net/base/server_bound_cert_store.h - Issue 12680003: net: split net/ssl out of net/base

Side by Side Diff: net/base/server_bound_cert_store.h

Issue 12680003: net: split net/ssl out of net/base (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 7 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
	(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #ifndef NET_BASE_SERVER_BOUND_CERT_STORE_H_

6 #define NET_BASE_SERVER_BOUND_CERT_STORE_H_

7

8 #include <list>

9 #include <string>

10

11 #include "base/callback.h"

12 #include "base/threading/non_thread_safe.h"

13 #include "base/time.h"

14 #include "net/base/net_export.h"

15 #include "net/base/ssl_client_cert_type.h"

16

17 namespace net {

18

19 // An interface for storing and retrieving server bound certs.

20 // There isn't a domain bound certs spec yet, but the old origin bound

21 // certificates are specified in

22 // http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-01.html.

23

24 // Owned only by a single ServerBoundCertService object, which is responsible

25 // for deleting it.

26 class NET_EXPORT ServerBoundCertStore

27 : NON_EXPORTED_BASE(public base::NonThreadSafe) {

28 public:

29 // The ServerBoundCert class contains a private key in addition to the server

30 // cert, and cert type.

31 class NET_EXPORT ServerBoundCert {

32 public:

33 ServerBoundCert();

34 ServerBoundCert(const std::string& server_identifier,

35 SSLClientCertType type,

36 base::Time creation_time,

37 base::Time expiration_time,

38 const std::string& private_key,

39 const std::string& cert);

40 ~ServerBoundCert();

41

42 // Server identifier. For domain bound certs, for instance "verisign.com".

43 const std::string& server_identifier() const { return server_identifier_; }

44 // TLS ClientCertificateType.

45 SSLClientCertType type() const { return type_; }

46 // The time the certificate was created, also the start of the certificate

47 // validity period.

48 base::Time creation_time() const { return creation_time_; }

49 // The time after which this certificate is no longer valid.

50 base::Time expiration_time() const { return expiration_time_; }

51 // The encoding of the private key depends on the type.

52 // rsa_sign: DER-encoded PrivateKeyInfo struct.

53 // ecdsa_sign: DER-encoded EncryptedPrivateKeyInfo struct.

54 const std::string& private_key() const { return private_key_; }

55 // DER-encoded certificate.

56 const std::string& cert() const { return cert_; }

57

58 private:

59 std::string server_identifier_;

60 SSLClientCertType type_;

61 base::Time creation_time_;

62 base::Time expiration_time_;

63 std::string private_key_;

64 std::string cert_;

65 };

66

67 typedef std::list<ServerBoundCert> ServerBoundCertList;

68

69 typedef base::Callback<void(

70 const std::string&,

71 SSLClientCertType,

72 base::Time,

73 const std::string&,

74 const std::string&)> GetCertCallback;

75 typedef base::Callback<void(const ServerBoundCertList&)> GetCertListCallback;

76

77 virtual ~ServerBoundCertStore() {}

78

79 // GetServerBoundCert may return the result synchronously through the

80 // output parameters, in which case it will return true. Otherwise it will

81 // return false and the callback will be called with the result

82 // asynchronously.

83 // In either case, the type will be CLIENT_CERT_INVALID_TYPE if no cert

84 // existed for the given \|server_identifier\|.

85 virtual bool GetServerBoundCert(

86 const std::string& server_identifier,

87 SSLClientCertType* type,

88 base::Time* expiration_time,

89 std::string* private_key_result,

90 std::string* cert_result,

91 const GetCertCallback& callback) = 0;

92

93 // Adds a server bound cert and the corresponding private key to the store.

94 virtual void SetServerBoundCert(

95 const std::string& server_identifier,

96 SSLClientCertType type,

97 base::Time creation_time,

98 base::Time expiration_time,

99 const std::string& private_key,

100 const std::string& cert) = 0;

101

102 // Removes a server bound cert and the corresponding private key from the

103 // store.

104 virtual void DeleteServerBoundCert(

105 const std::string& server_identifier,

106 const base::Closure& completion_callback) = 0;

107

108 // Deletes all of the server bound certs that have a creation_date greater

109 // than or equal to \|delete_begin\| and less than \|delete_end\|. If a

110 // base::Time value is_null, that side of the comparison is unbounded.

111 virtual void DeleteAllCreatedBetween(

112 base::Time delete_begin,

113 base::Time delete_end,

114 const base::Closure& completion_callback) = 0;

115

116 // Removes all server bound certs and the corresponding private keys from

117 // the store.

118 virtual void DeleteAll(const base::Closure& completion_callback) = 0;

119

120 // Returns all server bound certs and the corresponding private keys.

121 virtual void GetAllServerBoundCerts(const GetCertListCallback& callback) = 0;

122

123 // Helper function that adds all certs from \|list\| into this instance.

124 void InitializeFrom(const ServerBoundCertList& list);

125

126 // Returns the number of certs in the store. May return 0 if the backing

127 // store is not loaded yet.

128 // Public only for unit testing.

129 virtual int GetCertCount() = 0;

130

131 // When invoked, instructs the store to keep session related data on

132 // destruction.

133 virtual void SetForceKeepSessionState() = 0;

134 };

135

136 } // namespace net

137

138 #endif // NET_BASE_SERVER_BOUND_CERT_STORE_H_

OLD	NEW

« net/base/DEPS ('K') | « net/base/server_bound_cert_service_unittest.cc ('k') | net/base/server_bound_cert_store.cc » ('j') | net/net.gyp » ('J')