| // Copyright 2016 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef NET_CERT_INTERNAL_TRUST_STORE_H_ |
| #define NET_CERT_INTERNAL_TRUST_STORE_H_ |
| |
| #include <vector> |
| |
| #include "base/callback.h" |
| #include "base/memory/ref_counted.h" |
| #include "net/base/net_export.h" |
| #include "net/cert/internal/parsed_certificate.h" |
| |
| namespace net { |
| |
| namespace der { |
| class Input; |
| } |
| |
| // A TrustAnchor represents a trust anchor used during RFC 5280 path validation. |
| // |
| // At its core, each trust anchor has two parts: |
| // * Name |
| // * Public Key |
| // |
| // Optionally a trust anchor may contain: |
| // * An associated certificate (used when pretty-printing) |
| // * Mandatory trust anchor constraints |
| // |
| // Relationship between ParsedCertificate and TrustAnchor: |
| // |
| // For convenience trust anchors are often described using a |
| // (self-signed) certificate. TrustAnchor facilitates this by allowing |
| // construction of a TrustAnchor given a ParsedCertificate. |
| // |
| // When constructing a TrustAnchor from a certificate there are different |
| // interpretations for the meaning of properties other than the Subject and |
| // SPKI in the certificate. |
| // |
| // * CreateFromCertificateNoConstraints() -- Extracts the Subject and SPKI from |
| // the source certificate. ALL other information in the certificate is |
| // considered irrelevant during path validation. |
| // |
| // * CreateFromCertificateWithConstraints() -- Extracts the Subject and SPKI |
| // from the source certificate, and additionally interprets some properties of |
| // the source certificate as mandatory anchor constraints. |
| // |
| // Trust anchor constraints are described in more detail by RFC 5937. This |
| // implementation follows that description, and fixes |
| // "enforceTrustAnchorConstraints" to true. |
| class NET_EXPORT TrustAnchor : public base::RefCountedThreadSafe<TrustAnchor> { |
| public: |
| // Creates a TrustAnchor given a certificate. The ONLY parts of the |
| // certificate that are relevant to the resulting trust anchor are: |
| // |
| // * Subject |
| // * SPKI |
| // |
| // Everything else, including the source certiticate's expiration, basic |
| // constraints, policy constraints, etc is not used. |
| // |
| // This is the common interpretation for a trust anchor when given as a |
| // certificate. |
| static scoped_refptr<TrustAnchor> CreateFromCertificateNoConstraints( |
| scoped_refptr<ParsedCertificate> cert); |
| |
| // Creates a TrustAnchor given a certificate. The resulting trust anchor is |
| // initialized using the source certificate's subject and SPKI as usual, |
| // however other parts of the certificate are applied as anchor constraints. |
| // |
| // The implementation matches the properties identified by RFC 5937, |
| // resulting in the following hodgepodge of enforcement on the source |
| // certificate: |
| // |
| // * Signature: No |
| // * Validity (expiration): No |
| // * Key usage: No |
| // * Extended key usage: No |
| // * Basic constraints: Yes, but only the pathlen (CA=false is accepted) |
| // * Name constraints: Yes |
| // * Certificate policies: Not currently, TODO(crbug.com/634453) |
| // * inhibitAnyPolicy: Not currently, TODO(crbug.com/634453) |
| // * PolicyConstraints: Not currently, TODO(crbug.com/634452) |
| // |
| // The presence of any other unrecognized extension marked as critical fails |
| // validation. |
| static scoped_refptr<TrustAnchor> CreateFromCertificateWithConstraints( |
| scoped_refptr<ParsedCertificate> cert); |
| |
| der::Input spki() const; |
| der::Input normalized_subject() const; |
| |
| // Returns the optional certificate representing this trust anchor. |
| // In the current implementation it will never return nullptr... |
| // however clients should be prepared to handle this case. |
| const scoped_refptr<ParsedCertificate>& cert() const; |
| |
| // Returns true if the trust anchor has attached (mandatory) trust anchor |
| // constraints. This returns true when the anchor was constructed using |
| // CreateFromCertificateWithConstraints. |
| bool enforces_constraints() const { return enforces_constraints_; } |
| |
| private: |
| friend class base::RefCountedThreadSafe<TrustAnchor>; |
| TrustAnchor(scoped_refptr<ParsedCertificate>, bool enforces_constraints); |
| ~TrustAnchor(); |
| |
| scoped_refptr<ParsedCertificate> cert_; |
| bool enforces_constraints_ = false; |
| }; |
| |
| using TrustAnchors = std::vector<scoped_refptr<TrustAnchor>>; |
| |
| // Interface for finding trust anchors. |
| class NET_EXPORT TrustStore { |
| public: |
| class NET_EXPORT Request { |
| public: |
| Request(); |
| // Destruction of the Request cancels it. |
| virtual ~Request(); |
| }; |
| |
| TrustStore(); |
| virtual ~TrustStore(); |
| |
| using TrustAnchorsCallback = base::Callback<void(TrustAnchors)>; |
| |
| // Returns the trust anchors that match |cert|'s issuer name in |
| // |*synchronous_matches| and/or through |callback|. |cert| and |
| // |synchronous_matches| must not be null. |
| // |
| // If results are available synchronously, they will be appended to |
| // |*synchronous_matches|. |*synchronous_matches| will not be modified |
| // asynchronously. |
| // |
| // If |callback| is not null and results may be available asynchronously, |
| // |*out_req| will be filled with a Request, and |callback| will be called |
| // when results are available. The Request may be destroyed to cancel |
| // the callback if it has not occurred yet. |
| virtual void FindTrustAnchorsForCert( |
| const scoped_refptr<ParsedCertificate>& cert, |
| const TrustAnchorsCallback& callback, |
| TrustAnchors* synchronous_matches, |
| std::unique_ptr<Request>* out_req) const = 0; |
| |
| private: |
| DISALLOW_COPY_AND_ASSIGN(TrustStore); |
| }; |
| |
| } // namespace net |
| |
| #endif // NET_CERT_INTERNAL_TRUST_STORE_H_ |