| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef NET_BASE_TEST_ROOT_CERTS_H_ | |
| 6 #define NET_BASE_TEST_ROOT_CERTS_H_ | |
| 7 | |
| 8 #include "base/lazy_instance.h" | |
| 9 #include "base/memory/ref_counted.h" | |
| 10 #include "build/build_config.h" | |
| 11 #include "net/base/net_export.h" | |
| 12 | |
| 13 #if defined(USE_NSS) || defined(OS_IOS) | |
| 14 #include <list> | |
| 15 #elif defined(OS_WIN) | |
| 16 #include <windows.h> | |
| 17 #include <wincrypt.h> | |
| 18 #elif defined(OS_MACOSX) | |
| 19 #include <CoreFoundation/CFArray.h> | |
| 20 #include <Security/SecTrust.h> | |
| 21 #include "base/mac/scoped_cftyperef.h" | |
| 22 #endif | |
| 23 | |
| 24 namespace base { | |
| 25 class FilePath; | |
| 26 } | |
| 27 | |
| 28 namespace net { | |
| 29 | |
| 30 class X509Certificate; | |
| 31 | |
| 32 // TestRootCerts is a helper class for unit tests that is used to | |
| 33 // artificially mark a certificate as trusted, independent of the local | |
| 34 // machine configuration. | |
| 35 class NET_EXPORT_PRIVATE TestRootCerts { | |
| 36 public: | |
| 37 // Obtains the Singleton instance to the trusted certificates. | |
| 38 static TestRootCerts* GetInstance(); | |
| 39 | |
| 40 // Returns true if an instance exists, without forcing an initialization. | |
| 41 static bool HasInstance(); | |
| 42 | |
| 43 // Marks |certificate| as trusted for X509Certificate::Verify(). Returns | |
| 44 // false if the certificate could not be marked trusted. | |
| 45 bool Add(X509Certificate* certificate); | |
| 46 | |
| 47 // Reads a single certificate from |file| and marks it as trusted. Returns | |
| 48 // false if an error is encountered, such as being unable to read |file| | |
| 49 // or more than one certificate existing in |file|. | |
| 50 bool AddFromFile(const base::FilePath& file); | |
| 51 | |
| 52 // Clears the trusted status of any certificates that were previously | |
| 53 // marked trusted via Add(). | |
| 54 void Clear(); | |
| 55 | |
| 56 // Returns true if there are no certificates that have been marked trusted. | |
| 57 bool IsEmpty() const; | |
| 58 | |
| 59 #if defined(OS_MACOSX) && !defined(OS_IOS) | |
| 60 CFArrayRef temporary_roots() const { return temporary_roots_; } | |
| 61 | |
| 62 // Modifies the root certificates of |trust_ref| to include the | |
| 63 // certificates stored in |temporary_roots_|. If IsEmpty() is true, this | |
| 64 // does not modify |trust_ref|. | |
| 65 OSStatus FixupSecTrustRef(SecTrustRef trust_ref) const; | |
| 66 #elif defined(OS_WIN) | |
| 67 HCERTSTORE temporary_roots() const { return temporary_roots_; } | |
| 68 | |
| 69 // Returns an HCERTCHAINENGINE suitable to be used for certificate | |
| 70 // validation routines, or NULL to indicate that the default system chain | |
| 71 // engine is appropriate. The caller is responsible for freeing the | |
| 72 // returned HCERTCHAINENGINE. | |
| 73 HCERTCHAINENGINE GetChainEngine() const; | |
| 74 #endif | |
| 75 | |
| 76 private: | |
| 77 friend struct base::DefaultLazyInstanceTraits<TestRootCerts>; | |
| 78 | |
| 79 TestRootCerts(); | |
| 80 ~TestRootCerts(); | |
| 81 | |
| 82 // Performs platform-dependent initialization. | |
| 83 void Init(); | |
| 84 | |
| 85 #if defined(USE_NSS) || defined(OS_IOS) | |
| 86 // It is necessary to maintain a cache of the original certificate trust | |
| 87 // settings, in order to restore them when Clear() is called. | |
| 88 class TrustEntry; | |
| 89 std::list<TrustEntry*> trust_cache_; | |
| 90 #elif defined(OS_WIN) | |
| 91 HCERTSTORE temporary_roots_; | |
| 92 #elif defined(OS_MACOSX) | |
| 93 base::mac::ScopedCFTypeRef<CFMutableArrayRef> temporary_roots_; | |
| 94 #endif | |
| 95 | |
| 96 #if defined(OS_WIN) || defined(USE_OPENSSL) | |
| 97 // True if there are no temporarily trusted root certificates. | |
| 98 bool empty_; | |
| 99 #endif | |
| 100 | |
| 101 DISALLOW_COPY_AND_ASSIGN(TestRootCerts); | |
| 102 }; | |
| 103 | |
| 104 // Scoped helper for unittests to handle safely managing trusted roots. | |
| 105 class NET_EXPORT_PRIVATE ScopedTestRoot { | |
| 106 public: | |
| 107 ScopedTestRoot(); | |
| 108 // Creates a ScopedTestRoot that will adds|cert| to the TestRootCerts store. | |
| 109 explicit ScopedTestRoot(X509Certificate* cert); | |
| 110 ~ScopedTestRoot(); | |
| 111 | |
| 112 // Assigns |cert| to be the new test root cert. If |cert| is NULL, undoes | |
| 113 // any work the ScopedTestRoot may have previously done. | |
| 114 // If |cert_| contains a certificate (due to a prior call to Reset or due to | |
| 115 // a cert being passed at construction), the existing TestRootCerts store is | |
| 116 // cleared. | |
| 117 void Reset(X509Certificate* cert); | |
| 118 | |
| 119 private: | |
| 120 scoped_refptr<X509Certificate> cert_; | |
| 121 | |
| 122 DISALLOW_COPY_AND_ASSIGN(ScopedTestRoot); | |
| 123 }; | |
| 124 | |
| 125 } // namespace net | |
| 126 | |
| 127 #endif // NET_BASE_TEST_ROOT_CERTS_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 13006020:
net: extract net/cert out of net/base (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src