1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_CERT_NSS_CERT_DATABASE_H_
6 #define NET_CERT_NSS_CERT_DATABASE_H_
11 #include "base/basictypes.h"
12 #include "base/callback_forward.h"
13 #include "base/memory/ref_counted.h"
14 #include "base/memory/weak_ptr.h"
15 #include "base/strings/string16.h"
16 #include "crypto/scoped_nss_types.h"
17 #include "net/base/net_errors.h"
18 #include "net/base/net_export.h"
19 #include "net/cert/cert_type.h"
20 #include "net/cert/x509_certificate.h"
25 template <class ObserverType
> class ObserverListThreadSafe
;
30 typedef std::vector
<scoped_refptr
<CryptoModule
> > CryptoModuleList
;
32 // Provides functions to manipulate the NSS certificate stores.
33 // Forwards notifications about certificate changes to the global CertDatabase
35 class NET_EXPORT NSSCertDatabase
{
37 class NET_EXPORT Observer
{
39 virtual ~Observer() {}
41 // Will be called when a new certificate is added.
42 // Called with |cert| == NULL after importing a list of certificates
43 // in ImportFromPKCS12().
44 virtual void OnCertAdded(const X509Certificate
* cert
) {}
46 // Will be called when a certificate is removed.
47 virtual void OnCertRemoved(const X509Certificate
* cert
) {}
49 // Will be called when a CA certificate is changed.
50 // Called with |cert| == NULL after importing a list of certificates
51 // in ImportCACerts().
52 virtual void OnCACertChanged(const X509Certificate
* cert
) {}
58 DISALLOW_COPY_AND_ASSIGN(Observer
);
61 // Stores per-certificate error codes for import failures.
62 struct NET_EXPORT ImportCertFailure
{
64 ImportCertFailure(const scoped_refptr
<X509Certificate
>& cert
, int err
);
67 scoped_refptr
<X509Certificate
> certificate
;
70 typedef std::vector
<ImportCertFailure
> ImportCertFailureList
;
72 // Constants that define which usages a certificate is trusted for.
73 // They are used in combination with CertType to specify trust for each type
75 // For a CA_CERT, they specify that the CA is trusted for issuing server and
76 // client certs of each type.
77 // For SERVER_CERT, only TRUSTED_SSL makes sense, and specifies the cert is
78 // trusted as a server.
79 // For EMAIL_CERT, only TRUSTED_EMAIL makes sense, and specifies the cert is
81 // DISTRUSTED_* specifies that the cert should not be trusted for the given
82 // usage, regardless of whether it would otherwise inherit trust from the
84 // Use TRUST_DEFAULT to inherit trust as normal.
85 // NOTE: The actual constants are defined using an enum instead of static
86 // consts due to compilation/linkage constraints with template functions.
87 typedef uint32 TrustBits
;
91 TRUSTED_EMAIL
= 1 << 1,
92 TRUSTED_OBJ_SIGN
= 1 << 2,
93 DISTRUSTED_SSL
= 1 << 3,
94 DISTRUSTED_EMAIL
= 1 << 4,
95 DISTRUSTED_OBJ_SIGN
= 1 << 5,
98 typedef base::Callback
<void(scoped_ptr
<CertificateList
> certs
)>
101 typedef base::Callback
<void(bool)> DeleteCertCallback
;
103 // Creates a NSSCertDatabase that will store public information (such as
104 // certificates and trust records) in |public_slot|, and private information
105 // (such as keys) in |private_slot|.
106 // In general, code should avoid creating an NSSCertDatabase directly,
107 // as doing so requires making opinionated decisions about where to store
108 // data, and instead prefer to be passed an existing NSSCertDatabase
110 // |public_slot| must not be NULL, |private_slot| can be NULL. Both slots can
112 NSSCertDatabase(crypto::ScopedPK11Slot public_slot
,
113 crypto::ScopedPK11Slot private_slot
);
114 virtual ~NSSCertDatabase();
116 // Get a list of unique certificates in the certificate database (one
117 // instance of all certificates).
118 // DEPRECATED by |ListCerts|. See http://crbug.com/340460.
119 virtual void ListCertsSync(CertificateList
* certs
);
121 // Asynchronously get a list of unique certificates in the certificate
122 // database (one instance of all certificates). Note that the callback may be
123 // run even after the database is deleted.
