OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_INTERNAL_TRUST_STORE_H_ | 5 #ifndef NET_CERT_INTERNAL_TRUST_STORE_H_ |
6 #define NET_CERT_INTERNAL_TRUST_STORE_H_ | 6 #define NET_CERT_INTERNAL_TRUST_STORE_H_ |
7 | 7 |
8 #include <unordered_map> | 8 #include "base/callback.h" |
9 #include <vector> | |
10 | |
11 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
12 #include "base/strings/string_piece.h" | |
13 #include "net/base/net_export.h" | 10 #include "net/base/net_export.h" |
| 11 #include "net/cert/internal/cert_issuer_source.h" |
| 12 #include "net/cert/internal/completion_status.h" |
14 #include "net/cert/internal/parsed_certificate.h" | 13 #include "net/cert/internal/parsed_certificate.h" |
15 | 14 |
16 namespace net { | 15 namespace net { |
17 | 16 |
18 namespace der { | 17 namespace der { |
19 class Input; | 18 class Input; |
20 } | 19 } |
21 | 20 |
22 // A very simple implementation of a TrustStore, which contains a set of | 21 // The TrustStore provides an interface for retrieving trusted root certificates |
23 // trusted certificates. | 22 // and for testing if an arbitrary certificate is trusted. |
24 // TODO(mattm): convert this into an interface, provide implementations that | 23 // |
25 // interface with OS trust store. | 24 // XXX Having TrustStore inherit from CertIssuerSource makes some things cleaner |
26 class NET_EXPORT TrustStore { | 25 // (such as adding a truststore to the pathbuilder instance, but makes some |
| 26 // things messier, such as TrustStoreCollection needing to also implement a |
| 27 // CertIssuerSourceCollection.. thought that doesn't actually end up being too |
| 28 // bad I guess since it can just delegate that to a CertIssuerSourceCollection |
| 29 // member..) |
| 30 // One alternative would be to have each concrete instance inherit from both |
| 31 // TrustStore and CertIssuerSource, but then they need to be added to the |
| 32 // pathbuilder twice (once as a TrustStore and once as a CertIssuerSource). |
| 33 class NET_EXPORT TrustStore : public CertIssuerSource { |
27 public: | 34 public: |
28 TrustStore(); | 35 using TrustCallback = base::Callback<void(bool)>; |
29 ~TrustStore(); | |
30 | 36 |
31 // Empties the trust store, resetting it to original state. | 37 class NET_EXPORT Request { |
32 void Clear(); | 38 public: |
| 39 Request() = default; |
| 40 // Destruction of the Request cancels it. |
| 41 virtual ~Request() = default; |
| 42 }; |
33 | 43 |
34 // Adds a trusted certificate to the store. | 44 ~TrustStore() override = default; |
35 void AddTrustedCertificate(scoped_refptr<ParsedCertificate> anchor); | |
36 | 45 |
37 // Returns the trust anchors that match |name| in |*matches|, if any. | 46 // Checks if |cert| is a trust anchor. |
38 void FindTrustAnchorsByNormalizedName(const der::Input& normalized_name, | 47 // If the check is done synchronously, |*out_req| will be null and |
39 ParsedCertificateList* matches) const; | 48 // |*out_trusted| will indicate if |cert| is trusted. |
40 | 49 // Otherwise, |out_req| will be filled with a Request and |callback| will be |
41 // Returns true if |cert| matches a certificate in the TrustStore. | 50 // called with a bool indicating if |cert| is trusted. If |*out_req| is |
42 bool IsTrustedCertificate(const ParsedCertificate* cert) const | 51 // destroyed before the |callback| is run, it will cancel the check and |
43 WARN_UNUSED_RESULT; | 52 // |callback| will not be run. |
44 | 53 virtual void IsTrustedCertificate( |
45 private: | 54 scoped_refptr<ParsedCertificate> cert, |
46 // Multimap from normalized subject -> ParsedCertificate. | 55 const TrustCallback& callback, |
47 std::unordered_multimap<base::StringPiece, | 56 bool* out_trusted, |
48 scoped_refptr<ParsedCertificate>, | 57 std::unique_ptr<Request>* out_req) const = 0; |
49 base::StringPieceHash> | |
50 anchors_; | |
51 | |
52 DISALLOW_COPY_AND_ASSIGN(TrustStore); | |
53 }; | 58 }; |
54 | 59 |
55 } // namespace net | 60 } // namespace net |
56 | 61 |
57 #endif // NET_CERT_INTERNAL_TRUST_STORE_H_ | 62 #endif // NET_CERT_INTERNAL_TRUST_STORE_H_ |
OLD | NEW |