| // Copyright 2020 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| module cert_verifier.mojom; |
| |
| import "mojo/public/mojom/base/big_buffer.mojom"; |
| import "services/network/public/mojom/network_param.mojom"; |
| import "services/network/public/mojom/url_loader_factory.mojom"; |
| |
| // Mojo version of net::CertVerifier::RequestParams. |
| struct RequestParams { |
| network.mojom.X509Certificate certificate; |
| string hostname; |
| int32 flags; |
| string ocsp_response; |
| string sct_list; |
| }; |
| |
| // Temporary config struct--this should eventually be deleted as the network |
| // service has no reason to know about this config. |
| struct CertVerifierConfig { |
| bool enable_rev_checking; |
| bool require_rev_checking_local_anchors; |
| bool enable_sha1_local_anchors; |
| bool disable_symantec_enforcement; |
| mojo_base.mojom.BigBuffer crl_set; |
| array<network.mojom.X509Certificate> additional_trust_anchors; |
| array<network.mojom.X509Certificate> additional_untrusted_authorities; |
| }; |
| |
| // Allows the CertVerifierService to connect a new URLLoaderFactory if its |
| // existing URLLoaderFactory is disconnected. The CertVerifierService uses the |
| // URLLoaderFactory for AIA and OCSP fetching. |
| interface URLLoaderFactoryConnector { |
| // Binds a URLLoaderFactory. |
| CreateURLLoaderFactory( |
| pending_receiver<network.mojom.URLLoaderFactory> url_loader_factory); |
| }; |
| |
| // An interface that verifies a certificate based on the |params|, and calls the |
| // |Complete| method on the returned CertVerifierRequest when the result is |
| // available. |
| interface CertVerifierService { |
| // |url_loader_factory| allows the CertVerifierService to connect to the |
| // network for things like AIA or OCSP. |reconnector| allows the CertVerifier |
| // to reconnect its URLLoaderFactory in case the network service disconnects |
| // its URLLoaderFactories without crashing. Must be called before Verify() to |
| // have an effect. |
| EnableNetworkAccess( |
| pending_remote<network.mojom.URLLoaderFactory> url_loader_factory, |
| pending_remote<URLLoaderFactoryConnector>? reconnector); |
| // Mojo IPC used to verify a certificate. Sends results to the |
| // |cert_verifier_request| interface when verification is complete. |
| Verify(RequestParams params, |
| pending_remote<CertVerifierRequest> cert_verifier_request); |
| // Sets the config for the underlying CertVerifier. Can serialize very large |
| // net::CertVerifier::Config's due to the CRLSet. |
| SetConfig(CertVerifierConfig config); |
| }; |
| |
| // An interface for a CertVerifierService to pass results to the client of the |
| // service. If the client closes this request, that will imply cancellation of |
| // the cert verification. |
| interface CertVerifierRequest { |
| // When the verification is complete, the CertVerifierService will pass the |
| // verification result to this method, then immediately close its sending |
| // pipe to this interface. |
| Complete(network.mojom.CertVerifyResult result, int32 net_error); |
| }; |