124 virtual void ListCerts(const ListCertsCallback
& callback
);
126 // Get a list of certificates in the certificate database of the given slot.
127 // Note that the callback may be run even after the database is deleted.
128 // Must be called on the IO thread and it calls |callback| on the IO thread.
129 // This does not block by retrieving the certs asynchronously on a worker
130 // thread. Never calls |callback| synchronously.
131 virtual void ListCertsInSlot(const ListCertsCallback
& callback
,
134 #if defined(OS_CHROMEOS)
135 // Get the slot for system-wide key data. May be NULL if the system token was
136 // not explicitly set.
137 // Note: The System slot is set after the NSSCertDatabase is constructed and
138 // this call returns synchronously. Thus, it is possible to call this function
139 // before SetSystemSlot is called and get a NULL result.
140 // See https://crbug.com/399554 .
141 virtual crypto::ScopedPK11Slot
GetSystemSlot() const;
144 // Get the default slot for public key data.
145 crypto::ScopedPK11Slot
GetPublicSlot() const;
147 // Get the default slot for private key or mixed private/public key data.
149 crypto::ScopedPK11Slot
GetPrivateSlot() const;
151 // Get the default module for public key data.
152 // The returned pointer must be stored in a scoped_refptr<CryptoModule>.
153 // DEPRECATED: use GetPublicSlot instead.
154 // TODO(mattm): remove usage of this method and remove it.
155 CryptoModule
* GetPublicModule() const;
157 // Get the default module for private key or mixed private/public key data.
158 // The returned pointer must be stored in a scoped_refptr<CryptoModule>.
159 // DEPRECATED: use GetPrivateSlot instead.
160 // TODO(mattm): remove usage of this method and remove it.
161 CryptoModule
* GetPrivateModule() const;
164 // If |need_rw| is true, only writable modules will be returned.
165 // TODO(mattm): come up with better alternative to CryptoModuleList.
166 virtual void ListModules(CryptoModuleList
* modules
, bool need_rw
) const;
168 // Import certificates and private keys from PKCS #12 blob into the module.
169 // If |is_extractable| is false, mark the private key as being unextractable
171 // Returns OK or a network error code such as ERR_PKCS12_IMPORT_BAD_PASSWORD
172 // or ERR_PKCS12_IMPORT_ERROR. |imported_certs|, if non-NULL, returns a list
173 // of certs that were imported.
174 int ImportFromPKCS12(CryptoModule
* module
,
175 const std::string
& data
,
176 const base::string16
& password
,
178 CertificateList
* imported_certs
);
180 // Export the given certificates and private keys into a PKCS #12 blob,
181 // storing into |output|.
182 // Returns the number of certificates successfully exported.
183 int ExportToPKCS12(const CertificateList
& certs
,
184 const base::string16
& password
,
185 std::string
* output
) const;
187 // Uses similar logic to nsNSSCertificateDB::handleCACertDownload to find the
188 // root. Assumes the list is an ordered hierarchy with the root being either
189 // the first or last element.
190 // TODO(mattm): improve this to handle any order.
191 X509Certificate
* FindRootInList(const CertificateList
& certificates
) const;
193 // Import CA certificates.
194 // Tries to import all the certificates given. The root will be trusted
195 // according to |trust_bits|. Any certificates that could not be imported
196 // will be listed in |not_imported|.
197 // Returns false if there is an internal error, otherwise true is returned and
198 // |not_imported| should be checked for any certificates that were not
200 bool ImportCACerts(const CertificateList
& certificates
,
201 TrustBits trust_bits
,
202 ImportCertFailureList
* not_imported
);
204 // Import server certificate. The first cert should be the server cert. Any
205 // additional certs should be intermediate/CA certs and will be imported but
206 // not given any trust.
207 // Any certificates that could not be imported will be listed in
209 // |trust_bits| can be set to explicitly trust or distrust the certificate, or
210 // use TRUST_DEFAULT to inherit trust as normal.
211 // Returns false if there is an internal error, otherwise true is returned and
212 // |not_imported| should be checked for any certificates that were not
214 bool ImportServerCert(const CertificateList
& certificates
,
215 TrustBits trust_bits
,
216 ImportCertFailureList
* not_imported
);
218 // Get trust bits for certificate.
