blob: a6181fa2c5d4cbb705cbf16a41bf5fc6fdb16d5a [file] [log] [blame]
// Copyright 2020 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
module cert_verifier.mojom;
import "mojo/public/mojom/base/big_buffer.mojom";
import "services/network/public/mojom/network_param.mojom";
import "services/network/public/mojom/url_loader_factory.mojom";
// Mojo version of net::CertVerifier::RequestParams.
struct RequestParams {
network.mojom.X509Certificate certificate;
string hostname;
int32 flags;
string ocsp_response;
string sct_list;
// Temporary config struct--this should eventually be deleted as the network
// service has no reason to know about this config.
struct CertVerifierConfig {
bool enable_rev_checking;
bool require_rev_checking_local_anchors;
bool enable_sha1_local_anchors;
bool disable_symantec_enforcement;
mojo_base.mojom.BigBuffer crl_set;
array<network.mojom.X509Certificate> additional_trust_anchors;
array<network.mojom.X509Certificate> additional_untrusted_authorities;
// Allows the CertVerifierService to connect a new URLLoaderFactory if its
// existing URLLoaderFactory is disconnected. The CertVerifierService uses the
// URLLoaderFactory for AIA and OCSP fetching.
interface URLLoaderFactoryConnector {
// Binds a URLLoaderFactory.
pending_receiver<network.mojom.URLLoaderFactory> url_loader_factory);
// An interface that verifies a certificate based on the |params|, and calls the
// |Complete| method on the returned CertVerifierRequest when the result is
// available.
interface CertVerifierService {
// |url_loader_factory| allows the CertVerifierService to connect to the
// network for things like AIA or OCSP. |reconnector| allows the CertVerifier
// to reconnect its URLLoaderFactory in case the network service disconnects
// its URLLoaderFactories without crashing. Must be called before Verify() to
// have an effect.
pending_remote<network.mojom.URLLoaderFactory> url_loader_factory,
pending_remote<URLLoaderFactoryConnector>? reconnector);
// Mojo IPC used to verify a certificate. Sends results to the
// |cert_verifier_request| interface when verification is complete.
Verify(RequestParams params,
pending_remote<CertVerifierRequest> cert_verifier_request);
// Sets the config for the underlying CertVerifier. Can serialize very large
// net::CertVerifier::Config's due to the CRLSet.
SetConfig(CertVerifierConfig config);
// An interface for a CertVerifierService to pass results to the client of the
// service. If the client closes this request, that will imply cancellation of
// the cert verification.
interface CertVerifierRequest {
// When the verification is complete, the CertVerifierService will pass the
// verification result to this method, then immediately close its sending
// pipe to this interface.
Complete(network.mojom.CertVerifyResult result, int32 net_error);