| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef NET_CERT_NSS_CERT_DATABASE_H_ |
| #define NET_CERT_NSS_CERT_DATABASE_H_ |
| |
| #include <stdint.h> |
| |
| #include <string> |
| #include <vector> |
| |
| #include "base/callback_forward.h" |
| #include "base/macros.h" |
| #include "base/memory/ref_counted.h" |
| #include "base/memory/weak_ptr.h" |
| #include "base/strings/string16.h" |
| #include "crypto/scoped_nss_types.h" |
| #include "net/base/net_errors.h" |
| #include "net/base/net_export.h" |
| #include "net/cert/cert_type.h" |
| #include "net/cert/x509_certificate.h" |
| |
| namespace base { |
| template <class ObserverType> |
| class ObserverListThreadSafe; |
| class TaskRunner; |
| } |
| |
| namespace net { |
| |
| class CryptoModule; |
| typedef std::vector<scoped_refptr<CryptoModule> > CryptoModuleList; |
| |
| // Provides functions to manipulate the NSS certificate stores. |
| // Forwards notifications about certificate changes to the global CertDatabase |
| // singleton. |
| class NET_EXPORT NSSCertDatabase { |
| public: |
| class NET_EXPORT Observer { |
| public: |
| virtual ~Observer() {} |
| |
| // Will be called when a new certificate is added. |
| // Called with |cert| == NULL after importing a list of certificates |
| // in ImportFromPKCS12(). |
| virtual void OnCertAdded(const X509Certificate* cert) {} |
| |
| // Will be called when a certificate is removed. |
| virtual void OnCertRemoved(const X509Certificate* cert) {} |
| |
| // Will be called when a CA certificate is changed. |
| // Called with |cert| == NULL after importing a list of certificates |
| // in ImportCACerts(). |
| virtual void OnCACertChanged(const X509Certificate* cert) {} |
| |
| protected: |
| Observer() {} |
| |
| private: |
| DISALLOW_COPY_AND_ASSIGN(Observer); |
| }; |
| |
| // Stores per-certificate error codes for import failures. |
| struct NET_EXPORT ImportCertFailure { |
| public: |
| ImportCertFailure(const scoped_refptr<X509Certificate>& cert, int err); |
| ~ImportCertFailure(); |
| |
| scoped_refptr<X509Certificate> certificate; |
| int net_error; |
| }; |
| typedef std::vector<ImportCertFailure> ImportCertFailureList; |
| |
| // Constants that define which usages a certificate is trusted for. |
| // They are used in combination with CertType to specify trust for each type |
| // of certificate. |
| // For a CA_CERT, they specify that the CA is trusted for issuing server and |
| // client certs of each type. |
| // For SERVER_CERT, only TRUSTED_SSL makes sense, and specifies the cert is |
| // trusted as a server. |
| // For EMAIL_CERT, only TRUSTED_EMAIL makes sense, and specifies the cert is |
| // trusted for email. |
| // DISTRUSTED_* specifies that the cert should not be trusted for the given |
| // usage, regardless of whether it would otherwise inherit trust from the |
| // issuer chain. |
| // Use TRUST_DEFAULT to inherit trust as normal. |
| // NOTE: The actual constants are defined using an enum instead of static |
| // consts due to compilation/linkage constraints with template functions. |
| typedef uint32_t TrustBits; |
| enum { |
| TRUST_DEFAULT = 0, |
| TRUSTED_SSL = 1 << 0, |
| TRUSTED_EMAIL = 1 << 1, |
| TRUSTED_OBJ_SIGN = 1 << 2, |
| DISTRUSTED_SSL = 1 << 3, |
| DISTRUSTED_EMAIL = 1 << 4, |
| DISTRUSTED_OBJ_SIGN = 1 << 5, |
| }; |
| |
| typedef base::Callback<void(scoped_ptr<CertificateList> certs)> |
| ListCertsCallback; |
| |
| typedef base::Callback<void(bool)> DeleteCertCallback; |
| |
| // Creates a NSSCertDatabase that will store public information (such as |
| // certificates and trust records) in |public_slot|, and private information |
| // (such as keys) in |private_slot|. |
| // In general, code should avoid creating an NSSCertDatabase directly, |
| // as doing so requires making opinionated decisions about where to store |
| // data, and instead prefer to be passed an existing NSSCertDatabase |
| // instance. |
| // |public_slot| must not be NULL, |private_slot| can be NULL. Both slots can |
| // be identical. |
| NSSCertDatabase(crypto::ScopedPK11Slot public_slot, |
| crypto::ScopedPK11Slot private_slot); |
| virtual ~NSSCertDatabase(); |
| |
| // Get a list of unique certificates in the certificate database (one |
| // instance of all certificates). |
| // DEPRECATED by |ListCerts|. See http://crbug.com/340460. |
| virtual void ListCertsSync(CertificateList* certs); |
| |
| // Asynchronously get a list of unique certificates in the certificate |
| // database (one instance of all certificates). Note that the callback may be |
