Index: net/cert/internal/trust_store.h |
diff --git a/net/cert/internal/trust_store.h b/net/cert/internal/trust_store.h |
index 0afbf9a425be72cedf2b92e3b69697175ca04973..57cc055732692aa607979e8f2ab67aa523dff8a0 100644 |
--- a/net/cert/internal/trust_store.h |
+++ b/net/cert/internal/trust_store.h |
@@ -5,12 +5,11 @@ |
#ifndef NET_CERT_INTERNAL_TRUST_STORE_H_ |
#define NET_CERT_INTERNAL_TRUST_STORE_H_ |
-#include <unordered_map> |
-#include <vector> |
- |
+#include "base/callback.h" |
#include "base/memory/ref_counted.h" |
-#include "base/strings/string_piece.h" |
#include "net/base/net_export.h" |
+#include "net/cert/internal/cert_issuer_source.h" |
+#include "net/cert/internal/completion_status.h" |
#include "net/cert/internal/parsed_certificate.h" |
namespace net { |
@@ -19,37 +18,43 @@ namespace der { |
class Input; |
} |
-// A very simple implementation of a TrustStore, which contains a set of |
-// trusted certificates. |
-// TODO(mattm): convert this into an interface, provide implementations that |
-// interface with OS trust store. |
-class NET_EXPORT TrustStore { |
+// The TrustStore provides an interface for retrieving trusted root certificates |
+// and for testing if an arbitrary certificate is trusted. |
+// |
+// XXX Having TrustStore inherit from CertIssuerSource makes some things cleaner |
+// (such as adding a truststore to the pathbuilder instance, but makes some |
+// things messier, such as TrustStoreCollection needing to also implement a |
+// CertIssuerSourceCollection.. thought that doesn't actually end up being too |
+// bad I guess since it can just delegate that to a CertIssuerSourceCollection |
+// member..) |
+// One alternative would be to have each concrete instance inherit from both |
+// TrustStore and CertIssuerSource, but then they need to be added to the |
+// pathbuilder twice (once as a TrustStore and once as a CertIssuerSource). |
+class NET_EXPORT TrustStore : public CertIssuerSource { |
public: |
- TrustStore(); |
- ~TrustStore(); |
- |
- // Empties the trust store, resetting it to original state. |
- void Clear(); |
- |
- // Adds a trusted certificate to the store. |
- void AddTrustedCertificate(scoped_refptr<ParsedCertificate> anchor); |
- |
- // Returns the trust anchors that match |name| in |*matches|, if any. |
- void FindTrustAnchorsByNormalizedName(const der::Input& normalized_name, |
- ParsedCertificateList* matches) const; |
- |
- // Returns true if |cert| matches a certificate in the TrustStore. |
- bool IsTrustedCertificate(const ParsedCertificate* cert) const |
- WARN_UNUSED_RESULT; |
- |
- private: |
- // Multimap from normalized subject -> ParsedCertificate. |
- std::unordered_multimap<base::StringPiece, |
- scoped_refptr<ParsedCertificate>, |
- base::StringPieceHash> |
- anchors_; |
- |
- DISALLOW_COPY_AND_ASSIGN(TrustStore); |
+ using TrustCallback = base::Callback<void(bool)>; |
+ |
+ class NET_EXPORT Request { |
+ public: |
+ Request() = default; |
+ // Destruction of the Request cancels it. |
+ virtual ~Request() = default; |
+ }; |
+ |
+ ~TrustStore() override = default; |
+ |
+ // Checks if |cert| is a trust anchor. |
+ // If the check is done synchronously, |*out_req| will be null and |
+ // |*out_trusted| will indicate if |cert| is trusted. |
+ // Otherwise, |out_req| will be filled with a Request and |callback| will be |
+ // called with a bool indicating if |cert| is trusted. If |*out_req| is |
+ // destroyed before the |callback| is run, it will cancel the check and |
+ // |callback| will not be run. |
+ virtual void IsTrustedCertificate( |
+ scoped_refptr<ParsedCertificate> cert, |
+ const TrustCallback& callback, |
+ bool* out_trusted, |
+ std::unique_ptr<Request>* out_req) const = 0; |
}; |
} // namespace net |