Chromium Code Reviews Chromium Code Reviews
Issue 137553004:
NSS Cros multiprofile: trust roots added by a profile shouldn't apply to other profiles. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_TEST_ROOT_CERTS_H_ | 5 #ifndef NET_CERT_TEST_ROOT_CERTS_H_ |
| 6 #define NET_CERT_TEST_ROOT_CERTS_H_ | 6 #define NET_CERT_TEST_ROOT_CERTS_H_ |
| 7 | 7 |
| 8 #include "base/lazy_instance.h" | 8 #include "base/lazy_instance.h" |
| 9 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
| 10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| 11 #include "net/base/net_export.h" | 11 #include "net/base/net_export.h" |
| 12 #include "net/cert/x509_certificate.h" | |
| 12 | 13 |
| 13 #if defined(USE_NSS) || defined(OS_IOS) | 14 #if defined(USE_NSS) || defined(OS_IOS) |
| 14 #include <list> | 15 #include <list> |
| 15 #elif defined(USE_OPENSSL) && !defined(OS_ANDROID) | 16 #elif defined(USE_OPENSSL) && !defined(OS_ANDROID) |
| 16 #include <vector> | 17 #include <vector> |
| 17 #elif defined(OS_WIN) | 18 #elif defined(OS_WIN) |
| 18 #include <windows.h> | 19 #include <windows.h> |
| 19 #include <wincrypt.h> | 20 #include <wincrypt.h> |
| 20 #elif defined(OS_MACOSX) | 21 #elif defined(OS_MACOSX) |
| 21 #include <CoreFoundation/CFArray.h> | 22 #include <CoreFoundation/CFArray.h> |
| 22 #include <Security/SecTrust.h> | 23 #include <Security/SecTrust.h> |
| 23 #include "base/mac/scoped_cftyperef.h" | 24 #include "base/mac/scoped_cftyperef.h" |
| 24 #endif | 25 #endif |
| 25 | 26 |
| 27 typedef struct CERTCertificateStr CERTCertificate; | |
| 28 | |
| 26 namespace base { | 29 namespace base { |
| 27 class FilePath; | 30 class FilePath; |
| 28 } | 31 } |
| 29 | 32 |
| 30 namespace net { | 33 namespace net { |
| 31 | 34 |
| 32 class X509Certificate; | |
| 33 | |
| 34 // TestRootCerts is a helper class for unit tests that is used to | 35 // TestRootCerts is a helper class for unit tests that is used to |
| 35 // artificially mark a certificate as trusted, independent of the local | 36 // artificially mark a certificate as trusted, independent of the local |
| 36 // machine configuration. | 37 // machine configuration. |
| 37 class NET_EXPORT_PRIVATE TestRootCerts { | 38 class NET_EXPORT TestRootCerts { |
| 38 public: | 39 public: |
| 39 // Obtains the Singleton instance to the trusted certificates. | 40 // Obtains the Singleton instance to the trusted certificates. |
| 40 static TestRootCerts* GetInstance(); | 41 static TestRootCerts* GetInstance(); |
| 41 | 42 |
| 42 // Returns true if an instance exists, without forcing an initialization. | 43 // Returns true if an instance exists, without forcing an initialization. |
| 43 static bool HasInstance(); | 44 static bool HasInstance(); |
| 44 | 45 |
| 45 // Marks |certificate| as trusted for X509Certificate::Verify(). Returns | 46 // Marks |certificate| as trusted for X509Certificate::Verify(). Returns |
| 46 // false if the certificate could not be marked trusted. | 47 // false if the certificate could not be marked trusted. |
| 47 bool Add(X509Certificate* certificate); | 48 bool Add(X509Certificate* certificate); |
| 48 | 49 |
| 49 // Reads a single certificate from |file| and marks it as trusted. Returns | 50 // Reads a single certificate from |file| and marks it as trusted. Returns |
| 50 // false if an error is encountered, such as being unable to read |file| | 51 // false if an error is encountered, such as being unable to read |file| |
| 51 // or more than one certificate existing in |file|. | 52 // or more than one certificate existing in |file|. |
| 52 bool AddFromFile(const base::FilePath& file); | 53 bool AddFromFile(const base::FilePath& file); |
| 53 | 54 |
