net/cert/internal/trust_store_features.h - chromium/src - Git at Google

 // Copyright 2023 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef NET_CERT_INTERNAL_TRUST_STORE_FEATURES_H_
 #define NET_CERT_INTERNAL_TRUST_STORE_FEATURES_H_

 #include "base/feature_list.h"
 #include "net/base/net_export.h"

 namespace net {

 // Returns true when platform TrustStore implementations should enforce
 // constraints encoded into X.509 certificate trust anchors.
 // When disabled, platform TrustStore implementations will not enforce anchor
 // constraints (other than expiry).
 // Has no effect if using a platform CertVerifyProc implementation.
 // TODO(https://crbug.com/1406103): remove this a few milestones after the
 // trust anchor constraints enforcement has been launched on all relevant
 // platforms.
 // Should only be called after base::Features have been resolved. Note that
 // using ScopedFeatureList to override this won't work properly in unittests,
 // use ScopedLocalAnchorConstraintsEnforcementForTesting instead. Using
 // ScopedFeatureList in browser_tests is fine.
 // It is safe to call this function on any thread.
 NET_EXPORT bool IsLocalAnchorConstraintsEnforcementEnabled();

 // Override the feature flag. Don't call this without consulting
 // net/cert/OWNERS.
 // It is safe to call this function on any thread.
 NET_EXPORT void SetLocalAnchorConstraintsEnforcementEnabled(bool enabled);

 // Temporarily change the SetLocalAnchorConstraintsEnforcementEnabled value,
 // resetting to the original value when destructed.
 class NET_EXPORT ScopedLocalAnchorConstraintsEnforcementForTesting {
  public:
   explicit ScopedLocalAnchorConstraintsEnforcementForTesting(bool enabled)
       : previous_value_(IsLocalAnchorConstraintsEnforcementEnabled()) {
     SetLocalAnchorConstraintsEnforcementEnabled(enabled);
   }

   ~ScopedLocalAnchorConstraintsEnforcementForTesting() {
     SetLocalAnchorConstraintsEnforcementEnabled(previous_value_);
   }

  private:
   const bool previous_value_;
 };

 namespace features {

 // Most code should not check this feature flag directly, instead use
 // IsLocalAnchorConstraintsEnforcementEnabled().
 NET_EXPORT BASE_DECLARE_FEATURE(kEnforceLocalAnchorConstraints);

 }  // namespace features

 }  // namespace net

 #endif  // NET_CERT_INTERNAL_TRUST_STORE_FEATURES_H_
	// Copyright 2023 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef NET_CERT_INTERNAL_TRUST_STORE_FEATURES_H_
	#define NET_CERT_INTERNAL_TRUST_STORE_FEATURES_H_

	#include "base/feature_list.h"
	#include "net/base/net_export.h"

	namespace net {

	// Returns true when platform TrustStore implementations should enforce
	// constraints encoded into X.509 certificate trust anchors.
	// When disabled, platform TrustStore implementations will not enforce anchor
	// constraints (other than expiry).
	// Has no effect if using a platform CertVerifyProc implementation.
	// TODO(https://crbug.com/1406103): remove this a few milestones after the
	// trust anchor constraints enforcement has been launched on all relevant
	// platforms.
	// Should only be called after base::Features have been resolved. Note that
	// using ScopedFeatureList to override this won't work properly in unittests,
	// use ScopedLocalAnchorConstraintsEnforcementForTesting instead. Using
	// ScopedFeatureList in browser_tests is fine.
	// It is safe to call this function on any thread.
	NET_EXPORT bool IsLocalAnchorConstraintsEnforcementEnabled();

	// Override the feature flag. Don't call this without consulting
	// net/cert/OWNERS.
	// It is safe to call this function on any thread.
	NET_EXPORT void SetLocalAnchorConstraintsEnforcementEnabled(bool enabled);

	// Temporarily change the SetLocalAnchorConstraintsEnforcementEnabled value,
	// resetting to the original value when destructed.
	class NET_EXPORT ScopedLocalAnchorConstraintsEnforcementForTesting {
	public:
	explicit ScopedLocalAnchorConstraintsEnforcementForTesting(bool enabled)
	: previous_value_(IsLocalAnchorConstraintsEnforcementEnabled()) {
	SetLocalAnchorConstraintsEnforcementEnabled(enabled);
	}

	~ScopedLocalAnchorConstraintsEnforcementForTesting() {
	SetLocalAnchorConstraintsEnforcementEnabled(previous_value_);
	}

	private:
	const bool previous_value_;
	};

	namespace features {

	// Most code should not check this feature flag directly, instead use
	// IsLocalAnchorConstraintsEnforcementEnabled().
	NET_EXPORT BASE_DECLARE_FEATURE(kEnforceLocalAnchorConstraints);

	} // namespace features

	} // namespace net

	#endif // NET_CERT_INTERNAL_TRUST_STORE_FEATURES_H_