219 TrustBits
GetCertTrust(const X509Certificate
* cert
, CertType type
) const;
221 // IsUntrusted returns true if |cert| is specifically untrusted. These
222 // certificates are stored in the database for the specific purpose of
224 bool IsUntrusted(const X509Certificate
* cert
) const;
226 // Set trust values for certificate.
227 // Returns true on success or false on failure.
228 bool SetCertTrust(const X509Certificate
* cert
,
230 TrustBits trust_bits
);
232 // Delete certificate and associated private key (if one exists).
233 // |cert| is still valid when this function returns. Returns true on
235 bool DeleteCertAndKey(X509Certificate
* cert
);
237 // Like DeleteCertAndKey but does not block by running the removal on a worker
238 // thread. This must be called on IO thread and it will run |callback| on IO
239 // thread. Never calls |callback| synchronously.
240 void DeleteCertAndKeyAsync(const scoped_refptr
<X509Certificate
>& cert
,
241 const DeleteCertCallback
& callback
);
243 // Check whether cert is stored in a readonly slot.
244 bool IsReadOnly(const X509Certificate
* cert
) const;
246 // Check whether cert is stored in a hardware slot.
247 bool IsHardwareBacked(const X509Certificate
* cert
) const;
249 // Overrides task runner that's used for running slow tasks.
250 void SetSlowTaskRunnerForTest(
251 const scoped_refptr
<base::TaskRunner
>& task_runner
);
254 // Certificate listing implementation used by |ListCerts*| and
255 // |ListCertsSync|. Static so it may safely be used on the worker thread.
256 // If |slot| is NULL, obtains the certs of all slots, otherwise only of
258 static void ListCertsImpl(crypto::ScopedPK11Slot slot
,
259 CertificateList
* certs
);
261 // Gets task runner that should be used for slow tasks like certificate
262 // listing. Defaults to a base::WorkerPool runner, but may be overriden
263 // in tests (see SetSlowTaskRunnerForTest).
264 scoped_refptr
<base::TaskRunner
> GetSlowTaskRunner() const;
267 // Registers |observer| to receive notifications of certificate changes. The
268 // thread on which this is called is the thread on which |observer| will be
269 // called back with notifications.
270 // NOTE: Observers registered here will only receive notifications generated
271 // directly through the NSSCertDatabase, but not those from the CertDatabase.
272 // CertDatabase observers will receive all certificate notifications.
273 void AddObserver(Observer
* observer
);
275 // Unregisters |observer| from receiving notifications. This must be called
276 // on the same thread on which AddObserver() was called.
277 void RemoveObserver(Observer
* observer
);
279 // Notifies observers of the removal of |cert| and calls |callback| with
280 // |success| as argument.
281 void NotifyCertRemovalAndCallBack(scoped_refptr
<X509Certificate
> cert
,
282 const DeleteCertCallback
& callback
,
285 // Broadcasts notifications to all registered observers.
286 void NotifyObserversOfCertAdded(const X509Certificate
* cert
);
287 void NotifyObserversOfCertRemoved(const X509Certificate
* cert
);
288 void NotifyObserversOfCACertChanged(const X509Certificate
* cert
);
290 // Certificate removal implementation used by |DeleteCertAndKey*|. Static so
291 // it may safely be used on the worker thread.
292 static bool DeleteCertAndKeyImpl(scoped_refptr
<X509Certificate
> cert
);
294 crypto::ScopedPK11Slot public_slot_
;
295 crypto::ScopedPK11Slot private_slot_
;
297 // A helper observer that forwards events from this database to CertDatabase.
298 scoped_ptr
<Observer
> cert_notification_forwarder_
;
300 // Task runner that should be used in tests if set.
301 scoped_refptr
<base::TaskRunner
> slow_task_runner_for_test_
;
303 const scoped_refptr
<ObserverListThreadSafe
<Observer
> > observer_list_
;
305 base::WeakPtrFactory
<NSSCertDatabase
> weak_factory_
;
307 DISALLOW_COPY_AND_ASSIGN(NSSCertDatabase
);
312 #endif // NET_CERT_NSS_CERT_DATABASE_H_