| 54 // Clears the trusted status of any certificates that were previously | 55 // Clears the trusted status of any certificates that were previously |
| 55 // marked trusted via Add(). | 56 // marked trusted via Add(). |
| 56 void Clear(); | 57 void Clear(); |
| 57 | 58 |
| 58 // Returns true if there are no certificates that have been marked trusted. | 59 // Returns true if there are no certificates that have been marked trusted. |
| 59 bool IsEmpty() const; | 60 bool IsEmpty() const; |
| 60 | 61 |
| 61 #if defined(OS_MACOSX) && !defined(OS_IOS) | 62 #if defined(USE_NSS) || defined(OS_IOS) |
| 63 bool Contains(CERTCertificate* cert) const; | |
| 64 #elif defined(OS_MACOSX) && !defined(OS_IOS) | |
| 62 CFArrayRef temporary_roots() const { return temporary_roots_; } | 65 CFArrayRef temporary_roots() const { return temporary_roots_; } |
| 63 | 66 |
| 64 // Modifies the root certificates of |trust_ref| to include the | 67 // Modifies the root certificates of |trust_ref| to include the |
| 65 // certificates stored in |temporary_roots_|. If IsEmpty() is true, this | 68 // certificates stored in |temporary_roots_|. If IsEmpty() is true, this |
| 66 // does not modify |trust_ref|. | 69 // does not modify |trust_ref|. |
| 67 OSStatus FixupSecTrustRef(SecTrustRef trust_ref) const; | 70 OSStatus FixupSecTrustRef(SecTrustRef trust_ref) const; |
| 68 | 71 |
| 69 // Configures whether or not the default/system root store should also | 72 // Configures whether or not the default/system root store should also |
| 70 // be trusted. By default, this is true, indicating that the TestRootCerts | 73 // be trusted. By default, this is true, indicating that the TestRootCerts |
| 71 // are used in addition to OS trust store. | 74 // are used in addition to OS trust store. |
| 72 void SetAllowSystemTrust(bool allow_system_trust); | 75 void SetAllowSystemTrust(bool allow_system_trust); |
| 73 #elif defined(USE_OPENSSL) && !defined(OS_ANDROID) | 76 #elif defined(USE_OPENSSL) && !defined(OS_ANDROID) |
| 74 const std::vector<scoped_refptr<X509Certificate> >& | 77 const std::vector<scoped_refptr<X509Certificate> >& |
| 75 temporary_roots() const { return temporary_roots_; } | 78 temporary_roots() const { return temporary_roots_; } |
| 79 bool Contains(X509* cert) const; | |
|
Ryan Sleevi
2014/02/07 01:38:28
|X509| is not defined here. You need to forward de
mattm
2014/02/07 03:38:04
Oops, done.
| |
| 76 #elif defined(OS_WIN) | 80 #elif defined(OS_WIN) |
| 77 HCERTSTORE temporary_roots() const { return temporary_roots_; } | 81 HCERTSTORE temporary_roots() const { return temporary_roots_; } |
| 78 | 82 |
| 79 // Returns an HCERTCHAINENGINE suitable to be used for certificate | 83 // Returns an HCERTCHAINENGINE suitable to be used for certificate |
| 80 // validation routines, or NULL to indicate that the default system chain | 84 // validation routines, or NULL to indicate that the default system chain |
| 81 // engine is appropriate. The caller is responsible for freeing the | 85 // engine is appropriate. The caller is responsible for freeing the |
| 82 // returned HCERTCHAINENGINE. | 86 // returned HCERTCHAINENGINE. |
| 83 HCERTCHAINENGINE GetChainEngine() const; | 87 HCERTCHAINENGINE GetChainEngine() const; |
| 84 #endif | 88 #endif |
| 85 | 89 |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 131 | 135 |
| 132 private: | 136 private: |
| 133 scoped_refptr<X509Certificate> cert_; | 137 scoped_refptr<X509Certificate> cert_; |
| 134 | 138 |
| 135 DISALLOW_COPY_AND_ASSIGN(ScopedTestRoot); | 139 DISALLOW_COPY_AND_ASSIGN(ScopedTestRoot); |
| 136 }; | 140 }; |
| 137 | 141 |
| 138 } // namespace net | 142 } // namespace net |
| 139 | 143 |
| 140 #endif // NET_CERT_TEST_ROOT_CERTS_H_ | 144 #endif // NET_CERT_TEST_ROOT_CERTS_H_ |
| OLD | NEW |
