 73 virtual int GetChannelID(const std::string& server_identifier, |
81 const std::string& server_identifier, | 74 scoped_ptr<crypto::ECPrivateKey>* key_result, |
82 base::Time* expiration_time, | 75 const GetChannelIDCallback& callback) = 0; |
83 std::string* private_key_result, | |
84 std::string* cert_result, | |
85 const GetChannelIDCallback& callback) = 0; | |
86 | 76 |
87 // Adds a server bound cert and the corresponding private key to the store. | 77 // Adds the keypair for a hostname to the store. |
88 virtual void SetChannelID( | 78 virtual void SetChannelID(scoped_ptr<ChannelID> channel_id) = 0; |
89 const std::string& server_identifier, | |
90 base::Time creation_time, | |
91 base::Time expiration_time, | |
92 const std::string& private_key, | |
93 const std::string& cert) = 0; | |
94 | 79 |
95 // Removes a server bound cert and the corresponding private key from the | 80 // Removes a keypair from the store. |
96 // store. | |
97 virtual void DeleteChannelID( | 81 virtual void DeleteChannelID( |
98 const std::string& server_identifier, | 82 const std::string& server_identifier, |
99 const base::Closure& completion_callback) = 0; | 83 const base::Closure& completion_callback) = 0; |
100 | 84 |
101 // Deletes all of the server bound certs that have a creation_date greater | 85 // Deletes all of the channel ID keypairs that have a creation_date greater |
102 // than or equal to |delete_begin| and less than |delete_end|. If a | 86 // than or equal to |delete_begin| and less than |delete_end|. If a |
103 // base::Time value is_null, that side of the comparison is unbounded. | 87 // base::Time value is_null, that side of the comparison is unbounded. |
104 virtual void DeleteAllCreatedBetween( | 88 virtual void DeleteAllCreatedBetween( |
105 base::Time delete_begin, | 89 base::Time delete_begin, |
106 base::Time delete_end, | 90 base::Time delete_end, |
107 const base::Closure& completion_callback) = 0; | 91 const base::Closure& completion_callback) = 0; |
108 | 92 |
109 // Removes all server bound certs and the corresponding private keys from | 93 // Removes all channel ID keypairs from the store. |
110 // the store. | |
111 virtual void DeleteAll(const base::Closure& completion_callback) = 0; | 94 virtual void DeleteAll(const base::Closure& completion_callback) = 0; |
112 | 95 |
113 // Returns all server bound certs and the corresponding private keys. | 96 // Returns all channel ID keypairs. |
114 virtual void GetAllChannelIDs(const GetChannelIDListCallback& callback) = 0; | 97 virtual void GetAllChannelIDs(const GetChannelIDListCallback& callback) = 0; |
115 | 98 |
116 // Helper function that adds all certs from |list| into this instance. | 99 // Helper function that adds all keypairs from |list| into this instance. |
117 void InitializeFrom(const ChannelIDList& list); | 100 void InitializeFrom(const ChannelIDList& list); |
118 | 101 |
119 // Returns the number of certs in the store. May return 0 if the backing | 102 // Returns the number of keypairs in the store. May return 0 if the backing |
120 // store is not loaded yet. | 103 // store is not loaded yet. |
121 // Public only for unit testing. | 104 // Public only for unit testing. |
122 virtual int GetChannelIDCount() = 0; | 105 virtual int GetChannelIDCount() = 0; |
123 | 106 |
124 // When invoked, instructs the store to keep session related data on | 107 // When invoked, instructs the store to keep session related data on |
125 // destruction. | 108 // destruction. |
126 virtual void SetForceKeepSessionState() = 0; | 109 virtual void SetForceKeepSessionState() = 0; |
127 }; | 110 }; |
128 | 111 |
129 } // namespace net | 112 } // namespace net |
130 | 113 |
131 #endif // NET_SSL_CHANNEL_ID_STORE_H_ | 114 #endif // NET_SSL_CHANNEL_ID_STORE_H_ |
OLD | NEW |