services/network/public/mojom/cert_verifier_service.mojom - chromium/src - Git at Google

 // Copyright 2020 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 module cert_verifier.mojom;

 import "mojo/public/mojom/base/big_buffer.mojom";
 import "services/network/public/mojom/network_param.mojom";
 import "services/network/public/mojom/url_loader_factory.mojom";

 // Mojo version of net::CertVerifier::RequestParams.
 struct RequestParams {
   network.mojom.X509Certificate certificate;
   string hostname;
   int32 flags;
   string ocsp_response;
   string sct_list;
 };

 // Temporary config struct--this should eventually be deleted as the network
 // service has no reason to know about this config.
 struct CertVerifierConfig {
   bool enable_rev_checking;
   bool require_rev_checking_local_anchors;
   bool enable_sha1_local_anchors;
   bool disable_symantec_enforcement;
   mojo_base.mojom.BigBuffer crl_set;
   array<network.mojom.X509Certificate> additional_trust_anchors;
   array<network.mojom.X509Certificate> additional_untrusted_authorities;
 };

 // Allows the CertVerifierService to connect a new URLLoaderFactory if its
 // existing URLLoaderFactory is disconnected. The CertVerifierService uses the
 // URLLoaderFactory for AIA and OCSP fetching.
 interface URLLoaderFactoryConnector {
   // Binds a URLLoaderFactory.
   CreateURLLoaderFactory(
       pending_receiver<network.mojom.URLLoaderFactory> url_loader_factory);
 };

 // An interface that verifies a certificate based on the |params|, and calls the
 // |Complete| method on the returned CertVerifierRequest when the result is
 // available.
 interface CertVerifierService {
   // |url_loader_factory| allows the CertVerifierService to connect to the
   // network for things like AIA or OCSP. |reconnector| allows the CertVerifier
   // to reconnect its URLLoaderFactory in case the network service disconnects
   // its URLLoaderFactories without crashing. Must be called before Verify() to
   // have an effect.
   EnableNetworkAccess(
       pending_remote<network.mojom.URLLoaderFactory> url_loader_factory,
       pending_remote<URLLoaderFactoryConnector>? reconnector);
   // Mojo IPC used to verify a certificate. Sends results to the
   // |cert_verifier_request| interface when verification is complete.
   Verify(RequestParams params,
          pending_remote<CertVerifierRequest> cert_verifier_request);
   // Sets the config for the underlying CertVerifier. Can serialize very large
   // net::CertVerifier::Config's due to the CRLSet.
   SetConfig(CertVerifierConfig config);
 };

 // An interface for a CertVerifierService to pass results to the client of the
 // service. If the client closes this request, that will imply cancellation of
 // the cert verification.
 interface CertVerifierRequest {
   // When the verification is complete, the CertVerifierService will pass the
   // verification result to this method, then immediately close its sending
   // pipe to this interface.
   Complete(network.mojom.CertVerifyResult result, int32 net_error);
 };
	// Copyright 2020 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	module cert_verifier.mojom;

	import "mojo/public/mojom/base/big_buffer.mojom";
	import "services/network/public/mojom/network_param.mojom";
	import "services/network/public/mojom/url_loader_factory.mojom";

	// Mojo version of net::CertVerifier::RequestParams.
	struct RequestParams {
	network.mojom.X509Certificate certificate;
	string hostname;
	int32 flags;
	string ocsp_response;
	string sct_list;
	};

	// Temporary config struct--this should eventually be deleted as the network
	// service has no reason to know about this config.
	struct CertVerifierConfig {
	bool enable_rev_checking;
	bool require_rev_checking_local_anchors;
	bool enable_sha1_local_anchors;
	bool disable_symantec_enforcement;
	mojo_base.mojom.BigBuffer crl_set;
	array<network.mojom.X509Certificate> additional_trust_anchors;
	array<network.mojom.X509Certificate> additional_untrusted_authorities;
	};

	// Allows the CertVerifierService to connect a new URLLoaderFactory if its
	// existing URLLoaderFactory is disconnected. The CertVerifierService uses the
	// URLLoaderFactory for AIA and OCSP fetching.
	interface URLLoaderFactoryConnector {
	// Binds a URLLoaderFactory.
	CreateURLLoaderFactory(
	pending_receiver<network.mojom.URLLoaderFactory> url_loader_factory);
	};

	// An interface that verifies a certificate based on the \|params\|, and calls the
	// \|Complete\| method on the returned CertVerifierRequest when the result is
	// available.
	interface CertVerifierService {
	// \|url_loader_factory\| allows the CertVerifierService to connect to the
	// network for things like AIA or OCSP. \|reconnector\| allows the CertVerifier
	// to reconnect its URLLoaderFactory in case the network service disconnects
	// its URLLoaderFactories without crashing. Must be called before Verify() to
	// have an effect.
	EnableNetworkAccess(
	pending_remote<network.mojom.URLLoaderFactory> url_loader_factory,
	pending_remote<URLLoaderFactoryConnector>? reconnector);
	// Mojo IPC used to verify a certificate. Sends results to the
	// \|cert_verifier_request\| interface when verification is complete.
	Verify(RequestParams params,
	pending_remote<CertVerifierRequest> cert_verifier_request);
	// Sets the config for the underlying CertVerifier. Can serialize very large
	// net::CertVerifier::Config's due to the CRLSet.
	SetConfig(CertVerifierConfig config);
	};

	// An interface for a CertVerifierService to pass results to the client of the
	// service. If the client closes this request, that will imply cancellation of
	// the cert verification.
	interface CertVerifierRequest {
	// When the verification is complete, the CertVerifierService will pass the
	// verification result to this method, then immediately close its sending
	// pipe to this interface.
	Complete(network.mojom.CertVerifyResult result, int32 net_error);
	};