| // run even after the database is deleted. |
| virtual void ListCerts(const ListCertsCallback& callback); |
| |
| // Get a list of certificates in the certificate database of the given slot. |
| // Note that the callback may be run even after the database is deleted. |
| // Must be called on the IO thread and it calls |callback| on the IO thread. |
| // This does not block by retrieving the certs asynchronously on a worker |
| // thread. Never calls |callback| synchronously. |
| virtual void ListCertsInSlot(const ListCertsCallback& callback, |
| PK11SlotInfo* slot); |
| |
| #if defined(OS_CHROMEOS) |
| // Get the slot for system-wide key data. May be NULL if the system token was |
| // not explicitly set. |
| // Note: The System slot is set after the NSSCertDatabase is constructed and |
| // this call returns synchronously. Thus, it is possible to call this function |
| // before SetSystemSlot is called and get a NULL result. |
| // See https://crbug.com/399554 . |
| virtual crypto::ScopedPK11Slot GetSystemSlot() const; |
| #endif |
| |
| // Get the default slot for public key data. |
| crypto::ScopedPK11Slot GetPublicSlot() const; |
| |
| // Get the default slot for private key or mixed private/public key data. |
| // Can return NULL. |
| crypto::ScopedPK11Slot GetPrivateSlot() const; |
| |
| // Get the default module for public key data. |
| // The returned pointer must be stored in a scoped_refptr<CryptoModule>. |
| // DEPRECATED: use GetPublicSlot instead. |
| // TODO(mattm): remove usage of this method and remove it. |
| CryptoModule* GetPublicModule() const; |
| |
| // Get the default module for private key or mixed private/public key data. |
| // The returned pointer must be stored in a scoped_refptr<CryptoModule>. |
| // DEPRECATED: use GetPrivateSlot instead. |
| // TODO(mattm): remove usage of this method and remove it. |
| CryptoModule* GetPrivateModule() const; |
| |
| // Get all modules. |
| // If |need_rw| is true, only writable modules will be returned. |
| // TODO(mattm): come up with better alternative to CryptoModuleList. |
| virtual void ListModules(CryptoModuleList* modules, bool need_rw) const; |
| |
| // Import certificates and private keys from PKCS #12 blob into the module. |
| // If |is_extractable| is false, mark the private key as being unextractable |
| // from the module. |
| // Returns OK or a network error code such as ERR_PKCS12_IMPORT_BAD_PASSWORD |
| // or ERR_PKCS12_IMPORT_ERROR. |imported_certs|, if non-NULL, returns a list |
| // of certs that were imported. |
| int ImportFromPKCS12(CryptoModule* module, |
| const std::string& data, |
| const base::string16& password, |
| bool is_extractable, |
| CertificateList* imported_certs); |
| |
| // Export the given certificates and private keys into a PKCS #12 blob, |
| // storing into |output|. |
| // Returns the number of certificates successfully exported. |
| int ExportToPKCS12(const CertificateList& certs, |
| const base::string16& password, |
| std::string* output) const; |
| |
| // Uses similar logic to nsNSSCertificateDB::handleCACertDownload to find the |
| // root. Assumes the list is an ordered hierarchy with the root being either |
| // the first or last element. |
| // TODO(mattm): improve this to handle any order. |
| X509Certificate* FindRootInList(const CertificateList& certificates) const; |
| |
| // Import a user certificate. The private key for the user certificate must |
| // already be installed, otherwise we return ERR_NO_PRIVATE_KEY_FOR_CERT. |
| // Returns OK or a network error code. |
| int ImportUserCert(const std::string& data); |
| |
| // Import CA certificates. |
| // Tries to import all the certificates given. The root will be trusted |
| // according to |trust_bits|. Any certificates that could not be imported |
| // will be listed in |not_imported|. |
| // Returns false if there is an internal error, otherwise true is returned and |
| // |not_imported| should be checked for any certificates that were not |
| // imported. |
| bool ImportCACerts(const CertificateList& certificates, |
| TrustBits trust_bits, |
| ImportCertFailureList* not_imported); |
| |
| // Import server certificate. The first cert should be the server cert. Any |
| // additional certs should be intermediate/CA certs and will be imported but |
| // not given any trust. |
| // Any certificates that could not be imported will be listed in |
| // |not_imported|. |
| // |trust_bits| can be set to explicitly trust or distrust the certificate, or |
| // use TRUST_DEFAULT to inherit trust as normal. |
| // Returns false if there is an internal error, otherwise true is returned and |
| // |not_imported| should be checked for any certificates that were not |
| // imported. |
| bool ImportServerCert(const CertificateList& certificates, |
| TrustBits trust_bits, |
| ImportCertFailureList* not_imported); |
| |
| // Get trust bits for certificate. |
| TrustBits GetCertTrust(const X509Certificate* cert, CertType type) const; |
| |
| // IsUntrusted returns true if |cert| is specifically untrusted. These |
| // certificates are stored in the database for the specific purpose of |
| // rejecting them. |
| bool IsUntrusted(const X509Certificate* cert) const; |
| |
| // Set trust values for certificate. |
| // Returns true on success or false on failure. |
| bool SetCertTrust(const X509Certificate* cert, |
| CertType type, |
| TrustBits trust_bits); |
| |
| // Delete certificate and associated private key (if one exists). |
| // |cert| is still valid when this function returns. Returns true on |
| // success. |
| bool DeleteCertAndKey(X509Certificate* cert); |
| |
| // Like DeleteCertAndKey but does not block by running the removal on a worker |
| // thread. This must be called on IO thread and it will run |callback| on IO |
| // thread. Never calls |callback| synchronously. |
| void DeleteCertAndKeyAsync(const scoped_refptr<X509Certificate>& cert, |
| const DeleteCertCallback& callback); |
| |
| // Check whether cert is stored in a readonly slot. |
| bool IsReadOnly(const X509Certificate* cert) const; |
| |
| // Check whether cert is stored in a hardware slot. |
| bool IsHardwareBacked(const X509Certificate* cert) const; |
| |
| // Overrides task runner that's used for running slow tasks. |
| void SetSlowTaskRunnerForTest( |
| const scoped_refptr<base::TaskRunner>& task_runner); |
| |
| protected: |
| // Certificate listing implementation used by |ListCerts*| and |
| // |ListCertsSync|. Static so it may safely be used on the worker thread. |
| // If |slot| is NULL, obtains the certs of all slots, otherwise only of |
| // |slot|. |
| static void ListCertsImpl(crypto::ScopedPK11Slot slot, |
| CertificateList* certs); |
| |
| // Gets task runner that should be used for slow tasks like certificate |
| // listing. Defaults to a base::WorkerPool runner, but may be overriden |
| // in tests (see SetSlowTaskRunnerForTest). |
| scoped_refptr<base::TaskRunner> GetSlowTaskRunner() const; |
| |
| protected: |
| // Broadcasts notifications to all registered observers. |
| void NotifyObserversOfCertAdded(const X509Certificate* cert); |
| void NotifyObserversOfCertRemoved(const X509Certificate* cert); |
| void NotifyObserversOfCACertChanged(const X509Certificate* cert); |
| |
| private: |
| // Registers |observer| to receive notifications of certificate changes. The |
| // thread on which this is called is the thread on which |observer| will be |
| // called back with notifications. |
| // NOTE: Observers registered here will only receive notifications generated |
| // directly through the NSSCertDatabase, but not those from the CertDatabase. |
| // CertDatabase observers will receive all certificate notifications. |
| void AddObserver(Observer* observer); |
| |
| // Unregisters |observer| from receiving notifications. This must be called |
| // on the same thread on which AddObserver() was called. |
| void RemoveObserver(Observer* observer); |
| |
| // Notifies observers of the removal of |cert| and calls |callback| with |
| // |success| as argument. |
| void NotifyCertRemovalAndCallBack(scoped_refptr<X509Certificate> cert, |
| const DeleteCertCallback& callback, |
| bool success); |
| |
| // Certificate removal implementation used by |DeleteCertAndKey*|. Static so |
| // it may safely be used on the worker thread. |
| static bool DeleteCertAndKeyImpl(scoped_refptr<X509Certificate> cert); |
| |
| crypto::ScopedPK11Slot public_slot_; |
| crypto::ScopedPK11Slot private_slot_; |
| |
| // A helper observer that forwards events from this database to CertDatabase. |
| scoped_ptr<Observer> cert_notification_forwarder_; |
| |
| // Task runner that should be used in tests if set. |
| scoped_refptr<base::TaskRunner> slow_task_runner_for_test_; |
| |
| const scoped_refptr<base::ObserverListThreadSafe<Observer>> observer_list_; |
| |
| base::WeakPtrFactory<NSSCertDatabase> weak_factory_; |
| |
| DISALLOW_COPY_AND_ASSIGN(NSSCertDatabase); |
| }; |
| |
| } // namespace net |
| |
| #endif // NET_CERT_NSS_CERT_DATABASE_H_ |
